Henrik Kirchmann, Stephan A. Fahrenkrog-Petersen, Felix Mannhardt, Matthias Weidlich
{"title":"Control-flow Reconstruction Attacks on Business Process Models","authors":"Henrik Kirchmann, Stephan A. Fahrenkrog-Petersen, Felix Mannhardt, Matthias Weidlich","doi":"arxiv-2409.10986","DOIUrl":null,"url":null,"abstract":"Process models may be automatically generated from event logs that contain\nas-is data of a business process. While such models generalize over the\ncontrol-flow of specific, recorded process executions, they are often also\nannotated with behavioural statistics, such as execution frequencies.Based\nthereon, once a model is published, certain insights about the original process\nexecutions may be reconstructed, so that an external party may extract\nconfidential information about the business process. This work is the first to\nempirically investigate such reconstruction attempts based on process models.\nTo this end, we propose different play-out strategies that reconstruct the\ncontrol-flow from process trees, potentially exploiting frequency annotations.\nTo assess the potential success of such reconstruction attacks on process\nmodels, and hence the risks imposed by publishing them, we compare the\nreconstructed process executions with those of the original log for several\nreal-world datasets.","PeriodicalId":501278,"journal":{"name":"arXiv - CS - Software Engineering","volume":"18 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.10986","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Process models may be automatically generated from event logs that contain
as-is data of a business process. While such models generalize over the
control-flow of specific, recorded process executions, they are often also
annotated with behavioural statistics, such as execution frequencies.Based
thereon, once a model is published, certain insights about the original process
executions may be reconstructed, so that an external party may extract
confidential information about the business process. This work is the first to
empirically investigate such reconstruction attempts based on process models.
To this end, we propose different play-out strategies that reconstruct the
control-flow from process trees, potentially exploiting frequency annotations.
To assess the potential success of such reconstruction attacks on process
models, and hence the risks imposed by publishing them, we compare the
reconstructed process executions with those of the original log for several
real-world datasets.