A Visualization Method Based on Graph Database in Security Logs Analysis
Download as PDF
DOI: 10.23977/icamcs.2017.1012
Author(s)
Tang Xinyu, Ma Chunguang, Yu Min, Liu Chao
Corresponding Author
Ma Chunguang
ABSTRACT
Network security logs can provide evidence for forensic investigators. However, the network logs are facing the problems of high repetition rate, high false alarm rate, uniform format and so on, which make it difficult for forensic researchers to find useful information. In this paper, the association rules mining algorithm is used to analyze the network security logs, so as to eliminate the redundant data and to find the implied association between the logs data. Then the graph database is used to visualize the log information. Forensic analysts can obtain effective evidence by observing the graph database, which can improve the efficiency of the forensic analysts to discover the sensitive event information.
KEYWORDS
Network Forensics, Log Analysis, Association rule mining, Graph Database