Semantic Integration and Monitoring of File System Activity (Semantics 2019)

Semantics 2019 - Poster & Demo Session (14.08.2019)

Förderjahr 2017 / Science Call #1 / ProjektID: / Projekt: SEPSES

At the Semantics conference Poster & Demo Session in September in Karlsruhe, we will present our preliminary results on a semantic approach for monitoring file system activity. File access activity information is an important source for identifying unauthorized data transmissions. We tackle limitations of existing monitoring approaches in terms of semantic integration, contextualization, and cross-system interoperability. In particular, we defined a vocabulary for file activity logs and outline an architecture for log file collection, extraction, linking, and storage. We demonstrate the applicability of this approach by means of an application scenario. Finally, we show how analysts can inspect the life-cycle of files in a context-rich manner by means of SPARQL queries and a graph visualization of the results.

As an example, after collecting and integrating file events, a SPARQL query can be used to inspect the life-cycle of a specific file:

Query

The result is illustrated in the table below:

Log events

Finally, we can display the data in a graph representation:

Graph visualization

Andreas Ekelhart

Andreas is a researcher at University of Vienna and SBA Research. His main research interests include semantic applications and machine learning to strengthen cybersecurity.

Skills:

IT Security

Semantic applications

Programming

Simulation

Attacker modeling

Ontologies

Machine Learning

LLMs

Weitere Blogbeiträge

An ATT&CK-KG for Linking CybersecurityAttacks to Adversary Tactics and Techniques (ISWC P&D 2021)

The paper discusses an extension of our prior work namely Cybersecurity Knowledge Graph (CSKG) with adversary tactics and techniques, to support analysts in connecting log events to higher level attack steps. For this purpose, we developed a vocabula...

Virtual Knowledge Graphs for Federated Log Analysis (ARES Conference 2021)

The paper introduces a novel approach to dynamically construct virtual log knowledge graphs directly from heterogeneous raw log files across multiple hosts. It furthermore contextualizes the results with internal and external background knowledge to ...

The SLOGERT Framework for Automated Log Knowledge Graph Construction (ESWC 2021)

SLOGERT is an approach to (semi-)automatically transform raw log data, i.e., textual records of system events, into RDF graphs following a sequence of processes. SLOGERT supports automatic identification of rich RDF graph modelling patterns to repres...

Automated Knowledge Graph Construction From Raw Log Data

Logs are a crucial source of information to diagnose the health and status of systems, but their manual investigation typically does not scale well and often leads to a lack of awareness and incomplete transparency about issues. To tackle this challe...

Cross-Platform File System Activity Monitoring and Forensics – A Semantic Approach (IFIPSEC 2020)

In this paper, we introduce a semantic approach for file system activity monitoring and forensics. We proposed a vocabulary (depicted in Figure 1) for file access information and implement an architecture (shown in Figure 2) for log acquisition, log ...

Report from the Semantics 2019 Conference

Semantics 2019 Trip Report

The SEPSES knowledge graph: An integrated resource for cybersecurity (ISWC 2019)

Resource paper @ISWC

SEPSES Cybersecurity Knowledge Graph (CSKG)

Im Rahmen des SEPSES-Projekts haben wir einen Cybersecurity Knowledge Graph (CSKG) entwickelt, der Informationen zu identifizierten Software-Schwachstellen, konzeptuellen Entwicklungsfehlern und Angriffsmustern aus verschiedenen öffentlich zugänglich...

Finding Non-compliances with Declarative Process Constraints through Semantic Technologies (CAiSE’19 Forum)

Declarative Process Constraints through Semantic Technologies