Trace Alignment Research Articles

A compliance assessment system for Incident Management process

The Incident Management (IM) process is one of the core activities for increasing the overall security level of organizations and better responding to cyber attacks. Different security frameworks (such as ITIL and ISO 27035) provide guidelines for designing and properly implementing an effective IM process. Currently, assessing the compliance of the actual process implemented by an organization with such frameworks is a complex task. The assessment is mainly manually performed and requires much effort in the analysis and evaluation. In this paper, we first propose a taxonomy of compliance deviations to classify and prioritize the impacts of non-compliant causes. We combine trace alignment techniques with a new proposed cost model for the analysis of process deviations rather than process traces to prioritize interventions. We put these contributions into use in a system that automatically assesses the IM process compliance with a reference process model (e.g., the one described in the chosen security framework). It supports the auditor with increased awareness of process issues to make more focused decisions and improve the process’s effectiveness. We propose a benchmark validation for the model, and we show the system’s capability through a usage scenario based on a publicly available dataset of a real IM log. The source code of all components, including the code used for benchmarking, is publicly available as open source on GitHub.

Large-Scale Multiple Sequence Alignment and the Maximum Weight Trace Alignment Merging Problem.

MAGUS is a recent multiple sequence alignment method that provides excellent accuracy on large challenging datasets. MAGUS uses divide-and-conquer: it divides the sequences into disjoint sets, computes alignments on the disjoint sets, and then merges the alignments using a technique it calls the Graph Clustering Method (GCM). To understand why MAGUS is so accurate, we show that GCM is a good heuristic for the NP-hard MWT-AM problem (Maximum Weight Trace, adapted to the Alignment Merging problem). Our study, using both biological and simulated data, establishes that MWT-AM scores correlate very well with alignment accuracy and presents improvements to GCM that are even better heuristics for MWT-AM. This study suggests a new direction for large-scale MSA estimation based on improved divide-and-conquer strategies, with the merging step based on optimizing MWT-AM. MAGUS and its enhanced versions are available at https://github.com/vlasmirnov/MAGUS.

A tool for declarative Trace Alignment via automated planning

A tool for declarative Trace Alignment via automated planning

Trace Alignment Preprocessing in Side-Channel Analysis Using the Adaptive Filter

Trace Alignment Preprocessing in Side-Channel Analysis Using the Adaptive Filter

Diving Wave Tomography: Velocity Modelling Using First Arrival Traveltime

In hydrocarbon exploration, information carried by diving waves and post-critical reflections that are used to reconstruct the long-to-intermediate wavelength of the subsurface is an integral part of successful velocity model building. Diving wave tomography (DWT) is one of the tools for shallow velocity assessment particularly when seismic data has poor signal-to-noise ratio (SNR) with complex geologic settings where no clear reflector is present. Considering the relationship between velocity with time and space, the output from tomography plays a crucial role to align data between time and depth domain and produce a reliable image of the deeper structure where hydrocarbon reservoir is typically located. In geophysics, tomography is primarily used to correct seismic trace alignment to produce a reliable stack section. In advanced imaging it is used as an initial model for waveform inversion in an integrated workflow. In the post-processing stage, it is used to correct the misfit between well logs and seismic data and is crucial for the quantitative analysis of rock physics. In this paper, we focus on tomography and its working principle on near-surface velocity modelling. We restricted our workflow to 2D synthetic data simulating the shallow gas occurrence that is prominent in the offshore Malay Basin to demonstrate how tomography works in velocity reconstruction. Results from synthetic and real data example shows that DWT can recover local large-scale structure and improved stacked data, considering no other seismic data and constraint from well data is included in the iterative process.

Maximal overlap discrete wavelet transform‐based power trace alignment algorithm against random delay countermeasure

Random delay countermeasures introduce random delays into the execution flow to break the synchronization and increase the complexity of the side channel attack. A novel method for attacking devices with random delay countermeasures has been proposed by using a maximal overlap discrete wavelet transform (MODWT)-based power trace alignment algorithm. Firstly, the random delay in the power traces is sensitized using MODWT to the captured power traces. Secondly, it is detected using the proposed random delay detection algorithm. Thirdly, random delays are removed by circular shifting in the wavelet domain, and finally, the power analysis attack is successfully mounted in the wavelet domain. Experimental validation of the proposed method with the National Institute of Standards and Technology certified Advanced Encryption Standard-128 cryptographic algorithm and the SAKURA-G platform showed a 7.5× reduction in measurements to disclosure and a 3.14× improvement in maximum correlation value when compared with similar works in the literature.

