VloGraph: A Virtual Knowledge Graph Framework for Distributed Security Log Analysis

VloGraph: A Virtual Knowledge Graph Framework for Distributed Security Log Analysis

Abstract

The integration of heterogeneous and weakly linked log data poses a major challenge in many log-analytic applications. Knowledge graphs (KGs) can facilitate such integration by providing a versatile representation that can interlink objects of interest and enrich log events with background knowledge. Furthermore, graph-pattern based query languages, such as SPARQL, can support rich log analyses by leveraging semantic relationships between objects in heterogeneous log streams. Constructing, materializing, and maintaining centralized log knowledge graphs, however, poses significant challenges. To tackle this issue, we propose VloGraph—a distributed and virtualized alternative to centralized log knowledge graph construction. The proposed approach does not involve any a priori parsing, aggregation, and processing of log data, but dynamically constructs a virtual log KG from heterogeneous raw log sources across multiple hosts. To explore the feasibility of this approach, we developed a prototype and demonstrate its applicability to three scenarios. Furthermore, we evaluate the approach in various experimental settings with multiple heterogeneous log sources and machines; the encouraging results from this evaluation suggest that the approach can enable efficient graph-based ad-hoc log analyses in federated settings.

Grafik Top
Additional Information

This article belongs to the Special Issue Selected Papers from CD-MAKE 2021 and ARES 2021.

Grafik Top
Authors
  • Kurniawan, Kabul
  • Ekelhart, Andreas
  • Kiesling, Elmar
  • Winkler, Dietmar
  • Quirchmayr, Gerald
  • Tjoa, A Min
Grafik Top
Shortfacts
Category
Journal Paper
Divisions
Multimedia Information Systems
Security and Privacy
Subjects
Computersicherheit
Angewandte Informatik
Journal or Publication Title
Machine Learning and Knowledge Extraction
ISSN
2504-4990
Page Range
pp. 371-396
Number
2
Volume
4
Date
11 April 2022
Export
Grafik Top