Warianty tytułu
Języki publikacji
Abstrakty
In this presentation, we discuss how a data warehouse can support situational awareness and data forensic needs for investigation of event streams violating rules. The data warehouse for event streams can contain summary tables showing rule violation on different aggregation level. We will introduce the classification of rules and the concept of a general aggregation graph for defining various classes of rules violation and their relationships. The data warehouse system containing various rule violation aggregations will allow the data forensics experts to have the ability to “drill-down” into event data across different data warehouse dimensions. The event stream real-time processing and other software modules can also use the summarizations to discover if current events bursts satisfy rules by comparing them with historic event bursts.
Rocznik
Tom
Strony
87--96
Opis fizyczny
Bibliogr. 14 poz.
Twórcy
autor
- Department of Mathematics and Computer Science, Fayetteville State University, Fayetteville, USA
autor
- CSIIR Group, CSE Division, Oak Ridge National Laboratory, Oak Ridge, USA, ferragutem@ornl.gov
autor
- CSIIR Group, CSE Division, Oak Ridge National Laboratory, Oak Ridge, USA, jgoodall@ornl.gov
autor
- CSIIR Group, CSE Division, Oak Ridge National Laboratory, Oak Ridge, USA, laskaja@ornl.gov
Bibliografia
- [1] Michael T. Goodrich, Mikhail J. Atallah and Roberto Tamassia, Indexing Information for Data Forensics, Lecture Notes in Computer Science, 2005, Volume 3531/2005, 206-221.
- [2] Federico Maggi, Stefano Zanero, Vincenzo Iozzo, “Seeing the invisible: forensic uses of anomaly detection and machine learning” ACM SIGOPS Operating Systems Review, Volume 42 Issue 3, April 2008, 51-58.
- [3] Hal Berghel “Hiding data, forensics, and anti-forensics”, Communications of the ACM CACM, Volume 50 Issue 4, April 2007, 15-20.
- [4] Sushil Jajodia, Peng Liu, Vipin Swarup, Cliff Wang, 2009, Cyber Situational Awareness: Issues and Research, Springer Publishing Company, 2009.
- [5] Ferragut, E.M.; Darmon, D.M.; Shue, C.A.; Kelley, S., Automatic construction of anomaly detectors from graphical models”, IEEE Symposium on Computational Intelligence in Cyber Security (CICS), 2011 IEEE Symposium on.
- [6] Sung-Bae Cho, “Incorporating soft computing techniques into a probabilistic intrusion detection system” IEEE Transactions on Systems, Man, and Cybernetics, May 2002, vol. 32 , issue: 2, pp: 154-160.
- [7] Denning, Dorothy, "An Intrusion Detection Model," Proceedings of the Seventh IEEE Symposium on Security and Privacy, May 1986, pages 119-131.
- [8] Teng, Henry S., Chen, Kaihu, and Lu, Stephen C-Y, "Adaptive Real-time Anomaly Detection Using Inductively Generated Sequential Patterns," 1990 IEEE Symposium on Security and Privacy.
- [9] Jones, Anita K., and Sielken, Robert S., "Computer System Intrusion Detection: A Survey," Technical Report, Department of Computer Science, University of Virginia, Charlottesville, VA, 1999.
- [10] Czejdo. B, Taylor M. and Putonti C.,(2000); “Summary Tables in Data Warehouses”. Proceedings of ADVIS’2000.
- [11] Gupta A., Harinarayan V., and Quass D. (1995); "Aggregate-Query Processing in Data Warehousing Environments", Proceedings of the VLDB.
- [12] Bischoff J. and Alexander T. (1997); Data Warehouse: Practical Advice from theExperts. New Jersey: Prentice-Hall, Inc.
- [13] Widom J. (1995); “Research problems in data warehousing", Proceedings of the 4th Int. Conf. CIKM.
- [14] Bogdan Denny Czejdo, Erik M. Ferragut, John Goodall and Jason Laska “Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse”, accepted for publication in International Journal of Communications, Network and System Sciences, (IJCNS)
Typ dokumentu
Bibliografia
Identyfikatory
Identyfikator YADDA
bwmeta1.element.baztech-a0d13261-fab6-49ad-91a8-a2edeaddb738
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.