Jiawei Han,Yixin Chen,Guozhu Dong,Jian Pei,Benjamin W. Wah,Jianyong Wang,Y. Dora Cai

DOI: https://doi.org/10.1007/s10619-005-3296-1

IF: 0.974

2005-01-01

Distributed and Parallel Databases

Abstract:Real-time surveillance systems, telecommunication systems, and other dynamic environments often generate tremendous (potentially infinite) volume of stream data: the volume is too huge to be scanned multiple times. Much of such data resides at rather low level of abstraction, whereas most analysts are interested in relatively high-level dynamic changes (such as trends and outliers). To discover such high-level characteristics, one may need to perform on-line multi-level, multi-dimensional analytical processing of stream data. In this paper, we propose an architecture, called stream_cube, to facilitate on-line, multi-dimensional, multi-level analysis of stream data. For fast online multi-dimensional analysis of stream data, three important techniques are proposed for efficient and effective computation of stream cubes. First, a tilted time frame model is proposed as a multi-resolution model to register time-related data: the more recent data are registered at finer resolution, whereas the more distant data are registered at coarser resolution. This design reduces the overall storage of time-related data and adapts nicely to the data analysis tasks commonly encountered in practice. Second, instead of materializing cuboids at all levels, we propose to maintain a small number of critical layers. Flexible analysis can be efficiently performed based on the concept of observation layer and minimal interesting layer . Third, an efficient stream data cubing algorithm is developed which computes only the layers (cuboids) along a popular path and leaves the other cuboids for query-driven, on-line computation. Based on this design methodology, stream data cube can be constructed and maintained incrementally with a reasonable amount of memory, computation cost, and query response time. This is verified by our substantial performance study.

Yixin Chen,Guozhu Dong,Jiawei Han,Jian Pei,Benjamin W Wah,Jianyong Wang

2002-01-01

Abstract:Real-time surveillance systems and other dynamic environments often generate tremendous (potentially infinite) volume of stream data: the volume is too huge to be scanned multiple times. However, much of such data resides at rather low level of abstraction, whereas most analysts are interested in dynamic changes (such as trends and outliers) at relatively high levels of abstraction. To discover such high level characteristics, one may need to perform on-line multi-level analysis of stream data, similar to OLAP (on-line analytical processing) of relational or data warehouse data. With limited storage space and the demand for fast response, is it realistic to promote on-line, multi-dimensional analysis and mining of stream data to alert people about dramatic changes of situations at multiple-levels of abstraction? In this paper, we present an architecture, called stream cube, which, based on our analysis, is feasible for successful online, multi-dimensional, multi-level analysis of stream data. By successful, we mean that the system will provide analytical power and flexibility, derive timely and quality responses, and consume limited memory space and other resources. The general design of the stream cube architecture is described as follows. First, a tilt time frame model is taken as the default model for time dimension. Such a model reduces the amount of data to be retained in memory or stored on disks but still achieves flexibility and analysis power. Second, a small number of critical layers are maintained for flexible analysis. Consider that the stream data resides at the primitive layer. It is desirable to identify two critical higher layers in applications: the …

Haishuai Wang,Peng Zhang,Ling Chen,Chengqi Zhang

DOI: https://doi.org/10.1007/978-3-319-19548-3_27

2015-01-01

Abstract:In this paper, we present our recent progress of designing a real-time system, SocialAnalysis, to discover and summarize emergent social events from social media data streams. In social networks era, people always frequently post messages or comments about their activities and opinions. Hence, there exist temporal correlations between the physical world and virtual social networks, which can help us to monitor and track social events, detecting and positioning anomalous events before their outbreakings, so as to provide early warning.The key technologies in the system include: (1) Data denoising methods based on multi-features, which screens out the query-related event data from massive background data. (2) Abnormal events detection methods based on statistical learning, which can detect anomalies by analyzing and mining a series of observations and statistics on the time axis. (3) Geographical position recognition, which is used to recognize regions where abnormal events may happen.

