Netidee Blog Bild
Virtual Knowledge Graphs for Federated Log Analysis (ARES Conference 2021)
Paper @ARES Conference 2021 (29.08.2021)
Förderjahr 2017 / Science Call #1 / ProjektID: / Projekt: SEPSES

We are happy that our paper titled “Virtual Knowledge Graphs for Federated Log Analysis” has been accepted at the ARES conference 2021.

The paper introduces a novel approach to dynamically construct virtual log knowledge graphs directly from heterogeneous raw log files across multiple hosts. It furthermore contextualizes the results with internal and external background knowledge to enrich the results.

This has the advantage that log files can remain on the respective hosts without a priori centralized aggregation, processing, and materialization of log data. Only upon queries, the relevant log data gets processed, combined and shipped to the analyst.

The architecture of the approach is visualized in the following figure:

VKG for federated log analysis

Our approach comprises two main components:

1.       Query Processor, a component that provides an interface to formulate SPARQL queries and distributes the queries among individual endpoints.

2.       Log Parser, a component on each host, which receives and translates queries, processes log data, and sends the results back to the Query Processor.

The following figure visualizes the query translation mechanism. A SPARQL query is translated and mapped to the respected log properties from a specific log source, host, and time range defined in the query.

VKG SPARQL translation

Next, as depicted in the figure below, the selected log lines/properties are parsed and mapped into RDF, based on the respected log vocabulary. The constructed RDF log graphs are enriched with background knowledge and compressed into a compact RDF format (i.e. HDT) for further processing.

 

rdf log graph construction

Our evaluation shows that the log processing time is primarily a function of the number of extracted (relevant) log lines and queried hosts. For future work, we plan to improve the query analysis and extend the approach for streaming scenarios.

 

Tags:

log analysis Security virtual knowledge graph semantics
CAPTCHA
Diese Frage dient der Überprüfung, ob Sie ein menschlicher Besucher sind und um automatisierten SPAM zu verhindern.

    Weitere Blogbeiträge

    Datenschutzinformation
    Der datenschutzrechtliche Verantwortliche (Internet Privatstiftung Austria - Internet Foundation Austria, Österreich) würde gerne mit folgenden Diensten Ihre personenbezogenen Daten verarbeiten. Dies ist für die Nutzung der Website nicht notwendig, ermöglicht aber eine noch engere Interaktion mit Ihnen. Falls gewünscht, treffen Sie bitte eine Auswahl: