Abstract:

In the applications of largescale network security monitoring,data stream of security events is analysised realtimely to acquire the characteristic of current security in the network and to assess dynamically the current security situation with Stream OLAP by building Stream Cube.Because of the limited memory capacity, Stream Cube only concerned about the current data within the time window,but expired data is stored approximately or simply discarded,so it do not support the query with time beyond the scope of current time window.We propose a realtime StreamCubebased multidimensional and multilevel analysis framework on security event stream, Hybrid StorageStreamCube,which is implemented by a twotier (memory and disk) storage model.On the basis of characteristics of data stream,we focus on the modeling,building,storing and querying of HSStreamCube within the twotier storage model.Efficient experiments verify the availability and efficiency of the system.   

Key words: stream cube；network security event；hybrid storage；OLAP