Methods and Analysis of Automated Trace Alignment Under Power Obfuscation in Side Channel Attacks

Methods and Analysis of Automated Trace Alignment Under Power Obfuscation in Side Channel Attacks

Fraud Audit Based on Visual Analysis: A Process Mining Approach

Among the knowledge areas in which process mining has had an impact, the audit domain is particularly striking. Traditionally, audits seek evidence in a data sample that allows making inferences about a population. Mistakes are usually committed when generalizing the results and anomalies; therefore, they appear in unprocessed sets; however, there are some efforts to address these limitations using process-mining-based approaches for fraud detection. To the best of our knowledge, no fraud audit method exists that combines process mining techniques and visual analytics to identify relevant patterns. This paper presents a fraud audit approach based on the combination of process mining techniques and visual analytics. The main advantages are: (i) a method is included that guides the use of the visual capabilities of process mining to detect fraud data patterns during an audit; (ii) the approach can be generalized to any business domain; (iii) well-known process mining techniques are used (dotted chart, trace alignment, fuzzy miner…). The techniques were selected by a group of experts and were extended to enable filtering for contextual analysis, to handle levels of process abstraction, and to facilitate implementation in the area of fraud audits. Based on the proposed approach, we developed a software solution that is currently being used in the financial sector as well as in the telecommunications and hospitality sectors. Finally, for demonstration purposes, we present a real hotel management use case in which we detected suspected fraud behaviors, thus validating the effectiveness of the approach.

Time-lapse ground penetrating radar difference reflection imaging of saline tracer flow in fractured rock

The characterization of flow and transport processes in fractured rock is challenging because they cannot be observed directly and hydrologic tests can only provide sparse and local data. Time-lapse ground penetrating radar (GPR) can be a valuable tool to monitor such processes in the subsurface, but it requires highly reproducible data. As part of a tracer injection experiment at the Grimsel Test Site (GTS) in Switzerland, borehole reflection GPR data were acquired in a time-lapse survey to monitor saline tracer flow through a fracture network in crystalline rock. Because the reflections from the tracer in the sub-mm fractures appear extremely weak, a differencing approach has been necessary to identify the tracer signal. Furthermore, several processing steps and corrections had to be applied to meet the reproducibility requirements. These steps include (1) single-trace preprocessing, (2) temporal trace alignment, (3) correction of sampling rate fluctuations, (4) spatial trace alignment, (5) spike removal, and (6) postprocessing procedures applied to the difference images. This allowed successful tracer propagation monitoring with a clear signal that revealed two separate tracer flow paths. The GPR results are confirmed by conductivity meters that were placed in boreholes in the GTS. If sufficient data processing is applied, GPR is shown to be capable of resolving tracer flow through sub-mm aperture fractures by difference reflection imaging even in challenging surroundings where many reflectors are present.

Explaining Regressions via Alignment Slicing and Mending

Regression faults, which make working code stop functioning, are often introduced when developers make changes to the software. Many regression fault localization techniques have been proposed. However, issues like inaccuracy and lack of explanation are still obstacles for their practical application. In this work, we propose a trace-based approach to identifying not only where the root cause of a regression bug lies, but also how the defect is propagated to its manifestation as the explanation. In our approach, we keep the trace of original correct version as reference and infer the faulty steps on the trace of regression version so that we can build a causality graph of how the defect is propagated. To this end, we overcomes two technical challenges. First, we align two traces derived from two program versions by extending state-of-the-art trace alignment technique for regression fault with novel relaxation technique. Second, we construct causality graph (i.e., explanation) by adopting a technique called <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">alignment slicing and mending</i> to isolate the failure-inducing changes and explain the failure. Our comparative experiment with the state-of-the-art techniques including dynamic slicing, delta-debugging, and symbolic execution on 24 real-world regressions shows that (1) our approach is more accurate on isolating the failure-inducing changes, (2) the generated explanation requires acceptable manual effort to inspect, and (3) our approach requires lower runtime overhead. In addition, we also conduct an applicability experiment based on Defects4J bug repository, showing the potential limitations of our trace-based approach and providing guidance for its practical use.

Control-flow analysis of procedural skills competencies in medical training through process mining

BackgroundProcedural skills are key to good clinical results, and training in them involves a significant amount of resources. Control-flow analysis (ie, the order in which a process is performed) can...