Liang Gan,Runheng Li,Yan Jia,Xin Jin

DOI: https://doi.org/10.1109/CCIE.2010.94

2010-01-01

Abstract:Using data cube to analysis historical fact data online more faster than Ad-Hoc queries, but it need very large external storage. In DSMS(Data Stream Management System), due to capacity of memory is much smaller than disk, we meet even more problem in analyzing stream data by in-memory StreamCube. So, we compress StreamCube to gain more information about stream data in certain storage. We implement two compressed structures of StreamCube, StreamDwarf and StreamQCTree, base on state-of-the-art compressed data cube, Dwarf and QCtree. For example, we make a query cost model of StreamQCTree, and get that if we choose the proper cells to materialized, queries using a partial materialized cube costs a little more than the case of a fully materialized cube, the query response time is still kept close to StreamQCTree. Experiments show that compressed StreamCube performs well in tradeoff between storage space and queries response time. © 2010 IEEE.

Jin Canghong,Liu Zemin,Wu Minghui,Ying Jing

DOI: https://doi.org/10.3969/j.issn.1000-0801.2014.09.009

2014-01-01

Abstract:Stream data has been one of the most significant data format recently. OLAM（online analytical mining） operation could provide multi-level data views for analysts. However, OLAM operations depend on data aggregation, which is in conflict with the continuous incensement and dynamic nature of stream data. Thus, partial materialized view from stream data directly by typical OLAP approaches cannot be created and all data cells for the limitation of storage cannot be saved. In order to solve the above problems, an advanced sketch based OLAM framework named sketch cube to analyze stream data was proposed. Sketch cube maps a set of attributes to a unique number and stores it in sub-linear data structure, and then builds an inverted index by tiled time window. The precondition of using sketch cube by theoretical analysis was given and the storage efficiency and query performance on mass mobile data corpus was evaluated, which supports requirements of real-time analysis.

Li Dong,Xue Yibo

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.12.093

2008-01-01

Abstract:Network applications such as network behaviour and traffic analysis,etc.,have raised higher demands for handling the network stream along with the deepened research and application in information security fields.Stream analysis was re-characterized in terms of data stream management system,and the Data Stream Management System for Information Security(IS-DSMS) which could fit the gigabyte network was designed and implemented.The technologies of sample,synopsis and sliding windows were adopted to optimize five common aggregated queries in the system.The test experiments have proved that it has practical performance in gigabyte network condition and can be used as the real-time engine to query and make statistic of the network data flow.Meanwhile,it may provide a high and effective support to network invasion and network monitoring.

Yan Jia

2011-01-01

Abstract:Network security situation awareness is a new trend of network security monitoring technology.The awareness of the situation is very important to network security.Based on the existing research about data cube,we propose a network security situation awareness model to describe and abstract the multi-dimensional analysis structure related to the network security situation awareness.We can analyze the network security situation from the aspect of the network security events' statistical characteristics based on this model and give an instance of the model based on frequency,trend and entropy characteristics.Then we improve the efficiency of the method by studying the correlation of the cells among the neighboring levels in the data cube on the basis of keeping the accuracy of the results.We also prove that we only need to get the lowest level cube's characteristics from the raw data,and get the higher level cube's characteristics by an indirect way.Building the practical applications and extensive experiments based on the real network security dataset demonstrates the effectiveness of the proposed model and methods.

Yixin Chen,Guozhu Dong,Jiawei Han,Benjamin W. Wah,Jianyong Wang

DOI: https://doi.org/10.1016/B978-155860869-6/50036-6

2002-01-01

Abstract:Real-time production systems and other dynamic environments often generate tremendous (potentially infinite) amount of stream data; the volume of data is too huge to be stored on disks or scanned multiple times. Can we perform on-line, multi-dimensional analysis and data mining of such data to alert people about dramatic changes of situations and to initiate timely, high-quality responses? This is a challenging task. In this paper, we investigate methods for on-line, multi-dimensional regression analysis of time-series stream data, with the following contributions: (1) our analysis shows that only a small number of compressed regression measures instead of the complete stream of data need to be registered for multi-dimensional linear regression analysis, (2) to facilitate on-line stream data analysis, a partially materialized data cube model, with regression as measure, and a tilt time frame as its time dimension, is proposed to minimize the amount of data to be retained in memory or stored on disks, and (3) an exception-guided drilling approach is developed for on-line, multi-dimensional exception-based regression analysis. Based on this design, algorithms are proposed for efficient analysis of time-series data streams. Our performance study compares the proposed algorithms and identifies the most memory- and time- efficient one for multi-dimensional stream data analysis.

