Designing NORIA: a Knowledge Graph-based Platform for Anomaly Detection and Incident Management in ICT Systems
Keywords: Knowledge Graph Construction, Incident Management, ICT systems, Extract Transform Load, RDF Stream Processor, Semantic Service Bus
TL;DR: Design details and feedback on a semantic data processing architecture for bringing NMSs and SIEMs to a next level of diagnosis and recommendation capabilities.
Abstract: To monitor complex systems, such as telecommunication and computer networks, interconnecting heterogeneous data with shared definitions is necessary for efficient interpretation of events and incidents. Semantic Web technologies are essential in this context, as they address the problems of data heterogeneity, knowledge sharing and logical/probabilistic reasoning. Well-established Network Monitoring Systems (NMSs) and Security Information and Event Management systems (SIEMs) do not explicitly use Semantic Web knowledge representation, however. To fill this gap, we propose an end-to-end data processing architecture that combines NMSs/SIEMs design patterns with Semantic Web tools. The platform features batch/stream processing, declarative data mapping with RML, data patching & reconciliation with SPARQL queries and SKOS, provenance auditability with centralized configuration and data management, and semantic data transfer with Kafka. The proposed architecture has been instantiated and tested in an industrial setting.
1 Reply
Loading