Anomaly Detection in Business Process Runtime Behavior -- Challenges and Limitations

Abstract: Anomaly detection is generally acknowledged as an important problem that has already drawn attention to various domains and research areas, such as, network security. For such "classic" application domains a wide range of surveys and literature reviews exist already - which is not the case for the process domain. Hence, this systematic literature review strives to provide an organized holistic view on research related to business process runtime behavior anomaly detection. For this the unique challenges of the process domain are outlined along with the nature of the analyzed data and data sources. Moreover, existing work is identified and categorized based on the underlying fundamental technology applied by each work. Furthermore, this work describes advantages and disadvantages of each identified approach. Based on these information limitations and gaps in existing research are identified and recommendations are proposed to tackle them. This work aims to foster the understanding and development of the process anomaly detection domain.