skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: A Selectivity based approach to Continuous Pattern Detection in Streaming Graphs

Abstract

Cyber security is one of the most significant technical challenges in current times. Detecting adversarial activities, prevention of theft of intellectual properties and customer data is a high priority for corporations and government agencies around the world. Cyber defenders need to analyze massive-scale, high-resolution network flows to identify, categorize, and mitigate attacks involving net- works spanning institutional and national boundaries. Many of the cyber attacks can be described as subgraph patterns, with promi- nent examples being insider infiltrations (path queries), denial of service (parallel paths) and malicious spreads (tree queries). This motivates us to explore subgraph matching on streaming graphs in a continuous setting. The novelty of our work lies in using the subgraph distributional statistics collected from the streaming graph to determine the query processing strategy. We introduce a “Lazy Search" algorithm where the search strategy is decided on a vertex-to-vertex basis depending on the likelihood of a match in the vertex neighborhood. We also propose a metric named “Relative Selectivity" that is used to se- lect between different query processing strategies. Our experiments performed on real online news, network traffic stream and a syn- thetic social network benchmark demonstrate 10-100x speedups over selectivity agnostic approaches.

Authors:
; ; ; ;
Publication Date:
Research Org.:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1183625
Report Number(s):
PNNL-SA-107908
400470000
DOE Contract Number:  
AC05-76RL01830
Resource Type:
Conference
Resource Relation:
Conference: Proceedings of the 18th International Conference on Extending Database Technology (EDBT), March 23-27, 2015, Brussels, Belgium, 157-168
Country of Publication:
United States
Language:
English
Subject:
graphs, cybersecurity

Citation Formats

Choudhury, Sutanay, Holder, Larry, Chin, George, Agarwal, Khushbu, and Feo, John T. A Selectivity based approach to Continuous Pattern Detection in Streaming Graphs. United States: N. p., 2015. Web. doi:10.5441/002/edbt.2015.15.
Choudhury, Sutanay, Holder, Larry, Chin, George, Agarwal, Khushbu, & Feo, John T. A Selectivity based approach to Continuous Pattern Detection in Streaming Graphs. United States. doi:10.5441/002/edbt.2015.15.
Choudhury, Sutanay, Holder, Larry, Chin, George, Agarwal, Khushbu, and Feo, John T. Mon . "A Selectivity based approach to Continuous Pattern Detection in Streaming Graphs". United States. doi:10.5441/002/edbt.2015.15.
@article{osti_1183625,
title = {A Selectivity based approach to Continuous Pattern Detection in Streaming Graphs},
author = {Choudhury, Sutanay and Holder, Larry and Chin, George and Agarwal, Khushbu and Feo, John T.},
abstractNote = {Cyber security is one of the most significant technical challenges in current times. Detecting adversarial activities, prevention of theft of intellectual properties and customer data is a high priority for corporations and government agencies around the world. Cyber defenders need to analyze massive-scale, high-resolution network flows to identify, categorize, and mitigate attacks involving net- works spanning institutional and national boundaries. Many of the cyber attacks can be described as subgraph patterns, with promi- nent examples being insider infiltrations (path queries), denial of service (parallel paths) and malicious spreads (tree queries). This motivates us to explore subgraph matching on streaming graphs in a continuous setting. The novelty of our work lies in using the subgraph distributional statistics collected from the streaming graph to determine the query processing strategy. We introduce a “Lazy Search" algorithm where the search strategy is decided on a vertex-to-vertex basis depending on the likelihood of a match in the vertex neighborhood. We also propose a metric named “Relative Selectivity" that is used to se- lect between different query processing strategies. Our experiments performed on real online news, network traffic stream and a syn- thetic social network benchmark demonstrate 10-100x speedups over selectivity agnostic approaches.},
doi = {10.5441/002/edbt.2015.15},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Mon Feb 02 00:00:00 EST 2015},
month = {Mon Feb 02 00:00:00 EST 2015}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: