Data warehouse for event streams violating rules

Bogdan Denny Czejdo, Erik M. Ferragut, John R. Goodall, Jason Laska

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

In this presentation, we discuss how a data warehouse can support situational awareness and data forensic needs for investigation of event streams violating rules. The data warehouse for event streams can contain summary tables showing rule violation on different aggregation level. We will introduce the classification of rules and the concept of a general aggregation graph for defining various classes of rules violation and their relationships. The data warehouse system containing various rule violation aggregations will allow the data forensics experts to have the ability to "drill-down" into event data across different data warehouse dimensions. The event stream real-time processing and other software modules can also use the summarizations to discover if current events bursts satisfy rules by comparing them with historic event bursts.

Original languageEnglish
Pages (from-to)87-96
Number of pages10
JournalFoundations of Computing and Decision Sciences
Volume38
Issue number2
DOIs
StatePublished - Jun 1 2013

Funding

There are many types of data streams that can contain events that are dangerous or malicious [4]. A very good example is the cyber security area where different methods were proposed to detect computer intrusion by analyzing various streams of data including 1 This research was supported in part by an appointment to the Higher Education Research Experiences (HERE) Program at the Oak Ridge National Laboratory (ORNL) for Faculty, sponsored by the U.S. Department of Energy and administered by the Oak Ridge Institute for Science and Education. This research was also funded by LDRD at Oak Ridge National Laboratory (ORNL). The manuscript has been authored by a contractor of the U.S. Government under contract DE-AC05-00OR22725. Accordingly, the U.S. Government retains a nonexclusive, royalty-free license to publish or reproduce the published form of this contribution, or allow others to do so, for U.S. Government purposes. 2 Department of Mathematics and Computer Science, Fayetteville State University, Fayetteville, USA, email: [email protected] 3 CSIIR Group, CSE Division, Oak Ridge National Laboratory, Oak Ridge, USA, email: [email protected], [email protected], [email protected] network logs [5, 6, 7, 8, and 9]. One of the most practically accepted methods to detect the malicious events is application of rules that define unsafe events [4]. The relationships between malicious events and unsafe events are not always obvious and the interpretation requires human intervention. In order to make the proper interpretation the decision-maker needs to have situational awareness that includes both current and historical knowledge about rules’ violations. A data warehouse can provide not only historical awareness but also support the analysis of the current stream of data. In addition, the data warehouse for events violating rules can provide a significant assistance for data forensics [1, 2, and 3].

FundersFunder number
Oak Ridge Institute for Science and Education
U.S. Department of Energy
Oak Ridge National Laboratory
Laboratory Directed Research and Development

    Keywords

    • Aggregation
    • Data forensics
    • Data streams
    • Data warehouses
    • Drill-down operation
    • Situational awareness

    Fingerprint

    Dive into the research topics of 'Data warehouse for event streams violating rules'. Together they form a unique fingerprint.

    Cite this