Control-flow Reconstruction Attacks on Business Process Models

Henrik Kirchmann, Stephan A. Fahrenkrog-Petersen, Felix Mannhardt, Matthias Weidlich
{"title":"Control-flow Reconstruction Attacks on Business Process Models","authors":"Henrik Kirchmann, Stephan A. Fahrenkrog-Petersen, Felix Mannhardt, Matthias Weidlich","doi":"arxiv-2409.10986","DOIUrl":null,"url":null,"abstract":"Process models may be automatically generated from event logs that contain\nas-is data of a business process. While such models generalize over the\ncontrol-flow of specific, recorded process executions, they are often also\nannotated with behavioural statistics, such as execution frequencies.Based\nthereon, once a model is published, certain insights about the original process\nexecutions may be reconstructed, so that an external party may extract\nconfidential information about the business process. This work is the first to\nempirically investigate such reconstruction attempts based on process models.\nTo this end, we propose different play-out strategies that reconstruct the\ncontrol-flow from process trees, potentially exploiting frequency annotations.\nTo assess the potential success of such reconstruction attacks on process\nmodels, and hence the risks imposed by publishing them, we compare the\nreconstructed process executions with those of the original log for several\nreal-world datasets.","PeriodicalId":501278,"journal":{"name":"arXiv - CS - Software Engineering","volume":"18 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.10986","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Process models may be automatically generated from event logs that contain as-is data of a business process. While such models generalize over the control-flow of specific, recorded process executions, they are often also annotated with behavioural statistics, such as execution frequencies.Based thereon, once a model is published, certain insights about the original process executions may be reconstructed, so that an external party may extract confidential information about the business process. This work is the first to empirically investigate such reconstruction attempts based on process models. To this end, we propose different play-out strategies that reconstruct the control-flow from process trees, potentially exploiting frequency annotations. To assess the potential success of such reconstruction attacks on process models, and hence the risks imposed by publishing them, we compare the reconstructed process executions with those of the original log for several real-world datasets.
业务流程模型的控制流重构攻击
流程模型可以从包含业务流程现存数据的事件日志中自动生成。虽然这些模型概括了具体记录的流程执行的控制流,但它们通常也标注了行为统计数据,如执行频率。因此,一旦模型被发布,有关原始流程执行的某些见解就可能被重建,这样外部方就可以提取有关业务流程的机密信息。为此,我们提出了不同的播放策略,从流程树中重建控制流,并可能利用频率注释。为了评估这种对流程模型的重建攻击的潜在成功率,以及发布流程模型所带来的风险,我们比较了几个真实世界数据集的流程执行情况和原始日志的执行情况。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信