Daniel Hofer, Markus Jäger, Aya Mohamed, Josef Küng,
"A study on time models in graph databases for security log analysis"
, in International Journal of Web Information Systems, Vol. 17, Nummer 5, Emerald Publishing, Seite(n) 427-448, 8-2021, ISSN: 1744-0084
A study on time models in graph databases for security log analysis
Sprache des Titels:
Purpose: For aiding computer security experts in their study, log files are a crucial piece of information. Especially the time domain is very important for us because in most cases, timestamps are the only linking points between events caused by attackers, faulty systems or simple errors and their corresponding entries in log files. With the idea of storing and analyzing this log information in graph databases, we need a suitable model to store and connect timestamps and their events. This paper aims to find and evaluate different approaches how to store timestamps in graph databases and their individual benefits and drawbacks. Design/methodology/approach: We analyse three different approaches, how timestamp information can be represented and stored in graph databases. For checking the models, we set up four typical questions that are important for log file analysis and tested them for each of the models. During the evaluation, we used the performance and other properties as metrics, how suitable each of the models is for representing the log files? timestamp information. In the last part, we try to improve one promising looking model. Findings: We come to the conclusion, that the simplest model with the least graph database-specific concepts in use is also the one yielding the simplest and fastest queries. Research limitations/implications: Limitations to this research are that only one graph database was studied and also improvements to the query engine might change future results. Originality/value: In the study, we addressed the issue of storing timestamps in graph databases in a meaningful, practical and efficient way. The results can be used as a pattern for similar scenarios and applications.