Abstract
In this presentation, we discuss how a data warehouse can support situational awareness and data forensic needs for investigation of event streams violating rules. The data warehouse for event streams can contain summary tables showing rule violation on different aggregation level. We will introduce the classification of rules and the concept of a general aggregation graph for defining various classes of rules violation and their relationships. The data warehouse system containing various rule violation aggregations will allow the data forensics experts to have the ability to "drill-down" into event data across different data warehouse dimensions. The event stream real-time processing and other software modules can also use the summarizations to discover if current events bursts satisfy rules by comparing them with historic event bursts.
Original language | English |
---|---|
Pages (from-to) | 87-96 |
Number of pages | 10 |
Journal | Foundations of Computing and Decision Sciences |
Volume | 38 |
Issue number | 2 |
DOIs | |
State | Published - Jun 1 2013 |
Funding
There are many types of data streams that can contain events that are dangerous or malicious [4]. A very good example is the cyber security area where different methods were proposed to detect computer intrusion by analyzing various streams of data including 1 This research was supported in part by an appointment to the Higher Education Research Experiences (HERE) Program at the Oak Ridge National Laboratory (ORNL) for Faculty, sponsored by the U.S. Department of Energy and administered by the Oak Ridge Institute for Science and Education. This research was also funded by LDRD at Oak Ridge National Laboratory (ORNL). The manuscript has been authored by a contractor of the U.S. Government under contract DE-AC05-00OR22725. Accordingly, the U.S. Government retains a nonexclusive, royalty-free license to publish or reproduce the published form of this contribution, or allow others to do so, for U.S. Government purposes. 2 Department of Mathematics and Computer Science, Fayetteville State University, Fayetteville, USA, email: [email protected] 3 CSIIR Group, CSE Division, Oak Ridge National Laboratory, Oak Ridge, USA, email: [email protected], [email protected], [email protected] network logs [5, 6, 7, 8, and 9]. One of the most practically accepted methods to detect the malicious events is application of rules that define unsafe events [4]. The relationships between malicious events and unsafe events are not always obvious and the interpretation requires human intervention. In order to make the proper interpretation the decision-maker needs to have situational awareness that includes both current and historical knowledge about rules’ violations. A data warehouse can provide not only historical awareness but also support the analysis of the current stream of data. In addition, the data warehouse for events violating rules can provide a significant assistance for data forensics [1, 2, and 3].
Funders | Funder number |
---|---|
Oak Ridge Institute for Science and Education | |
U.S. Department of Energy | |
Oak Ridge National Laboratory | |
Laboratory Directed Research and Development |
Keywords
- Aggregation
- Data forensics
- Data streams
- Data warehouses
- Drill-down operation
- Situational awareness