Accorsi, RafaelStocker, ThomasJung, ReinhardReichert, Manfred2018-10-112018-10-112013978-3-88579-616-9https://dl.gi.de/handle/20.500.12116/17247One difficulty at developing mechanisms for business process security monitoring and auditing is the lack of representative, controllably generated test runs to serve as an evaluation basis. This paper presents an approach and the corresponding tool support for event log synthesis. The novelty is that it considers the activity of an “attacker” able to purposefully infringe security and compliance requirements or simply manipulate the process' control and data flow, thereby creating deviations of the intended process model. The resulting logs can be readily replayed on a reference monitor, or serve as input for auditing tools based upon, e.g., process mining.enText/Conference Paper1617-5468