秦元坤,彭乐,薛一波

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.13.020

2008-01-01

Abstract:Many of the current information security applications are typical data-flow applications,which require high performance of data flow queries.On data flow management systems in the field of information security is researched,a statistical analysis method is provided which is efficient and flexible for data flow queries and are very important for improving the efficiency of these application sys-tems.The design and implementation of Tsinghua stream system is described,which could perform real time queries and analysis on high speed network data flow,and provide strong supports to a variety of applications.Furthermore,in particular,this system optimizes the five common aggregating queries,which meets the requirements of applications in Gigabit network.

沈建宇,李建华,张月国

DOI: https://doi.org/10.3969/j.issn.1009-8054.2010.02.041

2010-01-01

Abstract:Complex and various network attacks have occurred frequently, thus the people begin to realize the importance of real-time supervision on the network security. The event-stream technology is applied to process the security events, and the framework model of security supervision system is designed. This system has the function of immediately collecting and parsing alert events from different network security devices when some attacks occur suddenly, meanwhile, in this model system, the EQL interface language-based rule engine is used to manage the event-stream, this could effectively support the real-time query and analysis on large-scale network events.

Aiping Li,Jiajia Miao,Yan Jia

DOI: https://doi.org/10.1007/978-3-642-10240-0_6

2009-01-01

Abstract:Computer networks have become ubiquitous and integral part of the nation's critical infrastructure. How to grasp the real-time overall situation of the network security is very noteworthy to study. An increasing number of network security systems have been deployed in the backbone and the gateways of enterprises, including various Nett low systems, IDS, VDS, VS and firewalls. These products make great contributions in enhancing the network security. However, current network security systems are independent and autonomous. Consequently, such solutions cannot figure out an overview of the network security situation. In another perspective, building a new global monitoring system will suffer from redundant construction and longer deploying time. We propose a novel and high assurance solution called GS-TMS which reuses the log data generated by the existing systems. Based on the data stream and data integration technologies, GS-TMS provides a desirable capability in quickly building a large-scale distributed network monitoring system. Furthermore, GS-TMS has additional notable advantages over current monitoring systems in scalability and flexibility.

Yumin Zhou,Peng Wang,Wei Wang

DOI: https://doi.org/10.1109/CSCloud/EdgeCom.2018.00016

2018-01-01

Abstract:With the advent of Cloud Era, real-time streaming data processing applications are used more and more widely. As a concrete example, real-time queries on a large number of sensors are highly demanding and needs to be carefully designed. Sensor monitoring analysts are inexperienced on coding techniques in spite of the rapid development of real-time processing platforms and communities. What's more, the state-of-the-art systems lacks support for multi-query processing and sharing of the original data and results with prior information of the queries. To tackle the challenges, we endeavor to design a light-weight but effective scheme to support multiple queries running on a large number of sensors. We focus on aggregations on sliding windows due to its practical importance, and hence design a query language, SAQL, for the professional analysts to construct their own streaming computational logic. We also propose the whole system, SAQS, which can interpret SAQL into stream processing programs and support the efficient execution of multiple queries in a distributed real-time environment. SAQS can detect the data sharing at different granularity and uses a greedy partition algorithm to balance the load among worker nodes. Our extensive experimental evaluations establish the convenience and efficiency of SAQS.

Chun CHEN

2017-01-01

Abstract:According to its timeliness,big data processing systems can be categorized into two groups,namely batching big data processing and streaming big data processing.Both systems mentioned above are unable to meet the real-time requirement for censoring and query analysis tasks.To this end,the “stream cube” real-time data analysis technology and platform were presented,which can perform timely query with low lag.Currently,this technology has been applied to many fields,including financial risk management,anti-fraud as well as web bots defense,and offers promising prospects for further applications.

Aiping Li,Qingmin Yang,Liang Gan

2009-01-01

Journal of Computer Research and Development

Abstract:A Dwarf-based framework for multi-dimensional data stream cube,StreamDwarf,is proposed to answer the online OLAP query fast and accurately.The cut-out strategy based on GRAIN of a sub-Dwarf decreases the size and corresponding maintenance cost of Dwarf obviously such that StreamDwarf can adapt to real application easily.Experimental results show that StreamDwarf performs well in sparse datasets when data skew(Zipf factor)is relatively large,which is just the characteristic of most real data.

