Kurniawan, Kabul. 2018. Semantic Query Federation for Scalable Security Log Analysis. Lecture Notes in Computer Science (LNCS). 294-303.
BibTeX
Abstract
The digitalization of business processes increasingly exposes organizations to sophisticated cyber-security threats. To contain attacks and minimize their impact, it is essential to detect them early. To this end, it is necessary to analyze a wide range of log files that potentially provide clues about malicious activity. However, these logs are typically voluminous, heterogeneous, difficult to interpret, and stored in disparate locations, which makes it difficult to analyze them. Current approaches to analyze security logs mainly focus on regular expressions and statistical indicators and do not directly provide actionable insight to security analysts. To address these limitations, we propose a distributed approach that enables semantic querying of dispersed log sources in large-scale infrastructures. To automatically integrate and reason about security log information, we will leverage linked data technologies and state-of-the-art federated query processing systems. In this proposal, we discuss the research problem, methodology, approach and evaluation plan for scalable federated semantic security log analysis.
Tags
Press 'enter' for creating the tagPublication's profile
Status of publication | Published |
---|---|
Affiliation | External |
Type of publication | Journal article |
Journal | Lecture Notes in Computer Science (LNCS) |
WU-Journal-Rating new | STRAT-C |
Language | English |
Title | Semantic Query Federation for Scalable Security Log Analysis |
Year | 2018 |
Page from | 294 |
Page to | 303 |
Reviewed? | Y |
URL | http://link.springer.com/content/pdf/10.1007/978-3-319-98192-5_48 |
DOI | http://dx.doi.org/10.1007/978-3-319-98192-5_48 |
Open Access | N |
Associations
- People
- Kurniawan, Kabul (Details)
- Organization
- Institute for Data, Process and Knowledge Management (AE Polleres) (Details)
- Research areas (Ă–STAT Classification 'Statistik Austria')
- 1109 Information and data processing (Details)
- 1925 Knowledge management (Details)
- 2953 Data security and data privacy (Details)