{"id":"https://openalex.org/W3195643805","doi":"https://doi.org/10.1145/3465481.3465767","title":"Virtual Knowledge Graphs for Federated Log Analysis","display_name":"Virtual Knowledge Graphs for Federated Log Analysis","publication_year":2021,"publication_date":"2021-08-16","ids":{"openalex":"https://openalex.org/W3195643805","doi":"https://doi.org/10.1145/3465481.3465767","mag":"3195643805"},"language":"en","primary_location":{"id":"doi:10.1145/3465481.3465767","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3465481.3465767","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5014665205","display_name":"Kabul Kurniawan","orcid":"https://orcid.org/0000-0002-5353-7376"},"institutions":[{"id":"https://openalex.org/I102248843","display_name":"Vienna University of Economics and Business","ror":"https://ror.org/03yn8s215","country_code":"AT","type":"education","lineage":["https://openalex.org/I102248843"]}],"countries":["AT"],"is_corresponding":true,"raw_author_name":"Kabul Kurniawan","raw_affiliation_strings":["Vienna University of Economics and Business, Austria"],"affiliations":[{"raw_affiliation_string":"Vienna University of Economics and Business, Austria","institution_ids":["https://openalex.org/I102248843"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035676027","display_name":"Andreas Ekelhart","orcid":"https://orcid.org/0000-0003-3682-1364"},"institutions":[{"id":"https://openalex.org/I4210167190","display_name":"SBA Research","ror":"https://ror.org/05nny6x17","country_code":"AT","type":"facility","lineage":["https://openalex.org/I4210167190"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Andreas Ekelhart","raw_affiliation_strings":["Secure Business Austria, Austria"],"affiliations":[{"raw_affiliation_string":"Secure Business Austria, Austria","institution_ids":["https://openalex.org/I4210167190"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079760641","display_name":"Elmar Kiesling","orcid":"https://orcid.org/0000-0002-7856-2113"},"institutions":[{"id":"https://openalex.org/I102248843","display_name":"Vienna University of Economics and Business","ror":"https://ror.org/03yn8s215","country_code":"AT","type":"education","lineage":["https://openalex.org/I102248843"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Elmar Kiesling","raw_affiliation_strings":["Vienna University of Economics and Business, Austria"],"affiliations":[{"raw_affiliation_string":"Vienna University of Economics and Business, Austria","institution_ids":["https://openalex.org/I102248843"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101864493","display_name":"Dietmar Winkler","orcid":"https://orcid.org/0000-0002-4743-3124"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Dietmar Winkler","raw_affiliation_strings":["TU Vienna, Austria"],"affiliations":[{"raw_affiliation_string":"TU Vienna, Austria","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060519573","display_name":"Gerald Quirchmayr","orcid":"https://orcid.org/0000-0003-2998-742X"},"institutions":[{"id":"https://openalex.org/I129774422","display_name":"University of Vienna","ror":"https://ror.org/03prydq77","country_code":"AT","type":"education","lineage":["https://openalex.org/I129774422"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Gerald Quirchmayr","raw_affiliation_strings":["University of Vienna, Austria"],"affiliations":[{"raw_affiliation_string":"University of Vienna, Austria","institution_ids":["https://openalex.org/I129774422"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5043499130","display_name":"A Min Tjoa","orcid":"https://orcid.org/0000-0002-8295-9252"},"institutions":[{"id":"https://openalex.org/I145847075","display_name":"TU Wien","ror":"https://ror.org/04d836q62","country_code":"AT","type":"education","lineage":["https://openalex.org/I145847075"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"A Min Tjoa","raw_affiliation_strings":["Vienna University of Technology, Austria"],"affiliations":[{"raw_affiliation_string":"Vienna University of Technology, Austria","institution_ids":["https://openalex.org/I145847075"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5014665205"],"corresponding_institution_ids":["https://openalex.org/I102248843"],"apc_list":null,"apc_paid":null,"fwci":1.2729,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.81193388,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"11"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11719","display_name":"Data Quality and Management","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1803","display_name":"Management Science and Operations Research"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9948999881744385,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8473203182220459},{"id":"https://openalex.org/keywords/sparql","display_name":"SPARQL","score":0.6919736266136169},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.517331063747406},{"id":"https://openalex.org/keywords/graph-database","display_name":"Graph database","score":0.45448705554008484},{"id":"https://openalex.org/keywords/parsing","display_name":"Parsing","score":0.4356030225753784},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.4154960513114929},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.34741777181625366},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3382752239704132},{"id":"https://openalex.org/keywords/rdf","display_name":"RDF","score":0.26678258180618286},{"id":"https://openalex.org/keywords/semantic-web","display_name":"Semantic