Data Warehouse for Event Streams Violating Rules

Czejdo, Bogdan Denny; Ferragut, Erik M.; Goodall, John R.; Laska, Jason

doi:10.2478/fcds-2013-0001

Abstract

In this presentation, we discuss how a data warehouse can support situational awareness and data forensic needs for investigation of event streams violating rules. The data warehouse for event streams can contain summary tables showing rule violation on different aggregation level. We will introduce the classification of rules and the concept of a general aggregation graph for defining various classes of rules violation and their relationships. The data warehouse system containing various rule violation aggregations will allow the data forensics experts to have the ability to “drill-down” into event data across different data warehouse dimensions. The event stream real-time processing and other software modules can also use the summarizations to discover if current events bursts satisfy rules by comparing them with historic event bursts.

References

[1] Michael T. Goodrich, Mikhail J. Atallah and Roberto Tamassia, Indexing Information for Data Forensics, Lecture Notes in Computer Science, 2005, Volume 3531/2005, 206-221.10.1007/11496137_15
Search in Google Scholar
[2] Federico Maggi, Stefano Zanero, Vincenzo Iozzo, “Seeing the invisible: forensic uses of anomaly detection and machine learning” ACM SIGOPS Operating Systems Review, Volume 42 Issue 3, April 2008, 51-58.10.1145/1368506.1368514
Search in Google Scholar
[3] Hal Berghel “Hiding data, forensics, and anti-forensics”, Communications of the ACM CACM, Volume 50 Issue 4, April 2007, 15 - 20.10.1145/1232743.1232761
Search in Google Scholar
[4] Sushil Jajodia, Peng Liu, Vipin Swarup, Cliff Wang, 2009, Cyber Situational Awareness: Issues and Research, Springer Publishing Company, 2009.10.1007/978-1-4419-0140-8
Search in Google Scholar
[5] Ferragut, E.M.; Darmon, D.M.; Shue, C.A.; Kelley, S., Automatic construction of anomaly detectors from graphical models”, IEEE Symposium on Computational Intelligence in Cyber Security (CICS), 2011 IEEE Symposium on10.1109/CICYBS.2011.5949386
Search in Google Scholar
[6] Sung-Bae Cho, “Incorporating soft computing techniques into a probabilistic intrusion detection system” IEEE Transactions on Systems, Man, and Cybernetics, May 2002, vol. 32 , issue: 2, pp: 154 - 160.10.1109/TSMCC.2002.801356
Search in Google Scholar
[7] Denning, Dorothy, "An Intrusion Detection Model," Proceedings of the Seventh IEEE Symposium on Security and Privacy, May 1986, pages 119-131.10.1109/SP.1986.10010
Search in Google Scholar
[8] Teng, Henry S., Chen, Kaihu, and Lu, Stephen C-Y, "Adaptive Real-time Anomaly Detection Using Inductively Generated Sequential Patterns," 1990 IEEE Symposium on Security and Privacy10.1109/RISP.1990.63857
Search in Google Scholar
[9] Jones, Anita K., and Sielken, Robert S., "Computer System Intrusion Detection: A Survey," Technical Report, Department of Computer Science, University of Virginia, Charlottesville, VA, 1999
Search in Google Scholar
[10] Czejdo. B, Taylor M. and Putonti C.,(2000); “Summary Tables in Data Warehouses”. Proceedings of ADVIS’2000.
Search in Google Scholar
[11] Gupta A., Harinarayan V., and Quass D. (1995); "Aggregate-Query Processing in Data Warehousing Environments", Proceedings of the VLDB.
Search in Google Scholar
[12] Bischoff J. and Alexander T. (1997); Data Warehouse: Practical Advice from theExperts. New Jersey: Prentice-Hall, Inc.
Search in Google Scholar
[13] Widom J. (1995); “Research problems in data warehousing", Proceedings of the 4thInt. Conf. CIKM.10.1145/221270.221319
Search in Google Scholar
[14] Bogdan Denny Czejdo, Erik M. Ferragut, John Goodall and Jason Laska “Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse”, accepted for publication in International Journal of Communications,Network and System Sciences, (IJCNS)
Search in Google Scholar

Data Warehouse for Event Streams Violating Rules

Abstract

Paradigm

My account