On Applying Graph Database Time Models for Security Log Analysis
Sprache des Vortragstitels:
Englisch
Original Tagungtitel:
The 7th International Conference on Future Data and Security Engineering
Sprache des Tagungstitel:
Englisch
Original Kurzfassung:
For aiding computer security experts in their work, log files are a crucial piece of information.
Especially the time domain is of interest, since sometimes, timestamps are the only linking points between associated events caused by attackers, faulty systems or similar.
With the idea of storing and analyzing log information in graph databases comes also the question, how to model the time aspect and in particular, how timestamps shall be stored and connected in a proper form.
This paper analyzes three different models in which time information extracted from log files can be represented in graph databases and how the data can be retrieved again in a form that is suitable for further analysis.
The first model resembles data stored in a relational database, while the second one enhances this approach by applying graph database specific amendments while the last model makes almost full use of a graph database's capabilities.
Hereby, the main focus points are laid on the queries for retrieving the data, their complexity, the expressiveness of the underlying data model and the suitability for usage in graph databases.
Sprache der Kurzfassung:
Englisch
Englischer Vortragstitel:
On Applying Graph Database Time Models for Security Log Analysis