Web","score":0.16496720910072327},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.12346404790878296}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8473203182220459},{"id":"https://openalex.org/C41009113","wikidata":"https://www.wikidata.org/wiki/Q54871","display_name":"SPARQL","level":4,"score":0.6919736266136169},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.517331063747406},{"id":"https://openalex.org/C176225458","wikidata":"https://www.wikidata.org/wiki/Q595971","display_name":"Graph database","level":3,"score":0.45448705554008484},{"id":"https://openalex.org/C186644900","wikidata":"https://www.wikidata.org/wiki/Q194152","display_name":"Parsing","level":2,"score":0.4356030225753784},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.4154960513114929},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.34741777181625366},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3382752239704132},{"id":"https://openalex.org/C147497476","wikidata":"https://www.wikidata.org/wiki/Q54872","display_name":"RDF","level":3,"score":0.26678258180618286},{"id":"https://openalex.org/C2129575","wikidata":"https://www.wikidata.org/wiki/Q54837","display_name":"Semantic Web","level":2,"score":0.16496720910072327},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.12346404790878296}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3465481.3465767","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3465481.3465767","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},{"id":"pmh:oai:research.wu.ac.at:openaire_cris_publications/6b1e3087-c7f9-494d-abeb-7a2f36dd6e03","is_oa":false,"landing_page_url":"https://research.wu.ac.at/de/publications/6b1e3087-c7f9-494d-abeb-7a2f36dd6e03","pdf_url":null,"source":{"id":"https://openalex.org/S7407055123","display_name":"WU Research","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Kurniawan, K, Ekelhart, A, Kiesling, E, Quirchmayr, G & Tjoa, A M 2021, Virtual Knowledge Graphs for Federated Log Analysis. in ARES 2021 (ed.), ARES 21: Proceedings of the 16th International Conference on Availability, Reliability and Security. ACM Press, Wien, pp. 1 - 11. https://doi.org/10.1145/3465481.3465767","raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6299999952316284,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":19,"referenced_works":["https://openalex.org/W80431902","https://openalex.org/W597074816","https://openalex.org/W1536779234","https://openalex.org/W2013667086","https://openalex.org/W2027380800","https://openalex.org/W2028591582","https://openalex.org/W2036655376","https://openalex.org/W2079338079","https://openalex.org/W2366193076","https://openalex.org/W2396083518","https://openalex.org/W2507531563","https://openalex.org/W2624133163","https://openalex.org/W2838709227","https://openalex.org/W2889806200","https://openalex.org/W2896507448","https://openalex.org/W2945688618","https://openalex.org/W2980659949","https://openalex.org/W3005208638","https://openalex.org/W3102029110"],"related_works":["https://openalex.org/W2786642168","https://openalex.org/W2951852920","https://openalex.org/W4302024884","https://openalex.org/W2784308500","https://openalex.org/W4385958747","https://openalex.org/W4362598466","https://openalex.org/W3115442681","https://openalex.org/W2007838763","https://openalex.org/W2391000461","https://openalex.org/W2972311463"],"abstract_inverted_index":{"Security":[0],"professionals":[1],"rely":[2],"extensively":[3],"on":[4,43],"log":[5,23,30,49,63,82,93,106,122,143,150,172],"data":[6],"to":[7,102],"monitor":[8],"IT":[9],"infrastructures":[10],"and":[11,35,47,65,78,119,155,161,174,176,187],"investigate":[12],"potentially":[13],"malicious":[14],"activities.":[15],"Existing":[16],"systems":[17],"support":[18],"these":[19],"tasks":[20],"by":[21],"collecting":[22],"messages":[24,50],"in":[25,91,136,192],"a":[26,44,100,114,127,132,141],"database,":[27],"from":[28,147],"where":[29],"events":[31,64],"can":[32,74],"be":[33],"queried":[34],"correlated.":[36],"Such":[37],"centralized":[38],"approaches":[39],"are":[40],"typically":[41],"based":[42],"relational":[45],"model":[46],"store":[48],"as":[51],"plain":[52],"text,":[53],"which":[54],"offers":[55],"limited":[56],"flexibility":[57],"for":[58,131],"the":[59,66,157,167,183],"representation":[60,73],"of":[61,121],"heterogeneous":[62,92,148,171],"connections":[67],"between":[68,87],"them.":[69],"A":[70],"knowledge":[71,107,144],"graph":[72,80,145],"overcome":[75],"such":[76,105],"limitations":[77],"enable":[79],"pattern-based":[81],"analysis,":[83],"leveraging":[84],"semantic":[85],"relationships":[86],"objects":[88],"that":[89,129,180,182],"appear":[90],"streams.":[94],"In":[95],"this":[96],"paper,":[97],"we":[98,125],"present":[99],"method":[101,128],"dynamically":[103,139],"construct":[104],"graphs":[108],"at":[109],"query":[110,134],"time,":[111],"i.e.,":[112],"without":[113],"priori":[115],"parsing,":[116],"aggregation,":[117],"processing,":[118],"materialization":[120],"data.":[123],"Specifically,":[124],"propose":[126],"\u2013":[130,138],"given":[133],"formulated":[135],"SPARQL":[137],"constructs":[140],"virtual":[142],"directly":[146],"raw":[149],"files":[151],"across":[152,169],"multiple":[153,170],"hosts":[154],"contextualizes":[156],"result":[158],"with":[159],"internal":[160],"external":[162],"background":[163],"knowledge.":[164],"We":[165],"evaluate":[166],"approach":[168,184],"sources":[173],"machines":[175],"see":[177],"encouraging":[178],"results":[179],"indicate":[181],"is":[185],"viable":[186],"facilitates":[188],"ad-hoc":[189],"graph-analytic":[190],"queries":[191],"federated":[193],"settings.":[194]},"counts_by_year":[{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3}],"updated_date":"2026-03-15T09:29:46.208133","created_date":"2025-10-10T00:00:00"}