Enterprise AI Analysis
Explainable Multi-perspective Business Process Anomaly Detection Method Based on Graph Neural Networks
Published: 10 March 2026
Anomalies in business processes can lead to significant losses, making timely detection and handling of these anomalies essential for business process management and optimization. Although current methods in business processes might uncover abnormal cases or attributes in logs, they fail to provide adequate explanations for the anomalies detected. To enable reliable detection, a multi-perspective anomaly detection and explanation method for business processes based on graph neural networks is proposed. Firstly, a graph structure is constructed to reveal the dependencies between various attributes. On this basis, a multiple-graph neural network predictor is trained to predict each attribute of the next event separately. Then, according to the probability distribution of the prediction results, the anomaly score is calculated, and the anomalous attributes and cases are identified. In addition, when an anomaly is detected, a relevance score is assigned to the event attributes in the prefix trace. This score explains the rationale for anomaly detection. The experimental results demonstrate the method's efficacy in detecting anomalies in business processes, providing practical explanations, and enhancing the transparency and credibility of the model.
By: WEI BAO, KE LU, XIANWEN FANG, XIWEI ZHANG
Quantifiable Impact for Your Business
This research demonstrates tangible improvements in anomaly detection and explainability, crucial for robust business process management.
0
Total Citations
100
Total Downloads
Multi-perspective Graph Construction
Leverages both attribute-level and structural information from event logs, providing a comprehensive view of dependencies critical for accurate anomaly detection in complex business processes.
GNN-Based Attribute Anomaly Detection
Designed to detect attribute-level anomalies by weighting event attributes differently during prediction, ensuring granular insight into abnormal behaviors and supporting subsequent explanation.
Interpretable Relevance Scoring
Introduces a mechanism that reveals each event attribute's contribution to prediction, enabling clear, actionable explanations for detected anomalies and enhancing model transparency.
Deep Analysis & Enterprise Applications
Select a topic to dive deeper, then explore the specific findings from the research, rebuilt as interactive, enterprise-focused modules.
Applied Computing: Business Process Management
Anomaly detection in business processes is crucial for management and optimization, preventing risks and losses. Traditional model-aware methods rely on predefined or mined process models, which can be rigid or suffer from log quality issues. Model-agnostic methods, including distance-based, information-theoretic, and machine learning approaches, have emerged but often lack attribute-level detection. This research focuses on addressing these limitations by integrating structural and attribute-level information for comprehensive anomaly detection.
Computing Methodologies: Machine Learning Approaches & Neural Networks
The method leverages Graph Neural Networks (GNNs), specifically Gated Graph Sequence Neural Networks (GGNN), to model complex dependencies within event logs. Unlike traditional deep learning models, GNN-EMBA predicts next event attribute values by capturing structural information, enhancing anomaly detection accuracy. The model uses graph convolution layers for node representation updates and an aggregation layer with relevance scores for final predictions.
Security and Privacy: Intrusion/Anomaly Detection
This research introduces a multi-perspective anomaly detection method for business processes. Anomalies are identified by comparing predicted attribute probabilities with actual values, yielding an anomaly score. Events and cases with scores exceeding a threshold are flagged as anomalous. Importantly, the method provides explainability by assigning relevance scores to event attributes in the prefix trace, indicating their contribution to anomaly detection, thereby increasing transparency and trust.
Enterprise Process Flow: GNN-EMBA Architecture
Event Log Preprocessing
→
Graph Neural Network Predictor
→
Anomaly Score Calculator
→
Relevance Score Calculator
| Category | Related Works | Detection Level | Process Guidance | Predefined Model | Explainability |
|---|---|---|---|---|---|
| Model-aware (Conformance checking) | [25, 27] | Case-level only | ✓ (process model) | X | ✔(model deviation) |
| Model-agnostic (distance/info/ML-based) | [8, 11, 28, 33, 34] | Case-level only | X | X | X |
| Deep learning (Reconstruction, Prediction) | [4, 6, 12-14, 19-22, 29, 35] | Case-level and attribute-level | X | X | X |
| GNN-EMBA | - | Case-level and attribute-level | ✔(structural process information) | ✔ | ✔(relevance scores) |
Case Study: Explainable Anomaly Detection in Practice
The GNN-EMBA method provides explainability in anomaly detection by calculating relevance scores for each event attribute in the prefix trace, showing which information the model relied on. For instance, in a 'Skip' anomaly case, the 'Approve' activity might have a high relevance score, indicating its critical role in the prediction that 'Request Payment' should follow. Similarly, anomaly scores highlight specific anomalous attributes within events, such as a high score for an incorrect 'Role' attribute in a data flow anomaly. This dual approach of relevance and anomaly scores helps users understand the 'why' behind detected anomalies.
This allows for more targeted intervention and process optimization, moving beyond simple detection to providing actionable insights for business users.
Calculate Your Potential AI ROI
Estimate the efficiency gains and cost savings your enterprise could achieve by implementing advanced anomaly detection.
Estimated Annual Savings
$-
Hours Reclaimed Annually
-
Your AI Implementation Roadmap
A structured approach to integrating advanced AI into your business processes, ensuring seamless deployment and maximum impact.
Phase 1: Discovery & Strategy
Comprehensive assessment of current processes, data infrastructure, and business objectives to define AI strategy and potential use cases. Data readiness evaluation and initial model scoping.
Phase 2: Pilot Program Development
Design and development of a pilot AI solution, including data preparation, model training, and integration with existing systems. Focus on key performance indicators and a controlled environment.
Phase 3: Deployment & Integration
Full-scale deployment of the AI solution across relevant business units. Seamless integration with enterprise systems, user training, and establishment of monitoring frameworks.
Phase 4: Optimization & Scaling
Continuous monitoring, performance tuning, and iterative improvements based on real-world feedback. Expansion of AI capabilities to new areas and ongoing support.
Ready to Transform Your Enterprise?
Connect with our AI specialists to explore how explainable anomaly detection can drive efficiency and innovation in your business.
Ready to Get Started?
Book Your Free Consultation.
Let's Discuss Your AI Strategy!
Lets Discuss Your Needs
Select a Date
Sun
Mon
Tue
Wed
Thu
Fri
Sat