YUAN Zhengwu,CHENG Yuxiang,LIANG Junjun,LI Lin

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.17.038

2011-01-01

Abstract:Stream cube is stored by H-tree and uses H-cubing to compute each cuboid.However,as it is expensive to construct data cube in OLAP,efficient data structure,query method and validated algorithms are urgently needed.Examining stream cube,as H-tree layout is disorderly and H-cubing efficiency is limited,the performance is affected.ANH-tree(based on H-tree and improved by AVL-tree and Node-links)is proposed to index nodes of each layer of tree structure by binary tree, which facilitates the retrieval operation in the construction,and links a node to its descendant,which facilitates the direct search cuboid about an ad-hoc query.Relevant algorithms have been designed and implemented.As a proof,the performance study validates the ideas with respect to the factors such as time and memory space usage.

Li Zhao,Zhang Chuang,Xu Ke-fu

DOI: https://doi.org/10.1109/PCCC.2015.7410267

2015-01-01

Abstract:SpeedStream is a universal distributed platform that can handle with massive data flows with the features of low coupling, high availability, low latency and high scalability. Focusing on the core technologies of real-time stream computing platform in cloud environment, this paper conducts a series of researches and implementation of the system. First of all, aiming at the availability of real-time streaming computing platform, we design a high availability framework based on Zookeeper. It ensures fault detection and recovery of process level and node level timely by monitoring heartbreak of each modules and strategy of fault migration. Secondly, in order to increase the application types of the platform, by means of directed cycle detection and iteration protection, we design a real-time streaming computing model that based on directed graph with sources and sinks, which can not only satisfy the needs of common DAG computing services, but also support iteration computing services including directed cycle, bidirectional arcs and annular arcs. In addition, the platform can realize personalized task scheduling strategy for users by establishing task allocation matrix and optimize task allocation model. Finally, in order to solve the many-to-many dynamic load-balancing between tasks, we apply scheduler with status and distributed session table. It overcomes the difficulty of maintaining consistency of session without global session table. We also testified the convergence of this method. The experiment indicates that the throughput and data processing delay of SpeedStream are superior to other alternatives in dealing with the businesses of iteration applications, high traffic fluctuation applications, and high demand of load-balancing applications. This platform provides reliable, universal, and real-time solutions to process massive data flows, such as to process the real-time trading data in e-commerce, to analyze sensing flow in internet of things, and monitor traffics of the Internet.

Peng Gao,Xusheng Xiao,Ding Li,Zhichun Li,Kangkook Jee,Zhenyu Wu,Chung Hwan Kim,Sanjeev R. Kulkarni,Prateek Mittal

DOI: https://doi.org/10.48550/arxiv.1806.09339

2018-01-01

Abstract:Recently, advanced cyber attacks, which consist of a sequence of steps that involve many vulnerabilities and hosts, compromise the security of many well-protected businesses. This has led to the solutions that ubiquitously monitor system activities in each host (big data) as a series of events, and search for anomalies (abnormal behaviors) for triaging risky events. Since fighting against these attacks is a time-critical mission to prevent further damage, these solutions face challenges in incorporating expert knowledge to perform timely anomaly detection over the large-scale provenance data. To address these challenges, we propose a novel stream-based query system that takes as input, a real-time event feed aggregated from multiple hosts in an enterprise, and provides an anomaly query engine that queries the event feed to identify abnormal behaviors based on the specified anomalies. To facilitate the task of expressing anomalies based on expert knowledge, our system provides a domain-specific query language, SAQL, which allows analysts to express models for (1) rule-based anomalies, (2) time-series anomalies, (3) invariant-based anomalies, and (4) outlier-based anomalies. We deployed our system in NEC Labs America comprising 150 hosts and evaluated it using 1.1TB of real system monitoring data (containing 3.3 billion events). Our evaluations on a broad set of attack behaviors and micro-benchmarks show that our system has a low detection latency (<2s) and a high system throughput (110,000 events/s; supporting 4000 hosts), and is more efficient in memory utilization than the existing stream-based complex event processing systems.

