Secure Multi-Party Computation for Inter-Organizational Process Mining

TL;DR

This paper presents a secure multi-party computation approach for inter-organizational process mining that allows multiple parties to collaboratively analyze event logs without sharing sensitive data, using Sharemind and parallel processing techniques.

Contribution

It introduces a novel method for constructing process mining artifacts over distributed logs securely, addressing scalability issues with vectorization and divide-and-conquer strategies.

Findings

Effective in preserving data privacy across organizations

Scalable approach demonstrated on real-life logs

Parallel processing improves performance

Abstract

Process mining is a family of techniques for analysing business processes based on event logs extracted from information systems. Mainstream process mining tools are designed for intra-organizational settings, insofar as they assume that an event log is available for processing as a whole. The use of such tools for inter-organizational process analysis is hampered by the fact that such processes involve independent parties who are unwilling to, or sometimes legally prevented from, sharing detailed event logs with each other. In this setting, this paper proposes an approach for constructing and querying a common type of artifact used for process mining, namely the frequency and time-annotated Directly-Follows Graph (DFG), over multiple event logs belonging to different parties, in such a way that the parties do not share the event logs with each other. The proposal leverages an existing platform for secure multi-party computation, namely Sharemind. Since a direct implementation of DFG construction in Sharemind suffers from scalability issues, the paper proposes to rely on vectorization of event logs and to employ a divide-and-conquer scheme for parallel processing of sub-logs. The paper reports on an experimental evaluation that tests the scalability of the approach on real-life logs.