Quotation Ekelhart, Andreas, Kiesling, Elmar, Ekaputra, Fajar J. 2021. The SLOGERT Framework for Automated Log Knowledge Graph Construction. The Semantic Web. 12731 631-646.


RIS


BibTeX

Abstract

Log files are a vital source of information for keeping systems running and healthy. However, analyzing raw log data, i.e., textual records of system events, typically involves tedious searching for and inspecting clues, as well as tracing and correlating them across log sources. Existing log management solutions ease this process with efficient data collection, storage, and normalization mechanisms, but identifying and linking entities across log sources and enriching them with background knowledge is largely an unresolved challenge. To facilitate a knowledge-based approach to log analysis, this paper introduces SLOGERT, a flexible framework and workflow for automated construction of knowledge graphs from arbitrary raw log messages. At its core, it automatically identifies rich RDF graph modelling patterns to represent types of events and extracted parameters that appear in a log stream. We present the workflow, the developed vocabularies for log integration, and our prototypical implementation. To demonstrate the viability of this approach, we conduct a performance analysis and illustrate its application on a large public log dataset in the security domain.

Tags

Press 'enter' for creating the tag

Publication's profile

Status of publication Published
Affiliation WU
Type of publication Journal article
Journal Semantic Web
Citation Index SCI
WU-Journal-Rating new INF-A
Language English
Title The SLOGERT Framework for Automated Log Knowledge Graph Construction
Volume 12731
Year 2021
Page from 631
Page to 646
Reviewed? Y
URL https://link.springer.com/content/pdf/10.1007/978-3-030-77385-4_38
DOI http://dx.doi.org/10.1007/978-3-030-77385-4_38
Open Access N

Associations

Projects
Semantic Processing of Security Event Streams
People
Ekelhart, Andreas (Former researcher)
Kiesling, Elmar (Details)
External
Ekaputra, Fajar J. (TU Wien, Austria)
Organization
Institute for Data, Process and Knowledge Management (AE Polleres) (Details)
Research areas (Ă–STAT Classification 'Statistik Austria')
1109 Information and data processing (Details)
1122 Artificial intelligence (Details)
1147 IT security (Details)
2953 Data security and data privacy (Details)
Google Scholar: Search