A Systematic Evaluation of Wavelet-Based Attack Framework on Random Delay Countermeasures

Random delay countermeasure is a commonly used defense against side-channel attacks, which brings certain interference and disturbance to those calculation sequences in the time domain. Data alignment and frequency attack are considered as typical techniques to counteract the random delay countermeasure. However, these attacks have limitations from the perspectives of both efficiency and performance. In comparison, facing those delays, wavelet analysis is considered as a more efficient technique due to its detailed and comprehensive interpretation of a signal. This paper applies different wavelet techniques to three attack components: noise reduction, trace alignment and key extraction. For the first time, the unified wavelet-based attack framework against random delays is proposed where wavelet analysis is fully applied in the entire attack life cycle. In particular, a novel method of trace alignment at the wavelet level is proposed in this framework, which is based on wavelet pattern detection to synchronize the misaligned power traces. Most importantly, the overall wavelet-based attack framework is systematically evaluated over three random delay strategies, after the respective contribution of each component is investigated through a series of comparative experiments. Experimental results show that the performance of the wavelet-based attack framework is significantly improved compared to standard attack procedures and frequency ones, which can be regarded as a unified and effective solution to conquer random delay countermeasures.

Stress Drops on the Blanco Oceanic Transform Fault from Interstation Phase Coherence

Oceanic transform faults display a wide range of earthquake stress drops, large aseismic slip, and along‐strike variation in seismic coupling. We use and further develop a phase coherence‐based method to calculate and analyze stress drops of 61 M≥5.0 events between 2000 and 2016 on the Blanco fault, off the coast of Oregon. With this method, we estimate earthquake rupture extents by examining how apparent source time functions (ASTFs) vary between stations. The variation is caused by the generation of seismic waves at different locations along the rupture, which arrive at different times depending on station location. We isolate ASTFs at a range of stations by comparing seismograms of collocated earthquakes and then use the interstation ASTF coherence to infer rupture extent and stress drop. We examine how our analysis is influenced by various factors, including poor trace alignment, relative earthquake locations, focal mechanism variation, azimuthal distribution of stations, and depth phase arrivals. We find that as alignment accuracy decreases or distance between earthquakes increases, coherence is reduced, but coherence is unaffected by focal mechanism variation or depth phase arrivals for our dataset. We calibrate the coherence–rupture extent relationship based on the azimuthal distribution of stations. We find the phase coherence method can be used to estimate stress drops for offshore earthquakes, but is limited to M≥5.0 earthquakes for the Blanco fault due to poor trace alignment accuracy. The median stress drop on the Blanco fault is 8 MPa (with 95% confidence limits of 6–12 MPa) for 61 earthquakes. Stress drops are a factor of 1.7 (95% confidence limits 0.8–3.5) lower on the more aseismic northwest segment of the Blanco fault. These lower stress drops could be linked to reduced healing time due to higher temperatures, which reduce the depth of the seismogenic zone and shorten the seismic cycle.

Warping least-squares inversion for 4D velocity change: Gulf of Mexico case study

We have developed a new trace-based, warping least-squares inversion method to quantify 4D velocity changes. There are two steps to solve for these velocity changes: (1) dynamic warping with phase constraints to align the baseline and monitor traces and (2) least-squares inversion for 4D velocity changes incorporating the time shifts and 4D amplitude differences (computed after trace alignment by warping). We have demonstrated this new inversion workflow using simple synthetic layered models. For the noise-free case, phase-constrained warping is superior to standard, amplitude-based warping by improving trace alignment, resulting in more accurate inverted velocity changes (less than 1% error). For synthetic data with 6% rms noise, inverted velocity changes are reasonably accurate (less than 10% error). Additional inversion tests with migrated finite-difference data shot over a realistic anticline model result in less than 10% error. The inverted velocity changes on a 4D field data set from the Gulf of Mexico are more interpretable and consistent with the dynamic reservoir model than those estimated from the conventional time-strain method.

A compositional framework for Boolean networks

Boolean networks are a widely used qualitative approach for modelling and analysing biological systems. However, their application is restricted by the well-known state space explosion problem which means that modelling large-scale, realistic biological systems is challenging. In this paper we set out to facilitate the construction and analysis of large scale biological models by developing a formal framework for the composition of Boolean networks. The compositional approach we present is based on merging entities between Boolean networks using a binary Boolean operator and we formalise the preservation of behaviour under composition using a notion of compatibility. We investigate characterising compatibility in terms of the composed models by developing a trace alignment property. In particular, we use a formalisation of the interference that can occur in a composed model to define an extended trace alignment property that we show completely characterises compatibility.

