Abstract
For aiding computer security experts in their work, log files are a crucial piece of information. Especially the time domain is of interest, since sometimes, timestamps are the only linking points between associated events caused by attackers, faulty systems or similar. With the idea of storing and analyzing log information in graph databases comes also the question, how to model the time aspect and in particular, how timestamps shall be stored and connected in a proper form.
This paper analyzes three different models in which time information extracted from log files can be represented in graph databases and how the data can be retrieved again in a form that is suitable for further analysis. The first model resembles data stored in a relational database, while the second one enhances this approach by applying graph database specific amendments while the last model makes almost full use of a graph database’s capabilities. Hereby, the main focus points are laid on the queries for retrieving the data, their complexity, the expressiveness of the underlying data model and the suitability for usage in graph databases.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Native graph databases are characterized by implementing ad-hoc data structures and indexes for storing and querying graphs.
References
Aichhorn, A., Etzlinger, B., Mayrhofer, R., Springer, A.: Accurate clock synchronization for power systems protection devices over packet switched networks. Comput. Sci. Res. Dev. 32(1–2), 147–158 (2017)
Auer, D., Jäger, M., Küng, J.: Linking trust to cyber-physical systems. In: Anderst-Kotsis, G., et al. (eds.) DEXA 2019. CCIS, vol. 1062, pp. 119–128. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-27684-3_16
Bachman, M.: Graphaware neo4j timetree (2013). https://github.com/graphaware/neo4j-timetree
Chazelas, S.: PID reuse possibility in linux (2020). https://unix.stackexchange.com/a/414974
Chu, Z., Yu, J., Hamdulla, A.: A novel deep learning method for query task execution time prediction in graph database. Future Gener. Comput. Syst. 112, 534–548 (2020)
cnicutar: Linux PID recycling (2020). https://stackoverflow.com/a/11323428/8428364
Diederichsen, L., Choo, K.-K.R., Le-Khac, N.-A.: A graph database-based approach to analyze network log files. In: Liu, J.K., Huang, X. (eds.) NSS 2019. LNCS, vol. 11928, pp. 53–73. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36938-5_4
GraphGrid, I.: Modeling time series data with neo4j (2015). https://www.graphgrid.com/modeling-time-series-data-with-neo4j/
Grüninger, M.: Verification of the OWL-time ontology. In: Aroyo, L., et al. (eds.) ISWC 2011. LNCS, vol. 7031, pp. 225–240. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25073-6_15
Hobbs, J.R., Pan, F.: Time ontology in owl (2013). https://www.w3.org/TR/owl-time/
Kubovy, J., Huber, C., Jäger, M., Küng, J.: A secure token-based communication for authentication and authorization servers. In: Dang, T.K., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds.) FDSE 2016. LNCS, vol. 10018, pp. 237–250. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48057-2_17
Maduako, I., Wachowicz, M.: A space-time varying graph for modelling places and events in a network. Int. J. Geogr. Inf. Sci. 33(10), 1915–1935 (2019)
Neo4j, Inc.: 2.10. temporal (date/time) values (2020). https://neo4j.com/docs/cypher-manual/current/syntax/temporal/
Neo4j, Inc.: 7.5. shortest path planning (2020). https://neo4j.com/docs/cypher-manual/current/execution-plans/shortestpath-planning/
Neo4j, Inc.: Neo4j browser (2020). https://github.com/neo4j/neo4j-browser
Neo4j, Inc.: Neo4j graph platform (2020). https://neo4j.com/
Patton, A.J.: Modelling time-varying exchange rate dependence using the conditional copula. SSRN (2001)
Schwenk, J.: Modelling time for authenticated key exchange protocols. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 277–294. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_16
Semertzidis, K., Pitoura, E.: Time traveling in graphs using a graph database. In: EDBT/ICDT Workshops (2016)
Tao, X., Liu, Y., Zhao, F., Yang, C., Wang, Y.: Graph database-based network security situation awareness data storage method. EURASIP J. Wirel. Commun. Netw. 2018(1), 294 (2018)
Theodoulidis, C.I., Loucopoulos, P.: The time dimension in conceptual modelling. Inf. Syst. 16(3), 273–300 (1991)
Wiese, B., Omlin, C.: Credit card transactions, fraud detection, and machine learning: modelling time with LSTM recurrent neural networks. In: Bianchini, M., Maggini, M., Scarselli, F., Jain, L.C. (eds.) Innovations in Neural Information Paradigms and Applications. SCI, vol. 247, pp. 231–268. Springer, Berlin (2009). https://doi.org/10.1007/978-3-642-04003-0_10
Acknowledgements
The research reported in this paper has been mostly supported by the LIT Secure and Correct Systems Lab.
Additionally this work has partially been supported by the FFG, Contract No. 854184: “Pro2Future is funded within the Austrian COMET Program Competence Centers for Excellent Technologies under the auspices of the Austrian Federal Ministry of Transport, Innovation and Technology, the Austrian Federal Ministry for Digital and Economic Affairs and of the Provinces of Upper Austria and Styria. COMET is managed by the Austrian Research Promotion Agency FFG”.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Hofer, D., Jäger, M., Mohamed, A., Küng, J. (2020). On Applying Graph Database Time Models for Security Log Analysis. In: Dang, T.K., Küng, J., Takizawa, M., Chung, T.M. (eds) Future Data and Security Engineering. FDSE 2020. Lecture Notes in Computer Science(), vol 12466. Springer, Cham. https://doi.org/10.1007/978-3-030-63924-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-63924-2_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63923-5
Online ISBN: 978-3-030-63924-2
eBook Packages: Computer ScienceComputer Science (R0)