In this presentation, we discuss how a data warehouse can support situational awareness and data forensic needs for investigation of event streams violating rules. The data warehouse for event streams can contain summary tables showing rule violation on different aggregation level. We will introduce the classification of rules and the concept of a general aggregation graph for defining various classes of rules violation and their relationships. The data warehouse system containing various rule violation aggregations will allow the data forensics experts to have the ability to “drill-down” into event data across different data warehouse dimensions. The event stream real-time processing and other software modules can also use the summarizations to discover if current events bursts satisfy rules by comparing them with historic event bursts.
If the inline PDF is not rendering correctly, you can download the PDF file here.
 Michael T. Goodrich Mikhail J. Atallah and Roberto Tamassia Indexing Information for Data Forensics Lecture Notes in Computer Science 2005 Volume 3531/2005 206-221.
 Federico Maggi Stefano Zanero Vincenzo Iozzo “Seeing the invisible: forensic uses of anomaly detection and machine learning” ACM SIGOPS Operating Systems Review Volume 42 Issue 3 April 2008 51-58.
 Hal Berghel “Hiding data forensics and anti-forensics” Communications of the ACM CACM Volume 50 Issue 4 April 2007 15 - 20.
 Sushil Jajodia Peng Liu Vipin Swarup Cliff Wang 2009 Cyber Situational Awareness: Issues and Research Springer Publishing Company 2009.
 Ferragut E.M.; Darmon D.M.; Shue C.A.; Kelley S. Automatic construction of anomaly detectors from graphical models” IEEE Symposium on Computational Intelligence in Cyber Security (CICS) 2011 IEEE Symposium on
 Sung-Bae Cho “Incorporating soft computing techniques into a probabilistic intrusion detection system” IEEE Transactions on Systems Man and Cybernetics May 2002 vol. 32 issue: 2 pp: 154 - 160.
 Denning Dorothy "An Intrusion Detection Model" Proceedings of the Seventh IEEE Symposium on Security and Privacy May 1986 pages 119-131.
 Teng Henry S. Chen Kaihu and Lu Stephen C-Y "Adaptive Real-time Anomaly Detection Using Inductively Generated Sequential Patterns" 1990 IEEE Symposium on Security and Privacy
 Jones Anita K. and Sielken Robert S. "Computer System Intrusion Detection: A Survey" Technical Report Department of Computer Science University of Virginia Charlottesville VA 1999
 Czejdo. B Taylor M. and Putonti C.(2000); “Summary Tables in Data Warehouses”. Proceedings of ADVIS’2000.
 Gupta A. Harinarayan V. and Quass D. (1995); "Aggregate-Query Processing in Data Warehousing Environments" Proceedings of the VLDB.
 Bischoff J. and Alexander T. (1997); Data Warehouse: Practical Advice from theExperts. New Jersey: Prentice-Hall Inc.
 Widom J. (1995); “Research problems in data warehousing" Proceedings of the 4thInt. Conf. CIKM.
 Bogdan Denny Czejdo Erik M. Ferragut John Goodall and Jason Laska “Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse” accepted for publication in International Journal of CommunicationsNetwork and System Sciences (IJCNS)