Kurniawan, Kabul, Ekelhart, Andreas, Kiesling, Elmar, Quirchmayr, Gerald, Tjoa, A Min. 2021. Virtual Knowledge Graphs for Federated Log Analysis. In ICPS Proceedings, Hrsg. ARES 2021, 1-11. Wien: None.
BibTeX
Abstract
Security professionals rely extensively on log data to monitor IT infrastructures and investigate potentially malicious activities. Existing systems support these tasks by collecting log messages in a database, from where log events can be queried and correlated. Such centralized approaches are typically based on a relational model and store log messages as plain text, which offers limited flexibility for the representation of heterogeneous log events and the connections between them. A knowledge graph representation can overcome such limitations and enable graph pattern-based log analysis, leveraging semantic relationships between objects that appear in heterogeneous log streams. In this paper, we present a method to dynamically construct such log knowledge graphs at query time, i.e., without a priori parsing, aggregation, processing, and materialization of log data. Specifically, we propose a method that – for a given query formulated in SPARQL – dynamically constructs a virtual log knowledge graph directly from heterogeneous raw log files across multiple hosts and contextualizes the result with internal and external background knowledge. We evaluate the approach across multiple heterogeneous log sources and machines and see encouraging results that indicate that the approach is viable and facilitates ad-hoc graph-analytic queries in federated settings.
Tags
Press 'enter' for creating the tagPublication's profile
Status of publication | Published |
---|---|
Affiliation | WU |
Type of publication | Contribution to conference proceedings |
Language | English |
Title | Virtual Knowledge Graphs for Federated Log Analysis |
Title of whole publication | ICPS Proceedings |
Editor | ARES 2021 |
Page from | 1 |
Page to | 11 |
Location | Wien |
Year | 2021 |
URL | https://dl.acm.org/doi/10.1145/3465481.3465767 |
Open Access | N |
Associations
- Projects
- Semantic Processing of Security Event Streams
- People
- Kurniawan, Kabul (Details)
- Ekelhart, Andreas (Former researcher)
- Kiesling, Elmar (Details)
- Quirchmayr, Gerald (Former researcher)
- Tjoa, A Min (Former researcher)
- Organization
- Institute for Data, Process and Knowledge Management (AE Polleres) (Details)
- Research areas (ÖSTAT Classification 'Statistik Austria')
- 1109 Information and data processing (Details)
- 1925 Knowledge management (Details)
- 2953 Data security and data privacy (Details)