From: A flexible approach for cyber threat hunting based on kernel audit records
Platform | Size of log file (MB) | Original event number | Compressed event number | Size of graphDB (MB) | Compression ratio of size (%) | Compression ratio of event number (%) |
---|---|---|---|---|---|---|
Win_1 | 15,114 | 21,049,902 | 2,979,782 | 1798 | 11.90 | 13.66 |
Win_2 | 203,582 | 256,621,363 | 40,246,958 | 24,610 | 12.09 | 15.25 |
Linux_1 | 19,688 | 21,891,709 | 10,098,882 | 11,433 | 58.07 | 31.43 |
Linux_2 | 45,773 | 59,590,393 | 9,633,259 | 6435 | 14.06 | 15.09 |
BSD_1 | 11,451 | 12,904,605 | 5,421,830 | 2500 | 21.83 | 38.97 |
BSD_2 | 18,176 | 20,551,276 | 8,250,615 | 3799 | 20.90 | 37.40 |
BSD_3 | 6936 | 7,796,898 | 3,188,001 | 1477 | 21.29 | 37.80 |
Win_online_1day | – | 3,024,428 | 553,552 | 284 | – | 18.30 |
Linux_online_1day | – | 12,462,348 | 3,353,144 | 1332 | – | 26.91 |
Average | – | – | – | – | 22.88 | 26.09 |