Wei Feng,Chao Zhang,Wei Zhang,Jiawei Han,Jianyong Wang,Charu Aggarwal,Jianbin Huang

DOI: https://doi.org/10.1109/icde.2015.7113425

2015-01-01

Abstract:What is happening around the world? When and where? Mining the geo-tagged Twitter stream makes it possible to answer the above questions in real-time. Although a single tweet can be short and noisy, proper aggregations of tweets can provide meaningful results. In this paper, we focus on hierarchical spatio-temporal hashtag clustering techniques. Our system has the following features: (1) Exploring events (hashtag clusters) with different space granularity. Users can zoom in and out on maps to find out what is happening in a particular area. (2) Exploring events with different time granularity. Users can choose to see what is happening today or in the past week. (3) Efficient single-pass algorithm for event identification, which provides human-readable hashtag clusters. (4) Efficient event ranking which aims to find burst events and localized events given a particular region and time frame. To support aggregation with different space and time granularity, we propose a data structure called STREAMCUBE, which is an extension of the data cube structure from the database community with spatial and temporal hierarchy. To achieve high scalability, we propose a divide-and-conquer method to construct the STREAMCUBE. To support flexible event ranking with different weights, we proposed a top-k based index. Different efficient methods are used to speed up event similarity computations. Finally, we have conducted extensive experiments on a real twitter data. Experimental results show that our framework can provide meaningful results with high scalability.

Yingcai Wu,Zhutian Chen,Guodao Sun,Xiao Xie,Nan Cao,Shixia Liu,Weiwei Cui

DOI: https://doi.org/10.1109/tvcg.2017.2764459

IF: 5.2

2018-01-01

IEEE Transactions on Visualization and Computer Graphics

Abstract:Analyzing social streams is important for many applications, such as crisis management. However, the considerable diversity, increasing volume, and high dynamics of social streams of large events continue to be significant challenges that must be overcome to ensure effective exploration. We propose a novel framework by which to handle complex social streams on a budget PC. This framework features two components: 1) an online method to detect important time periods (i.e., subevents), and 2) a tailored GPU-assisted Self-Organizing Map (SOM) method, which clusters the tweets of subevents stably and efficiently. Based on the framework, we present StreamExplorer to facilitate the visual analysis, tracking, and comparison of a social stream at three levels. At a macroscopic level, StreamExplorer uses a new glyph-based timeline visualization, which presents a quick multi-faceted overview of the ebb and flow of a social stream. At a mesoscopic level, a map visualization is employed to visually summarize the social stream from either a topical or geographical aspect. At a microscopic level, users can employ interactive lenses to visually examine and explore the social stream from different perspectives. Two case studies and a task-based evaluation are used to demonstrate the effectiveness and usefulness of StreamExplorer.Analyzing social streams is important for many applications, such as crisis management. However, the considerable diversity, increasing volume, and high dynamics of social streams of large events continue to be significant challenges that must be overcome to ensure effective exploration. We propose a novel framework by which to handle complex social streams on a budget PC. This framework features two components: 1) an online method to detect important time periods (i.e., subevents), and 2) a tailored GPU-assisted Self-Organizing Map (SOM) method, which clusters the tweets of subevents stably and efficiently. Based on the framework, we present StreamExplorer to facilitate the visual analysis, tracking, and comparison of a social stream at three levels. At a macroscopic level, StreamExplorer uses a new glyph-based timeline visualization, which presents a quick multi-faceted overview of the ebb and flow of a social stream. At a mesoscopic level, a map visualization is employed to visually summarize the social stream from either a topical or geographical aspect. At a microscopic level, users can employ interactive lenses to visually examine and explore the social stream from different perspectives. Two case studies and a task-based evaluation are used to demonstrate the effectiveness and usefulness of StreamExplorer.

Time-Series Data Streams,Yixin Chen,Guozhu Dong,Jiawei Han,Benjamin W Wah,Jianyong Wang

2002-01-01

Abstract:Real-time production systems and other dynamic environments often generate tremendous (potentially infinite) amount of stream data; the volume of data is too huge to be stored on disks or scanned multiple times. Can we perform on-line, multi-dimensional analysis and data mining of such data to alert people about dramatic changes of situations and to initiate timely, high-quality responses? This is a challenging task.In this paper, we investigate methods for on-line, multi-dimensional regression analysis of time-series stream data, with the following con-tributions:(1) our analysis shows that only a Small number of compressed regression measures instead of the complete stream of data need to be registered for multi-dimensional lin-ear regression analysis,(2) to facilitate on-line stream data analysis, a partially materialized data cube model, with regression as measure, and a tilt time frame as its time dimension, is proposed to minimize the amount of data to be retained in memory or stored on disks, and (3) an exception-guided drilling approach is developed for on-line, multi-dimensional exceptionbased regression analysis. Based on this design, algorithms are proposed for efficient analysis of time-series data streams. Our performance study compares the proposed algorithms and identifies the most memory-and time-efficient