A study on time models in graph databases for security log analysis. Issue 5 (20th August 2021)
- Record Type:
- Journal Article
- Title:
- A study on time models in graph databases for security log analysis. Issue 5 (20th August 2021)
- Main Title:
- A study on time models in graph databases for security log analysis
- Authors:
- Hofer, Daniel
Jäger, Markus
Mohamed, Aya Khaled Youssef Sayed
Küng, Josef - Abstract:
- Abstract : Purpose: For aiding computer security experts in their study, log files are a crucial piece of information. Especially the time domain is very important for us because in most cases, timestamps are the only linking points between events caused by attackers, faulty systems or simple errors and their corresponding entries in log files. With the idea of storing and analyzing this log information in graph databases, we need a suitable model to store and connect timestamps and their events. This paper aims to find and evaluate different approaches how to store timestamps in graph databases and their individual benefits and drawbacks. Design/methodology/approach: We analyse three different approaches, how timestamp information can be represented and stored in graph databases. For checking the models, we set up four typical questions that are important for log file analysis and tested them for each of the models. During the evaluation, we used the performance and other properties as metrics, how suitable each of the models is for representing the log files' timestamp information. In the last part, we try to improve one promising looking model. Findings: We come to the conclusion, that the simplest model with the least graph database-specific concepts in use is also the one yielding the simplest and fastest queries. Research limitations/implications: Limitations to this research are that only one graph database was studied and also improvements to the query engine mightAbstract : Purpose: For aiding computer security experts in their study, log files are a crucial piece of information. Especially the time domain is very important for us because in most cases, timestamps are the only linking points between events caused by attackers, faulty systems or simple errors and their corresponding entries in log files. With the idea of storing and analyzing this log information in graph databases, we need a suitable model to store and connect timestamps and their events. This paper aims to find and evaluate different approaches how to store timestamps in graph databases and their individual benefits and drawbacks. Design/methodology/approach: We analyse three different approaches, how timestamp information can be represented and stored in graph databases. For checking the models, we set up four typical questions that are important for log file analysis and tested them for each of the models. During the evaluation, we used the performance and other properties as metrics, how suitable each of the models is for representing the log files' timestamp information. In the last part, we try to improve one promising looking model. Findings: We come to the conclusion, that the simplest model with the least graph database-specific concepts in use is also the one yielding the simplest and fastest queries. Research limitations/implications: Limitations to this research are that only one graph database was studied and also improvements to the query engine might change future results. Originality/value: In the study, we addressed the issue of storing timestamps in graph databases in a meaningful, practical and efficient way. The results can be used as a pattern for similar scenarios and applications. … (more)
- Is Part Of:
- International journal of web information systems. Volume 17:Issue 5(2021)
- Journal:
- International journal of web information systems
- Issue:
- Volume 17:Issue 5(2021)
- Issue Display:
- Volume 17, Issue 5 (2021)
- Year:
- 2021
- Volume:
- 17
- Issue:
- 5
- Issue Sort Value:
- 2021-0017-0005-0000
- Page Start:
- 427
- Page End:
- 448
- Publication Date:
- 2021-08-20
- Subjects:
- Security -- Graph database -- Logfile analysis -- Time model representation
World Wide Web -- Periodicals
Internet -- Periodicals
Information storage and retrieval systems -- Periodicals
004.678 - Journal URLs:
- http://www.emeraldinsight.com/info/journals/ijwis/ijwis.jsp ↗
http://www.emeraldinsight.com/ ↗
http://www.troubador.co.uk/ijwis/ ↗ - DOI:
- 10.1108/IJWIS-03-2021-0023 ↗
- Languages:
- English
- ISSNs:
- 1744-0084
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4542.701180
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 23751.xml