KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Log Analysis Method of Separate Security Solution using Single Data Leakage Scenario

단일 정보유출 시나리오를 이용한 개별 보안솔루션 로그 분석 방법

  • 박장수 (순천향대학교 컴퓨터학과) ;
  • 이임영 (순천향대학교 컴퓨터소프트웨어공학과)
  • Received : 2014.11.18
  • Accepted : 2014.12.30
  • Published : 2015.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

According to recent statistics published by the National Industrial Security Center, former and current employees are responsible for 80.4% of companies' technology leakages, and employees of cooperative firms are responsible for another 9.6%. This means that 90% of technology leakages are intentionally or mistakenly caused by insiders. In a recent incident, a credit card company leaked private information, and the person responsible was an employee of a cooperative firm. These types of incidents have an adverse effect not only on a company's assets but also on its reputation. Therefore, most institutions implement various security solutions to prevent information from being leaked. However, security solutions are difficult to analyze and distinguish from one another because their logs are independently operated and managed. A large number of logs are created from various security solutions. This thesis investigates how to prevent internal data leakage by setting up individual scenarios for each security solution, analyzing each scenario's logs, and applying a monitoring system to each scenario.

최근 산업기밀보호센터의 기밀 유출 통계에 따르면 기술유출 주체는 전 현직원이 80.4%이고, 협력업체 직원에 의한 유출은 9.6%로 내부자에의한 고의 또는 실수로 발생하는 경우가 90%이다. 최근 발생한 카드사 개인정보유출 또한 내부시스템 컨설팅 프로젝트에 참여한 협력업체 직원이 정보유출을 감행한 것으로 밝혀져 사회적으로 큰 충격을 주었다. 이러한 내부정보유출 사고는 기관 및 기업의 이미지 손실뿐만 아니라 금전적인 손실을 발생시킬 수 있어, 다양한 보안솔루션을 도입하여 운영하고 있다. 하지만 보안솔루션들이 독립적으로 운영 및 관리되고, 보안솔루션에서 발생되는 대용량 로그와 다양한 형식의 이벤트를 보안 담당자가 식별하고 판단하기에는 어려움이 있다. 따라서 본 논문에서는 내부정보유출 방지를 위한 모니터링을 하기 위해 보안솔루션별로 정보유출 단일 시나리오를 도출하고, 솔루션별로 발생하는 로그 분석에 따라 이를 적용하기 위한 방안을 연구하고자 한다.

Keywords

References

  1. National Industrial Security Center, http://service12.nis.go.kr
  2. Privacy Information Protection Portal, http://www.privacy.go.kr
  3. Jung-Ho Eom, Seon-Ho Park, and Tai M. Chung, "An Architecture of Access Control Model for Preventing Illegal Information Leakage by Insider," Journal of The Korea Institute of Information Security and Cryptology, Vol.20, No.1, pp.59-67, 2010.
  4. Dae-Sung Lee, Jason Kim, and Kui-Nam Kim, "Research and Technology Trends for Prevention of Data Leakage," Review of The Korea Institute of Information Security and Cryptology, Vol.20, No.1, pp.56-65, 2010.
  5. Hang-Bae Chang, "The Design of Information Security Management System for SMEs Industry Technique Leakage Prevention," Journal of Korea Multimedia Society, Vol.13, No.1, pp.111-121, 2010.
  6. Ji-Hoon Song, Si-Jin Lee, "A Study of Information Security Measures Requirements Analysis Considering Insider Threats," Proceedings of the conference on Korean Society for Internet Information, pp.399-404, 2010.
  7. Song-Young Kim, Joseph Kim, Jong-In Lim, and Kyung-Ho Lee, "A study on the security policy improvement using the big data," Journal of The Korea Institute of Information Security and Cryptology, Vol.23, No.5, pp.969-976, 2013. https://doi.org/10.13089/JKIISC.2013.23.5.969
  8. Jang-Su Park, Jung-Hyun Park, Yong-Suk Kang, and Im-Yeong Lee, "A study on Scenario Design Methodology for Prevention of Information Leak by Using Modeling of User Behavior," Proceedings of the conference on Korea Information Processing Society, Vol.20, No.1, 2013.
  9. Jang-Su Park, Yong-Suk Kang, and Im-Yeong Lee, "A Study on The Management Plan for Prevention of Information Leak by Using Call-out," Proceedings of the conference on Korea Information Processing Society, Vol.21, No.1, 2014.
  10. Jang-Su Park, Im-Yeong Lee, "A Study on Log Analysis Plan for Prevention of Information Leak Security Solution - focusing at a Single Scenario for Information Leak," Proceedings of the Korea Institute of Information Security and Cryptology Chungnam Conference, 2014.