Data Warehouse for Event Streams Violating Rules

Open access


In this presentation, we discuss how a data warehouse can support situational awareness and data forensic needs for investigation of event streams violating rules. The data warehouse for event streams can contain summary tables showing rule violation on different aggregation level. We will introduce the classification of rules and the concept of a general aggregation graph for defining various classes of rules violation and their relationships. The data warehouse system containing various rule violation aggregations will allow the data forensics experts to have the ability to “drill-down” into event data across different data warehouse dimensions. The event stream real-time processing and other software modules can also use the summarizations to discover if current events bursts satisfy rules by comparing them with historic event bursts.

[1] Michael T. Goodrich, Mikhail J. Atallah and Roberto Tamassia, Indexing Information for Data Forensics, Lecture Notes in Computer Science, 2005, Volume 3531/2005, 206-221.

[2] Federico Maggi, Stefano Zanero, Vincenzo Iozzo, “Seeing the invisible: forensic uses of anomaly detection and machine learning” ACM SIGOPS Operating Systems Review, Volume 42 Issue 3, April 2008, 51-58.

[3] Hal Berghel “Hiding data, forensics, and anti-forensics”, Communications of the ACM CACM, Volume 50 Issue 4, April 2007, 15 - 20.

[4] Sushil Jajodia, Peng Liu, Vipin Swarup, Cliff Wang, 2009, Cyber Situational Awareness: Issues and Research, Springer Publishing Company, 2009.

[5] Ferragut, E.M.; Darmon, D.M.; Shue, C.A.; Kelley, S., Automatic construction of anomaly detectors from graphical models”, IEEE Symposium on Computational Intelligence in Cyber Security (CICS), 2011 IEEE Symposium on

[6] Sung-Bae Cho, “Incorporating soft computing techniques into a probabilistic intrusion detection system” IEEE Transactions on Systems, Man, and Cybernetics, May 2002, vol. 32 , issue: 2, pp: 154 - 160.

[7] Denning, Dorothy, "An Intrusion Detection Model," Proceedings of the Seventh IEEE Symposium on Security and Privacy, May 1986, pages 119-131.

[8] Teng, Henry S., Chen, Kaihu, and Lu, Stephen C-Y, "Adaptive Real-time Anomaly Detection Using Inductively Generated Sequential Patterns," 1990 IEEE Symposium on Security and Privacy

[9] Jones, Anita K., and Sielken, Robert S., "Computer System Intrusion Detection: A Survey," Technical Report, Department of Computer Science, University of Virginia, Charlottesville, VA, 1999

[10] Czejdo. B, Taylor M. and Putonti C.,(2000); “Summary Tables in Data Warehouses”. Proceedings of ADVIS’2000.

[11] Gupta A., Harinarayan V., and Quass D. (1995); "Aggregate-Query Processing in Data Warehousing Environments", Proceedings of the VLDB.

[12] Bischoff J. and Alexander T. (1997); Data Warehouse: Practical Advice from theExperts. New Jersey: Prentice-Hall, Inc.

[13] Widom J. (1995); “Research problems in data warehousing", Proceedings of the 4thInt. Conf. CIKM.

[14] Bogdan Denny Czejdo, Erik M. Ferragut, John Goodall and Jason Laska “Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse”, accepted for publication in International Journal of Communications,Network and System Sciences, (IJCNS)

Foundations of Computing and Decision Sciences

The Journal of Poznan University of Technology

Journal Information

CiteScore 2017: 0.82

SCImago Journal Rank (SJR) 2017: 0.212
Source Normalized Impact per Paper (SNIP) 2017: 0.523


All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 44 44 17
PDF Downloads 9 9 3