LISA '00 Proceedings of the 14th USENIX conference on System administration
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Preserving the Big Picture: Visual Network Traffic Analysis with TN
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
Network monitoring using traffic dispersion graphs (tdgs)
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
The Expressive Power of SPARQL
ISWC '08 Proceedings of the 7th International Conference on The Semantic Web
SS'08 Proceedings of the 17th conference on Security symposium
Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts
Proceedings of the 26th Annual Computer Security Applications Conference
BotGrep: finding P2P bots with structured graph analysis
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Graph cube: on warehousing and OLAP multidimensional networks
Proceedings of the 2011 ACM SIGMOD International Conference on Management of data
BotFinder: finding bots in network traffic without deep packet inspection
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Hi-index | 0.00 |
We consider cyber traffic analysis (TA) as a challenge problem for research in graph database systems. TA involves observing and analyzing connections between clients, servers, hosts, and actors within IP networks, over time, to detect suspicious patterns. Towards that end, NetFlow (or more generically, IPFLOW) data are available from routers and servers which summarize coherent groups of IP packets flowing through the network. The ability to cast IPFLOW data as a massive graph and query it interactively is potentially transformative for cybersecurity, but issues of scale and data complexity pose challenges for current technology. In this paper, we outline requirements and opportunities for graph-structured IPFLOW analytics based on our experience with real IPFLOW databases. We describe real use cases from the security domain, cast them as graph patterns, show how to express them in two graph-oriented query languages (SPARQL and Datalog), and use these examples to motivate a new class of "hybrid" graph-relational systems.