Improving CEMA using Correlation Optimization

Sensitive cryptographic information, e.g. AES secret keys, can be extracted from the electromagnetic (EM) leakages unintentionally emitted by a device using techniques such as Correlation Electromagnetic Analysis (CEMA). In this paper, we introduce Correlation Optimization (CO), a novel approach that improves CEMA attacks by formulating the selection of useful EM leakage samples in a trace as a machine learning optimization problem. To this end, we propose the correlation loss function, which aims to maximize the Pearson correlation between a set of EM traces and the true AES key during training. We show that CO works with high-dimensional and noisy traces, regardless of time-domain trace alignment and without requiring prior knowledge of the power consumption characteristics of the cryptographic hardware. We evaluate our approach using the ASCAD benchmark dataset and a custom dataset of EM leakages from an Arduino Duemilanove, captured with a USRP B200 SDR. Our results indicate that the masked AES implementation used in all three ASCAD datasets can be broken with a shallow Multilayer Perceptron model, whilst requiring only 1,000 test traces on average. A similar methodology was employed to break the unprotected AES implementation from our custom dataset, using 22,000 unaligned and unfiltered test traces.

Process-oriented Iterative Multiple Alignment for Medical Process Mining.

Adapted from biological sequence alignment, trace alignment is a process mining technique used to visualize and analyze workflow data. Any analysis done with this method, however, is affected by the alignment quality. The best existing trace alignment techniques use progressive guide-trees to heuristically approximate the optimal alignment in O(N2L2) time. These algorithms are heavily dependent on the selected guide-tree metric, often return sum-of-pairs-score-reducing errors that interfere with interpretation, and are computationally intensive for large datasets. To alleviate these issues, we propose process-oriented iterative multiple alignment (PIMA), which contains specialized optimizations to better handle workflow data. We demonstrate that PIMA is a flexible framework capable of achieving better sum-of-pairs score than existing trace alignment algorithms in only O(NL2) time. We applied PIMA to analyzing medical workflow data, showing how iterative alignment can better represent the data and facilitate the extraction of insights from data visualization.

Evaluation of Trace Alignment Quality and its Application in Medical Process Mining.

Trace alignment algorithms have been used in process mining for discovering the consensus treatment procedures and process deviations. Different alignment algorithms, however, may produce very different results. No widely-adopted method exists for evaluating the results of trace alignment. Existing reference-free evaluation methods cannot adequately and comprehensively assess the alignment quality. We analyzed and compared the existing evaluation methods, identifying their limitations, and introduced improvements in two reference-free evaluation methods. Our approach assesses the alignment result globally instead of locally, and therefore helps the algorithm to optimize overall alignment quality. We also introduced a novel metric to measure the alignment complexity, which can be used as a constraint on alignment algorithm optimization. We tested our evaluation methods on a trauma resuscitation dataset and provided the medical explanation of the activities and patterns identified as deviations using our proposed evaluation methods.

Medical Workflow Modeling Using Alignment-Guided State-Splitting HMM.

Process mining techniques have been used to discover and analyze workflows in various fields, ranging from business management to healthcare. Much of this research, however, has overlooked the potential of hidden Markov models (HMMs) for workflow discovery. We present a novel alignment-guided state-splitting HMM inference algorithm (AGSS) for discovering workflow models based on observed traces of process executions. We compared the AGSS to existing methods using four real-world medical workflow datasets and a more detailed case study on one of them. Our numerical results show that AGSS not only generates more accurate workflow models, but also better represents the underlying process. In addition, with trace alignment to guide state splitting, AGSS is significantly more efficient (by a factor of O(n)) than previous HMM inference algorithms. Our case study results show that our approach produces a more readable and accurate workflow model that existing algorithms. Comparing the discovered model to the hand-made expert model of the same process, we found three discrepancies. These three discrepancies were reconsidered by medical experts and used for enhancing the expert model.

On the Disruptive Effectiveness of Automated Planning for LTL&lt;i&gt;f&lt;/i&gt;-Based Trace Alignment

One major task in business process management is that of aligning real process execution traces to a process model by (minimally) introducing and eliminating steps. Here, we look at declarative process specifications expressed in Linear Temporal Logic on finite traces (LTLf). We provide a sound and complete technique to synthesize the alignment instructions relying on finite automata theoretic manipulations. Such a technique can be effectively implemented by using planning technology. Notably, the resulting planning-based alignment system significantly outperforms all current state-of-the-art ad-hoc alignment systems. We report an in-depth experimental study that supports this claim.