File activity graph example
Semantic Integration and Monitoring of File System Activity (Semantics 2019)
Semantics 2019 - Poster & Demo Session (14.08.2019)
Förderjahr 2017 / Science Call #1 / ProjektID: / Projekt: SEPSES

At the Semantics conference Poster & Demo Session in September in Karlsruhe, we will present our preliminary results on a semantic approach for monitoring file system activity. File access activity information is an important source for identifying unauthorized data transmissions. We tackle limitations of existing monitoring approaches in terms of semantic integration, contextualization, and cross-system interoperability. In particular, we defined a vocabulary for file activity logs and outline an architecture for log file collection, extraction, linking, and storage. We demonstrate the applicability of this approach by means of an application scenario. Finally, we show how analysts can inspect the life-cycle of files in a context-rich manner by means of SPARQL queries and a graph visualization of the results.

As an example, after collecting and integrating file events, a SPARQL query can be used to inspect the life-cycle of a specific file:

Query

The result is illustrated in the table below:

Log events

Finally, we can display the data in a graph representation:

Graph visualization

Tags:

Security semantics

Andreas Ekelhart

Male avatar
Andreas is a researcher at TU Wien and SBA Research. His main research interests include semantic applications and applied concepts of IT security with a focus on information security risk management.

Skills:

IT Security
,
Semantic applications
,
Programming
,
Simulation
,
Attacker modeling
,
Ontologies
CAPTCHA
Diese Frage dient der Überprüfung, ob Sie ein menschlicher Besucher sind und um automatisierten SPAM zu verhindern.

    Weitere Blogbeiträge