On Applying Graph Database Time Models for Security Log Analysis

Daniel Hofer; Markus Jäger; Aya Mohamed; Josef Küng

doi:10.1007/978-3-030-63924-2_5

On Applying Graph Database Time Models for Security Log Analysis

Daniel Hofer
, Markus Jäger
, Aya Mohamed
, Josef Küng

Research output: Chapter in Book/Report/Conference proceeding › Conference proceedings › peer-review

Abstract

For aiding computer security experts in their work, log files are a crucial piece of information. Especially the time domain is of interest, since sometimes, timestamps are the only linking points between associated events caused by attackers, faulty systems or similar. With the idea of storing and analyzing log information in graph databases comes also the question, how to model the time aspect and in particular, how timestamps shall be stored and connected in a proper form. This paper analyzes three different models in which time information extracted from log files can be represented in graph databases and how the data can be retrieved again in a form that is suitable for further analysis. The first model resembles data stored in a relational database, while the second one enhances this approach by applying graph database specific amendments while the last model makes almost full use of a graph database's capabilities. Hereby, the main focus points are laid on the queries for retrieving the data, their complexity, the expressiveness of the underlying data model and the suitability for usage in graph databases.

Original language	English
Title of host publication	Future Data and Security Engineering
Editors	Dang T.K., Küng J., Takizawa M., Chung T.M.
Place of Publication	Cham
Publisher	Springer
Pages	87-107
Number of pages	21
DOIs	https://doi.org/10.1007/978-3-030-63924-2_5
Publication status	Published - 2020

Publication series

Name	Lecture Notes in Computer Science (LNCS)

Fields of science

202007 Computer integrated manufacturing (CIM)
102001 Artificial intelligence
102006 Computer supported cooperative work (CSCW)
102010 Database systems
102014 Information design
102015 Information systems
102016 IT security
102019 Machine learning
102022 Software development
102025 Distributed systems
102028 Knowledge engineering
102033 Data mining
102035 Data science
502007 E-commerce
505002 Data protection
506002 E-government
509018 Knowledge management

JKU Focus areas

Digital Transformation

Access to Document

10.1007/978-3-030-63924-2_5

Cite this

@inproceedings{3082b2c8ead44d659078aa6ab49d9162,

title = "On Applying Graph Database Time Models for Security Log Analysis",

abstract = "For aiding computer security experts in their work, log files are a crucial piece of information. Especially the time domain is of interest, since sometimes, timestamps are the only linking points between associated events caused by attackers, faulty systems or similar. With the idea of storing and analyzing log information in graph databases comes also the question, how to model the time aspect and in particular, how timestamps shall be stored and connected in a proper form. This paper analyzes three different models in which time information extracted from log files can be represented in graph databases and how the data can be retrieved again in a form that is suitable for further analysis. The first model resembles data stored in a relational database, while the second one enhances this approach by applying graph database specific amendments while the last model makes almost full use of a graph database's capabilities. Hereby, the main focus points are laid on the queries for retrieving the data, their complexity, the expressiveness of the underlying data model and the suitability for usage in graph databases.",

author = "Daniel Hofer and Markus J{\"a}ger and Aya Mohamed and Josef K{\"u}ng",

year = "2020",

doi = "10.1007/978-3-030-63924-2\_5",

language = "English",

series = "Lecture Notes in Computer Science (LNCS)",

publisher = "Springer",

pages = "87--107",

editor = "\{Dang T.K., K{\"u}ng J., Takizawa M., Chung T.M.\}",

booktitle = "Future Data and Security Engineering",

}

On Applying Graph Database Time Models for Security Log Analysis. / Hofer, Daniel; Jäger, Markus; Mohamed, Aya et al.
Future Data and Security Engineering. ed. / Dang T.K., Küng J., Takizawa M., Chung T.M. Cham: Springer, 2020. p. 87-107 (Lecture Notes in Computer Science (LNCS)).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceedings › peer-review

TY - GEN

T1 - On Applying Graph Database Time Models for Security Log Analysis

AU - Hofer, Daniel

AU - Jäger, Markus

AU - Mohamed, Aya

AU - Küng, Josef

PY - 2020

Y1 - 2020

N2 - For aiding computer security experts in their work, log files are a crucial piece of information. Especially the time domain is of interest, since sometimes, timestamps are the only linking points between associated events caused by attackers, faulty systems or similar. With the idea of storing and analyzing log information in graph databases comes also the question, how to model the time aspect and in particular, how timestamps shall be stored and connected in a proper form. This paper analyzes three different models in which time information extracted from log files can be represented in graph databases and how the data can be retrieved again in a form that is suitable for further analysis. The first model resembles data stored in a relational database, while the second one enhances this approach by applying graph database specific amendments while the last model makes almost full use of a graph database's capabilities. Hereby, the main focus points are laid on the queries for retrieving the data, their complexity, the expressiveness of the underlying data model and the suitability for usage in graph databases.

AB - For aiding computer security experts in their work, log files are a crucial piece of information. Especially the time domain is of interest, since sometimes, timestamps are the only linking points between associated events caused by attackers, faulty systems or similar. With the idea of storing and analyzing log information in graph databases comes also the question, how to model the time aspect and in particular, how timestamps shall be stored and connected in a proper form. This paper analyzes three different models in which time information extracted from log files can be represented in graph databases and how the data can be retrieved again in a form that is suitable for further analysis. The first model resembles data stored in a relational database, while the second one enhances this approach by applying graph database specific amendments while the last model makes almost full use of a graph database's capabilities. Hereby, the main focus points are laid on the queries for retrieving the data, their complexity, the expressiveness of the underlying data model and the suitability for usage in graph databases.

UR - https://www.scopus.com/pages/publications/85097425878

U2 - 10.1007/978-3-030-63924-2_5

DO - 10.1007/978-3-030-63924-2_5

M3 - Conference proceedings

T3 - Lecture Notes in Computer Science (LNCS)

SP - 87

EP - 107

BT - Future Data and Security Engineering

A2 - Dang T.K., Küng J., Takizawa M., Chung T.M., null

PB - Springer

CY - Cham

ER -

On Applying Graph Database Time Models for Security Log Analysis

Abstract

Publication series

Fields of science

JKU Focus areas

Access to Document

Other files and links

Cite this