<div class="csl-bib-body">
<div class="csl-entry">Kurniawan, K., Ekelhart, A., Kiesling, E., Winkler, D., Quirchmayr, G., & Tjoa, A. M. (2022). VloGraph: A Virtual Knowledge Graph Framework for Distributed Security Log Analysis. <i>Machine Learning and Knowledge Extraction</i>, <i>4</i>(2), 371–396. https://doi.org/10.3390/make4020016</div>
</div>
-
dc.identifier.uri
http://hdl.handle.net/20.500.12708/144335
-
dc.description.abstract
The integration of heterogeneous and weakly linked log data poses a major challenge in many log-analytic applications. Knowledge graphs (KGs) can facilitate such integration by providing a versatile representation that can interlink objects of interest and enrich log events with background knowledge. Furthermore, graph-pattern based query languages, such as SPARQL, can support rich log analyses by leveraging semantic relationships between objects in heterogeneous log streams. Constructing, materializing, and maintaining centralized log knowledge graphs, however, poses significant challenges. To tackle this issue, we propose VloGraph—a distributed and virtualized alternative to centralized log knowledge graph construction. The proposed approach does not involve any a priori parsing, aggregation, and processing of log data, but dynamically constructs a virtual log KG from heterogeneous raw log sources across multiple hosts. To explore the feasibility of this approach, we developed a prototype and demonstrate its applicability to three scenarios. Furthermore, we evaluate the approach in various experimental settings with multiple heterogeneous log sources and machines; the encouraging results from this evaluation suggest that the approach can enable efficient graph-based ad-hoc log analyses in federated settings.
en
dc.description.sponsorship
CDG Christian Doppler Forschungsgesellschaft; CDG Christian Doppler Forschungsgesellschaft
-
dc.language.iso
en
-
dc.publisher
MDPI
-
dc.relation.ispartof
Machine Learning and Knowledge Extraction
-
dc.subject
semantic log analysis
en
dc.subject
virtual log graphs
en
dc.subject
dynamic log extraction
en
dc.subject
decentralized logquerying
en
dc.subject
forensics
en
dc.title
VloGraph: A Virtual Knowledge Graph Framework for Distributed Security Log Analysis
en
dc.type
Article
en
dc.type
Artikel
de
dc.description.startpage
371
-
dc.description.endpage
396
-
dc.relation.grantno
CDL SQI
-
dc.type.category
Original Research Article
-
tuw.container.volume
4
-
tuw.container.issue
2
-
tuw.journal.peerreviewed
true
-
tuw.peerreviewed
true
-
tuw.project.title
Verbesserung der Sicherheit von Informationsprozessen in Produktionssystemen
-
tuw.researchTopic.id
I2
-
tuw.researchTopic.id
I4a
-
tuw.researchTopic.name
Computer Engineering and Software-Intensive Systems
-
tuw.researchTopic.name
Information Systems Engineering
-
tuw.researchTopic.value
50
-
tuw.researchTopic.value
50
-
dcterms.isPartOf.title
Machine Learning and Knowledge Extraction
-
tuw.publication.orgunit
E194-01 - Forschungsbereich Software Engineering
-
tuw.publisher.doi
10.3390/make4020016
-
dc.date.onlinefirst
2022-04-11
-
dc.identifier.eissn
2504-4990
-
dc.description.numberOfPages
26
-
tuw.author.orcid
0000-0002-4743-3124
-
tuw.author.orcid
0000-0002-8295-9252
-
wb.sciencebranch
Informatik
-
wb.sciencebranch
Wirtschaftswissenschaften
-
wb.sciencebranch.oefos
1020
-
wb.sciencebranch.oefos
5020
-
wb.sciencebranch.value
90
-
wb.sciencebranch.value
10
-
item.openairetype
Article
-
item.openairetype
Artikel
-
item.grantfulltext
restricted
-
item.cerifentitytype
Publications
-
item.cerifentitytype
Publications
-
item.languageiso639-1
en
-
item.openairecristype
http://purl.org/coar/resource_type/c_18cf
-
item.openairecristype
http://purl.org/coar/resource_type/c_18cf
-
item.fulltext
no Fulltext
-
crisitem.project.funder
CDG Christian Doppler Forschungsgesellschaft
-
crisitem.project.grantno
CDL SQI
-
crisitem.author.dept
E194-01 - Forschungsbereich Information und Software Engineering
-
crisitem.author.dept
E194-01 - Forschungsbereich Information und Software Engineering
-
crisitem.author.dept
E194-01 - Forschungsbereich Information und Software Engineering
-
crisitem.author.dept
E194 - Institut für Information Systems Engineering
-
crisitem.author.dept
E099 - Dek.zentr. d. Fak. f. Informatik, Mathem.u.Geoinf., Physik u. T.Chemie
-
crisitem.author.dept
E194-04 - Forschungsbereich E-Commerce
-
crisitem.author.orcid
0000-0002-4743-3124
-
crisitem.author.orcid
0000-0002-8295-9252
-
crisitem.author.parentorg
E194 - Institut für Information Systems Engineering
-
crisitem.author.parentorg
E194 - Institut für Information Systems Engineering
-
crisitem.author.parentorg
E194 - Institut für Information Systems Engineering
-
crisitem.author.parentorg
E180 - Fakultät für Informatik
-
crisitem.author.parentorg
E000 - Technische Universität Wien
-
crisitem.author.parentorg
E194 - Institut für Information Systems Engineering