High-throughput Ingest of Provenance Records into Accumulo
This addresses the problem of managing provenance metadata for detecting data integrity attacks in distributed systems, representing an incremental improvement in storage efficiency.
The paper tackles the challenge of storing and querying large volumes of whole-system data provenance generated across networks by using D4M and Accumulo for high-throughput ingest, achieving a rate of 3,970 graph components per second.
Whole-system data provenance provides deep insight into the processing of data on a system, including detecting data integrity attacks. The downside to systems that collect whole-system data provenance is the sheer volume of data that is generated under many heavy workloads. In order to make provenance metadata useful, it must be stored somewhere where it can be queried. This problem becomes even more challenging when considering a network of provenance-aware machines all collecting this metadata. In this paper, we investigate the use of D4M and Accumulo to support high-throughput data ingest of whole-system provenance data. We find that we are able to ingest 3,970 graph components per second. Centrally storing the provenance metadata allows us to build systems that can detect and respond to data integrity attacks that are captured by the provenance system.