**5. Theoretical application of the Sesat framework in a cyber network: a use case scenario**

Spatiotemporal outlier detection is a technique noted in [19] that can be utilized for identifying abnormality in data, within a cyber-network, we theorize how the proposed Sesat framework can be utilized in real-time spatiotemporal outlier detection in a use case scenario detailed next.

A fictitious organization named "XYZ" is located in North America and has branches and workers scattered all over the seven continents. It is the early days of the pandemic, workers in many countries are still commuting to work while others work remotely. There are meetings held regularly virtually among different groups within the company stemming from different time zones, some of those meetings could include potential or existing clients during product launches, webinars, or conferences. The organization has several high-performance computing architectures that service all the network activities and log all the network flow between all devices communicating in its network.

The time is 12:00 PM Eastern Standard Time (EST) and a webinar is scheduled for all employees to attend as a new product is about to be launched. As usual, all are logged in to listen to the product team who have diligently been working on the new product and have been preparing for weeks to present in the webinar. Thirty

minutes into the webinar, all is going well, then suddenly, all are logged out of the webinar, no emails are going through, the network monitoring team are diligently plowing through the millions of log files generated over the last few hours and more data stored in databases. After 4 hours, the network is back but the webinar has to be rescheduled for another day and product launch has to be delayed as feedback from internal employees is vital for ensuring critical aspects of the products can go-ahead for the public deployment.

How can XYZ utilize the Sesat framework to derive, manage, and share real-time knowledge about the network and effectively mitigate such long network failures?

A simulation of Sesat in XYZ is adopted with a pictorial representation in **Figure 2**. The spatial-temporal knowledge derived from vast network logs acquired from multiple devices in the company's network and processed within the seven layers of the Sesat framework is detailed next.

a.Data acquisition layer: This layer contains agents that continuously gather network logs from the multiple devices logged in the company XYZ network.

This data is queued within the messaging queues for ingestion from the data ingestion agents win the DPL.


There are many advantages for a company like XYZ to utilize the Sesat framework that includes; the ability for real-time data ingestion and processing, spatialtemporal data formulation and knowledge creation, preservation of privacy, on-time management, sharing of key facts about the network, and on-time application of

*A Spatial-Temporal Knowledge Management Framework DOI: http://dx.doi.org/10.5772/intechopen.101797*

### **Figure 2.**

*Adopting Sesat framework for processing spatial-temporal knowledge from network logs data streams.*

spatiotemporal knowledge strategically. Within XYZ, this process would allow targeting network mitigation instead of shutting down the entire company network given that the right spatial-temporal knowledge would be created, managed, shared, and effectively applied on time to the right parties internally and externally.

We argue that Sesat can be applied to multiple other domains where on-time spatial-temporal knowledge needs to be created, managed, and shared efficiently and effectively.

### **6. Conclusion**

As large volumes of data are been generated every second from social media, cyber networks, healthcare, banking, etc., there is a heightening need for any organization, community, or country to have a good understanding of any knowledge that may exist in data specifically within aspects of time and space.

Although there are many frameworks designed to harness space and time data as noted in Section 3, most of the existing works are geared toward historical or static datasets. While the use of static data in existing frameworks provides important information of what has happened in the past, it is crucial that on-time knowledge is also created, processed, and shared for it to have a clear impact in any business domain. This is particularly critical in cyber networks, critical infrastructure, energy, banking, transportation, and healthcare.

The ability to extract interesting and useful patterns from spatiotemporal datasets is noted in [19] as more difficult than extracting corresponding patterns from traditional numeric and categorical data due to the complexity of spatiotemporal data types and relationships.

In recognition of the need for real-time processing of data streams, big data frameworks have been introduced in domains, such as healthcare [34]. Though the researcher's methods are demonstrated as effective at processing high-frequency data streams from bedside monitors and sensors, they have yet to be integrated with spatial information that would enhance any resulting knowledge. This is especially critical for many high-frequency data domains where exponential data streams from multiple devices and sensors capture the world phenomena within seconds. There is a need to develop frameworks that can effectively derive knowledge from such high-frequency spatial-temporal data streams and efficiently share those for application in critical domains, such as cyber networks in real time.

This chapter has provided a highlight of methods in the literature that describes spatial-temporal knowledge creation, representation, processing, sharing, and application. Additionally, a high-level overview of current spatial-temporal knowledge frameworks is presented highlighting current shortcomings. To address some of these challenges, an overarching spatial-temporal knowledge processing framework named Sesat is introduced. Sesat framework contains a generalized design applicable to multiple data domains and a theoretical illustration is described using a cyber-network use case scenario thereby demonstrating the potential for such a framework to be applicable in multiple data domains.
