A Visualization Method Based on Graph Database in Security Logs Analysis
Network security logs can provide evidence for forensic investigators.However,the network logs are facing the problems of high repetition rate,high false alarm rate,uniform format and so on,which make it difficult for forensic researchers to find useful information.In this paper,the association rules mining algorithm is used to analyze the network security logs,so as to eliminate the redundant data and to find the implied association between the logs data.Then the graph database is used to visualize the log information.Forensic analysts can obtain effective evidence by observing the graph database,which can improve the efficiency of the forensic analysts to discover the sensitive event information.
Network Forensics Log Analysis Association rule mining Graph Database
Xinyu Tang Chunguang Ma Min Yu Chao Liu
College of Computer Science and Technology,Harbin Engineering University,Harbin,China;Institution of College of Computer Science and Technology,Harbin Engineering University,Harbin,China Institution of Information Engineering,Chinese Academy of Sciences,Beijing,China;School of Cyber Sec Institution of Information Engineering,Chinese Academy of Sciences,Beijing,China
国际会议
郑州
英文
1-8
2017-04-29(万方平台首次上网日期,不代表论文的发表时间)