Trace reconstruction in system logs for processing with process mining

Abstract

System logs contain information about the behavior of the system. To perform anomaly detection based on this log data, the normal behavior of the system must be learned. With process discovery a process model can be learned from log data. However, system logs do not fulfill the requirements that process discovery algorithms place on log data. To solve this problem, trace reconstruction is used to extract traces from the log data, which are then used for process discovery in a further step. This research proposal therefore proposes combining different methods for grouping log messages. A short experiment shows that the reconstruction of traces from simple log data is possible in principle.