Figure 6 - uploaded by Kabul Kurniawan
Content may be subject to copyright.
Source publication
The integration of heterogeneous and weakly linked log data poses a major challenge in many log-analytic applications. Knowledge graphs (KGs) can facilitate such integration by providing a versatile representation that can interlink objects of interest and enrich log events with background knowledge. Furthermore, graph-pattern based query languages...
Context in source publication
Context 1
... the analysis interface, we implemented a Query Processor 25 component as a web-420 application that receives SPARQL queries, sends them to multiple target hosts, and presents 421 the resulting graph to the analyst. Figure 6 shows the user interface of the application, 422 which consist of (i) Query Options, including e.g., target hosts, background knowledge, 423 analysis timeframe, as well as predefined queries to select. (ii) SPARQL Query Input to 424 formulate and execute SPARQL queries, and (iii) Query Results to present the output of 425 an the executed query. ...
Citations
... RDF can, for instance, support multiple paradigms for the implementation of data management architectures in provenance graph-based detection systems, including (i) materialized graphs in triple stores, (ii) cached graphs implemented as inmemory triple stores ( Hu et al., 2016 ), (iii) distributed graphs ( Abdelaziz et al., 2017;Gu et al., 2014;Lehmann et al., 2017 ), (iv) 55 cf. https://www.w3.org/standards/ ( Milajerdi et al., 2019b ) Morse ( Hossain et al., 2020 ) Poirot ( Milajerdi et al., 2019a ) Rapsheet ( Hassan et al., 2020 ) Krystal Tactical Analysis (TTP Mapping) -virtualized graphs ( Kurniawan et al., 2022;Xiao et al., 2019 ), and (v) stream reasoning techniques Dell' Aglio et al. (2017) . 56 Standard Query Language KRYSTAL leverages SPARQL Consortium et al. (2013) , a graph-based query language for RDF that offers high expressivity and supports complex querying (e.g., aggregation, subqueries, negation) in a declarative manner Kaminski et al. (2016) . ...
Attack graph-based methods are a promising approach towards discovering attacks and various techniques have been proposed recently. A key limitation, however, is that approaches developed so far are monolithic in their architecture and heterogeneous in their internal models. The inflexible custom data models of existing prototypes and the implementation of rules in code rather than declarative languages on the one hand make it difficult to combine, extend, and reuse techniques, and on the other hand hinder reuse of security knowledge – including detection rules and threat intelligence. KRYSTAL tackles these challenges by providing a knowledge graph-based, modular framework for threat detection, attack graph and scenario reconstruction, and analysis based on RDF as a standard model for knowledge representation. This approach provides query options that facilitate contextualization over internal and external background knowledge, as well as the integration of multiple detection techniques, including tag propagation, attack signatures, and graph queries. We implemented our framework in an openly available prototype and demonstrate its applicability on multiple scenarios of the DARPA Transparent Computing dataset. Our evaluation shows that the combination of different threat detection techniques within our framework improved detection capabilities. Furthermore, we find that RDF provenance graphs are scalable and can efficiently support a variety of threat detection techniques.
... Additionally, SPARQL provides a way to express queries across multiple distributed data sources through SPARQL query federation [5]. A number of possible queries are generated, ranked, and then presented to the user. ...
Software logging is the practice of recording different events and activities that occur within a software system, which are useful for different activities such as failure prediction and anomaly detection. While previous research focused on improving different aspects of logging practices, the goal of this paper is to conduct a systematic literature review and the existing challenges of practitioners in software logging practices. In this paper, we focus on the logging practices that cover the steps from the instrumentation of a software system, the storage of logs, up to the preprocessing steps that prepare log data for further follow-up analysis. Our systematic literature review (SLR) covers 204 research papers and a quantitative and qualitative analysis of 20,766 and 149 questions on StackOverflow (SO). We observe that 53% of the studies focus on improving the techniques that preprocess logs for analysis (e.g., the practices of log parsing, log clustering and log mining), 37% focus on how to create new log statements, and 10% focus on how to improve log file storage. Our analysis of SO topics reveals that five out of seven identified high-level topics are not covered by the literature and are related to dependency configuration of logging libraries, infrastructure related configuration, scattered logging, context-dependant usage of logs and handling log files.
