Daniel Hofer, Markus Jäger, Aya Mohamed, Josef Küng,
"On Applying Graph Database Time Models for Security Log Analysis"
, in Dang T.K., Küng J., Takizawa M., Chung T.M.: Future Data and Security Engineering, Serie Lecture Notes in Computer Science series (LNCS), Springer, Cham, Seite(n) 87-107, 2020
On Applying Graph Database Time Models for Security Log Analysis
Sprache des Titels:
Future Data and Security Engineering
For aiding computer security experts in their work, log files are a crucial piece of information.
Especially the time domain is of interest, since sometimes, timestamps are the only linking points between associated events caused by attackers, faulty systems or similar.
With the idea of storing and analyzing log information in graph databases comes also the question, how to model the time aspect and in particular, how timestamps shall be stored and connected in a proper form.
This paper analyzes three different models in which time information extracted from log files can be represented in graph databases and how the data can be retrieved again in a form that is suitable for further analysis.
The first model resembles data stored in a relational database, while the second one enhances this approach by applying graph database specific amendments while the last model makes almost full use of a graph database's capabilities.
Hereby, the main focus points are laid on the queries for retrieving the data, their complexity, the expressiveness of the underlying data model and the suitability for usage in graph databases.