Quotation Kurniawan, Kabul, Ekelhart, Andreas, Kiesling, Elmar, Quirchmayr, Gerald, Tjoa, A Min. 2021. Virtual Knowledge Graphs for Federated Log Analysis. In ICPS Proceedings, Hrsg. ARES 2021, 1-11. Wien: None.


RIS


BibTeX

Abstract

Security professionals rely extensively on log data to monitor IT infrastructures and investigate potentially malicious activities. Existing systems support these tasks by collecting log messages in a database, from where log events can be queried and correlated. Such centralized approaches are typically based on a relational model and store log messages as plain text, which offers limited flexibility for the representation of heterogeneous log events and the connections between them. A knowledge graph representation can overcome such limitations and enable graph pattern-based log analysis, leveraging semantic relationships between objects that appear in heterogeneous log streams. In this paper, we present a method to dynamically construct such log knowledge graphs at query time, i.e., without a priori parsing, aggregation, processing, and materialization of log data. Specifically, we propose a method that – for a given query formulated in SPARQL – dynamically constructs a virtual log knowledge graph directly from heterogeneous raw log files across multiple hosts and contextualizes the result with internal and external background knowledge. We evaluate the approach across multiple heterogeneous log sources and machines and see encouraging results that indicate that the approach is viable and facilitates ad-hoc graph-analytic queries in federated settings.

Tags

Press 'enter' for creating the tag

Publication's profile

Status of publication Published
Affiliation WU
Type of publication Contribution to conference proceedings
Language English
Title Virtual Knowledge Graphs for Federated Log Analysis
Title of whole publication ICPS Proceedings
Editor ARES 2021
Page from 1
Page to 11
Location Wien
Year 2021
URL https://dl.acm.org/doi/10.1145/3465481.3465767
Open Access N

Associations

Projects
Semantic Processing of Security Event Streams
People
Kurniawan, Kabul (Details)
Ekelhart, Andreas (Former researcher)
Kiesling, Elmar (Details)
Quirchmayr, Gerald (Former researcher)
Tjoa, A Min (Former researcher)
Organization
Institute for Data, Process and Knowledge Management (AE Polleres) (Details)
Research areas (ÖSTAT Classification 'Statistik Austria')
1109 Information and data processing (Details)
1925 Knowledge management (Details)
2953 Data security and data privacy (Details)
Google Scholar: Search