Semantic Query Federation for Scalable Security Log Analysis

Publication: Scientific journalJournal articlepeer-review

Abstract

The digitalization of business processes increasingly exposes organizations to sophisticated cyber-security threats. To contain attacks and minimize their impact, it is essential to detect them early. To this end, it is necessary to analyze a wide range of log files that potentially provide clues about malicious activity. However, these logs are typically voluminous, heterogeneous, difficult to interpret, and stored in disparate locations, which makes it difficult to analyze them. Current approaches to analyze security logs mainly focus on regular expressions and statistical indicators and do not directly provide actionable insight to security analysts. To address these limitations, we propose a distributed approach that enables semantic querying of dispersed log sources in large-scale infrastructures. To automatically integrate and reason about security log information, we will leverage linked data technologies and state-of-the-art federated query processing systems. In this proposal, we discuss the research problem, methodology, approach and evaluation plan for scalable federated semantic security log analysis.
Original languageEnglish
Pages (from-to)294 - 303
JournalLecture Notes in Computer Science (LNCS)
DOIs
Publication statusPublished - 2018

Austrian Classification of Fields of Science and Technology (ÖFOS)

  • 102
  • 509018 Knowledge management
  • 505002 Data protection

Cite this