On-Demand View Materialization and Indexing for Network Forensic Analysis
نویسندگان
چکیده
Today, network intrusion detection systems (NIDSs) use custom solutions to log historical network flows and support forensic analysis by network administrators. These solutions are expensive, inefficient, and lack flexibility. In this paper, we investigate database support for interactive network forensic analysis. We show that an “out-of-the-box” relational database management system (RDBMS) can support moderate flow rates in a manner that ensures high query performance. To enable support for significantly higher data rates, we propose a technique based on on-demand view materialization and indexing. In our approach, when an event occurs, the system proactively extracts relevant historical data and indexes it in preparation for forensic queries over that data. We show that our approach significantly improves response times for a large class of queries, while maintaining high insert throughput.
منابع مشابه
Qualitative Risk Assessment of Gas Pipelines by Using of Indexing System Method in GIS environment
Nowadays the urbanization is developing rapidly, and it leads to growing demand for gas; which resulted in denser pipeline network, by the following increase in the pipeline network congestion, accidents will become inevitable. So Pipelines are a remarkable source of hazard for their adjacent society. Usually Indexing system method is used for pipe line risk assessment. This method assesses ri...
متن کاملM Aterialization Is a Vailable
The role of materialized views is becoming vital in today’s distributed Data warehouses. Materialization is where parts of the data cube are pre-computed. Some of the real time distributed architectures are maintaining materialization transparencies in the sense the users are not known with the materialization at a node. Usually what all followed by them is a cache maintenance mechanism where t...
متن کاملData Partitioning and Indexing for Network Forensic Analysis
Nowadays, both Internet service providers and enterprise network administrators need to record and analyze network traffic stream data for network management, diagnosis and security reasons. In their systems, data streams are usually collected continuously at a high rate. Hence, the ability to query promptly on the historical data is highly desirable for the decision making process. A network i...
متن کاملA Solution to View Management to Build a Data Warehouse
Several techniques exist to select and materialize a proper set of data in a suitable structure that manage the queries submitted to the online analytical processing systems. These techniques are called view management techniques, which consist of three research areas: 1) view selection to materialize, 2) query processing and rewriting using the materialized views, and 3) maintaining materializ...
متن کاملFunction Materialization in Object Bases: Design, Realization, and Evaluation
View materialization is a well-known optimization technique of relational database systems. In this work we present a similar, yet more powerful optimization concept for object-oriented data models: function materialization. Exploiting the object-oriented paradigm|namely classi cation, object identity , and encapsulation|facilitates a rather easy incorporation of function materialization into (...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007