Skip to main content
SpringerLink
Log in

On Applying Graph Database Time Models for Security Log Analysis

  • Conference paper
  • First Online:
Future Data and Security Engineering (FDSE 2020)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12466))

Included in the following conference series:

Abstract

For aiding computer security experts in their work, log files are a crucial piece of information. Especially the time domain is of interest, since sometimes, timestamps are the only linking points between associated events caused by attackers, faulty systems or similar. With the idea of storing and analyzing log information in graph databases comes also the question, how to model the time aspect and in particular, how timestamps shall be stored and connected in a proper form.

This paper analyzes three different models in which time information extracted from log files can be represented in graph databases and how the data can be retrieved again in a form that is suitable for further analysis. The first model resembles data stored in a relational database, while the second one enhances this approach by applying graph database specific amendments while the last model makes almost full use of a graph database’s capabilities. Hereby, the main focus points are laid on the queries for retrieving the data, their complexity, the expressiveness of the underlying data model and the suitability for usage in graph databases.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Native graph databases are characterized by implementing ad-hoc data structures and indexes for storing and querying graphs.

References

  1. Aichhorn, A., Etzlinger, B., Mayrhofer, R., Springer, A.: Accurate clock synchronization for power systems protection devices over packet switched networks. Comput. Sci. Res. Dev. 32(1–2), 147–158 (2017)

    Article  Google Scholar 

  2. Auer, D., Jäger, M., Küng, J.: Linking trust to cyber-physical systems. In: Anderst-Kotsis, G., et al. (eds.) DEXA 2019. CCIS, vol. 1062, pp. 119–128. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-27684-3_16

    Chapter  Google Scholar 

  3. Bachman, M.: Graphaware neo4j timetree (2013). https://github.com/graphaware/neo4j-timetree

  4. Chazelas, S.: PID reuse possibility in linux (2020). https://unix.stackexchange.com/a/414974

  5. Chu, Z., Yu, J., Hamdulla, A.: A novel deep learning method for query task execution time prediction in graph database. Future Gener. Comput. Syst. 112, 534–548 (2020)

    Article  Google Scholar 

  6. cnicutar: Linux PID recycling (2020). https://stackoverflow.com/a/11323428/8428364

  7. Diederichsen, L., Choo, K.-K.R., Le-Khac, N.-A.: A graph database-based approach to analyze network log files. In: Liu, J.K., Huang, X. (eds.) NSS 2019. LNCS, vol. 11928, pp. 53–73. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36938-5_4

    Chapter  Google Scholar 

  8. GraphGrid, I.: Modeling time series data with neo4j (2015). https://www.graphgrid.com/modeling-time-series-data-with-neo4j/

  9. Grüninger, M.: Verification of the OWL-time ontology. In: Aroyo, L., et al. (eds.) ISWC 2011. LNCS, vol. 7031, pp. 225–240. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25073-6_15

    Chapter  Google Scholar 

  10. Hobbs, J.R., Pan, F.: Time ontology in owl (2013). https://www.w3.org/TR/owl-time/

  11. Kubovy, J., Huber, C., Jäger, M., Küng, J.: A secure token-based communication for authentication and authorization servers. In: Dang, T.K., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds.) FDSE 2016. LNCS, vol. 10018, pp. 237–250. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48057-2_17

    Chapter  Google Scholar 

  12. Maduako, I., Wachowicz, M.: A space-time varying graph for modelling places and events in a network. Int. J. Geogr. Inf. Sci. 33(10), 1915–1935 (2019)

    Article  Google Scholar 

  13. Neo4j, Inc.: 2.10. temporal (date/time) values (2020). https://neo4j.com/docs/cypher-manual/current/syntax/temporal/

  14. Neo4j, Inc.: 7.5. shortest path planning (2020). https://neo4j.com/docs/cypher-manual/current/execution-plans/shortestpath-planning/

  15. Neo4j, Inc.: Neo4j browser (2020). https://github.com/neo4j/neo4j-browser

  16. Neo4j, Inc.: Neo4j graph platform (2020). https://neo4j.com/

  17. Patton, A.J.: Modelling time-varying exchange rate dependence using the conditional copula. SSRN (2001)

    Google Scholar 

  18. Schwenk, J.: Modelling time for authenticated key exchange protocols. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 277–294. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_16

    Chapter  Google Scholar 

  19. Semertzidis, K., Pitoura, E.: Time traveling in graphs using a graph database. In: EDBT/ICDT Workshops (2016)

    Google Scholar 

  20. Tao, X., Liu, Y., Zhao, F., Yang, C., Wang, Y.: Graph database-based network security situation awareness data storage method. EURASIP J. Wirel. Commun. Netw. 2018(1), 294 (2018)

    Article  Google Scholar 

  21. Theodoulidis, C.I., Loucopoulos, P.: The time dimension in conceptual modelling. Inf. Syst. 16(3), 273–300 (1991)

    Article  Google Scholar 

  22. Wiese, B., Omlin, C.: Credit card transactions, fraud detection, and machine learning: modelling time with LSTM recurrent neural networks. In: Bianchini, M., Maggini, M., Scarselli, F., Jain, L.C. (eds.) Innovations in Neural Information Paradigms and Applications. SCI, vol. 247, pp. 231–268. Springer, Berlin (2009). https://doi.org/10.1007/978-3-642-04003-0_10

    Chapter  Google Scholar 

Download references

Acknowledgements

The research reported in this paper has been mostly supported by the LIT Secure and Correct Systems Lab.

Additionally this work has partially been supported by the FFG, Contract No. 854184: “Pro2Future is funded within the Austrian COMET Program Competence Centers for Excellent Technologies under the auspices of the Austrian Federal Ministry of Transport, Innovation and Technology, the Austrian Federal Ministry for Digital and Economic Affairs and of the Provinces of Upper Austria and Styria. COMET is managed by the Austrian Research Promotion Agency FFG”.

Author information

Authors and Affiliations

  1. Institute for Application-Oriented Knowledge Processing (FAW), Faculty of Engineering and Natural Sciences (TNF), Johannes Kepler University (JKU) Linz, Linz, Austria

    Daniel Hofer, Aya Mohamed & Josef Küng

  2. LIT Secure and Correct Systems Lab, Linz Institute of Technology (LIT), Johannes Kepler University (JKU) Linz, Linz, Austria

    Daniel Hofer, Aya Mohamed & Josef Küng

  3. Pro2Future GmbH, Altenberger Strasse 69, 4040, Linz, Austria

    Markus Jäger

Authors
  1. Daniel Hofer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Markus Jäger
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aya Mohamed
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Josef Küng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniel Hofer .

Editor information

Editors and Affiliations

  1. Ho Chi Minh City University of Technology, Ho Chi Minh City, Vietnam

    Tran Khanh Dang

  2. Johannes Kepler University of Linz, Linz, Austria

    Josef Küng

  3. Hosei University, Tokyo, Japan

    Makoto Takizawa

  4. Sungkyunkwan University, Suwon, Korea (Republic of)

    Tai M. Chung

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hofer, D., Jäger, M., Mohamed, A., Küng, J. (2020). On Applying Graph Database Time Models for Security Log Analysis. In: Dang, T.K., Küng, J., Takizawa, M., Chung, T.M. (eds) Future Data and Security Engineering. FDSE 2020. Lecture Notes in Computer Science(), vol 12466. Springer, Cham. https://doi.org/10.1007/978-3-030-63924-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-63924-2_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-63923-5

  • Online ISBN: 978-3-030-63924-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation