Saved in:
Bibliographic Details
Main Authors: Grohs, Michael, Rebmann, Adrian, Rehse, Jana-Rebecca
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2505.22041
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910972665397248
author Grohs, Michael
Rebmann, Adrian
Rehse, Jana-Rebecca
author_facet Grohs, Michael
Rebmann, Adrian
Rehse, Jana-Rebecca
contents Conformance checking techniques detect undesired process behavior by comparing process executions that are recorded in event logs to desired behavior that is captured in a dedicated process model. If such models are not available, conformance checking techniques are not applicable, but organizations might still be interested in detecting undesired behavior in their processes. To enable this, existing approaches use Large Language Models (LLMs), assuming that they can learn to distinguish desired from undesired behavior through fine-tuning. However, fine-tuning is highly resource-intensive and the fine-tuned LLMs often do not generalize well. To address these limitations, we propose an approach that requires neither a dedicated process model nor resource-intensive fine-tuning to detect undesired process behavior. Instead, we use Retrieval Augmented Generation (RAG) to provide an LLM with direct access to a knowledge base that contains both desired and undesired process behavior from other processes, assuming that the LLM can transfer this knowledge to the process at hand. Our evaluation shows that our approach outperforms fine-tuned LLMs in detecting undesired behavior, demonstrating that RAG is a viable alternative to resource-intensive fine-tuning, particularly when enriched with relevant context from the event log, such as frequent traces and activities.
format Preprint
id arxiv_https___arxiv_org_abs_2505_22041
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Detecting Undesired Process Behavior by Means of Retrieval Augmented Generation
Grohs, Michael
Rebmann, Adrian
Rehse, Jana-Rebecca
Machine Learning
Conformance checking techniques detect undesired process behavior by comparing process executions that are recorded in event logs to desired behavior that is captured in a dedicated process model. If such models are not available, conformance checking techniques are not applicable, but organizations might still be interested in detecting undesired behavior in their processes. To enable this, existing approaches use Large Language Models (LLMs), assuming that they can learn to distinguish desired from undesired behavior through fine-tuning. However, fine-tuning is highly resource-intensive and the fine-tuned LLMs often do not generalize well. To address these limitations, we propose an approach that requires neither a dedicated process model nor resource-intensive fine-tuning to detect undesired process behavior. Instead, we use Retrieval Augmented Generation (RAG) to provide an LLM with direct access to a knowledge base that contains both desired and undesired process behavior from other processes, assuming that the LLM can transfer this knowledge to the process at hand. Our evaluation shows that our approach outperforms fine-tuned LLMs in detecting undesired behavior, demonstrating that RAG is a viable alternative to resource-intensive fine-tuning, particularly when enriched with relevant context from the event log, such as frequent traces and activities.
title Detecting Undesired Process Behavior by Means of Retrieval Augmented Generation
topic Machine Learning
url https://arxiv.org/abs/2505.22041