Massive Scale Cyber Traffic Analysis: A Driver for Graph Database Research

Joslyn, Cliff A.; Choudhury, S.; Haglin, David J.; Howe, Bill; Nickless, William K.; Olsen, Bryan K.

doi:10.1145/2484425.2484428

Title: Massive Scale Cyber Traffic Analysis: A Driver for Graph Database Research

Conference · Wed Jun 19 00:00:00 EDT 2013

DOI:https://doi.org/10.1145/2484425.2484428· OSTI ID:1089074

Joslyn, Cliff A.; Choudhury, S.; Haglin, David J.; Howe, Bill; Nickless, William K.; Olsen, Bryan K.

We describe the significance and prominence of network traffic analysis (TA) as a graph- and network-theoretical domain for advancing research in graph database systems. TA involves observing and analyzing the connections between clients, servers, hosts, and actors within IP networks, both at particular times and as extended over times. Towards that end, NetFlow (or more generically, IPFLOW) data are available from routers and servers which summarize coherent groups of IP packets flowing through the network. IPFLOW databases are routinely interrogated statistically and visualized for suspicious patterns. But the ability to cast IPFLOW data as a massive graph and query it interactively, in order to e.g.\ identify connectivity patterns, is less well advanced, due to a number of factors including scaling, and their hybrid nature combining graph connectivity and quantitative attributes. In this paper, we outline requirements and opportunities for graph-structured IPFLOW analytics based on our experience with real IPFLOW databases. Specifically, we describe real use cases from the security domain, cast them as graph patterns, show how to express them in two graph-oriented query languages SPARQL and Datalog, and use these examples to motivate a new class of "hybrid" graph-relational systems.

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Cite

Export

Save

Research Organization:: Pacific Northwest National Lab. (PNNL), Richland, WA (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC05-76RL01830

OSTI ID:: 1089074

Report Number(s):: PNNL-SA-94818; 400470000

Resource Relation:: Conference: FIrst International Workshop on Graph Data Management Experiences and Systems (GRADES 2013), held in conjunction with the ACM SIGMOD/PODS Conference, June 22-27, 2013, New York, Article No. 3

Country of Publication:: United States

Language:: English

Similar Records

Discrete Mathematical Approaches to Graph-Based Traffic Analysis

Conference · Tue Apr 01 00:00:00 EDT 2014 · OSTI ID:1089074

Joslyn, Cliff A.; Cowley, Wendy E.; Hogan, Emilie A.; +1 more

In-Memory Graph Databases for Web-Scale Data

Journal Article · Sun Mar 01 00:00:00 EST 2015 · Computer, 48(3):24-35 · OSTI ID:1089074

Castellana, Vito G.; Morari, Alessandro; Weaver, Jesse R.; +4 more

A Magnetoencephalographic/Encephalographic (MEG/EEG) Brain-Computer Interface Driver for Interactive iOS Mobile Videogame Applications Utilizing the Hadoop Ecosystem, MongoDB, and Cassandra NoSQL Databases

Journal Article · Fri Sep 28 00:00:00 EDT 2018 · Diseases · OSTI ID:1089074

McClay, Wilbert

Title: Massive Scale Cyber Traffic Analysis: A Driver for Graph Database Research

Citation Formats

Similar Records

Related Subjects