• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.249-252
• /
• 2008

환자 이력, 구매자 이력, 웹 로그 이력 데이터에 대한 시간 데이터 마이닝에 대한 연구에서 시간 간격 관계 규칙을 찾아내는 것은 가변적인 시간 간격의 데이터를 하나의 이벤트로 요약하는 것은 합리적이지 못하다. 이는 그 이벤트가 가변적인 시간 간격 내에서 서로 독립적인 이벤트일 수 있기 때문이다. 그러므로 이벤트들의 시퀀스를 독립적인 서브 시퀀스로 나누어 각 서브 시퀀스별로 시간 간격을 갖는 인터벌 이벤트로 요약하는 것이 합리적이다. 본 논문은 이벤트 시퀀스를 시간 간격을 갖는 인터벌 이벤트로 요약하고 요약된 인터벌 이벤트들로부터 인터벌 관계 규칙을 찾아내는 새로운 시간 데이터 마이닝 기법을 제안하고 있다. 이 기법은 인터벌 관계들 사이의 규칙을 찾아줌으로서 기존의 데이터 마이닝 기법과 비교하여 질적으로 우수한 지식을 제공한다.

• Journal of Internet Computing and Services
• /
• v.20 no.1
• /
• pp.87-96
• /
• 2019

In this paper, we propose a MapReduce-supported clustering technique for collecting and classifying distributed workflow enactment event logs as a preprocessing tool. Especially, we would call the distributed workflow enactment event logs as Workflow BIG-Logs, because they are satisfied with as well as well-fitted to the 5V properties of BIG-Data like Volume, Velocity, Variety, Veracity and Value. The clustering technique we develop in this paper is intentionally devised for the preprocessing phase of a specific workflow process mining and analysis algorithm based upon the workflow BIG-Logs. In other words, It uses the Map-Reduce framework as a Workflow BIG-Logs processing platform, it supports the IEEE XES standard data format, and it is eventually dedicated for the preprocessing phase of the ${\rho}$-Algorithm that is a typical workflow process mining algorithm based on the structured information control nets. More precisely, The Workflow BIG-Logs can be classified into two types: of activity-based clustering patterns and performer-based clustering patterns, and we try to implement an activity-based clustering pattern algorithm based upon the Map-Reduce framework. Finally, we try to verify the proposed clustering technique by carrying out an experimental study on the workflow enactment event log dataset released by the BPI Challenges.

• The KIPS Transactions:PartD
• /
• v.13D no.2 s.105
• /
• pp.147-156
• /
• 2006

Event logging plays increasingly an important role in system and network management, and syslog is a de-facto standard for logging system events. However, due to the semi-structured features of Common Log Format data most studies on log analysis focus on the frequent patterns. The extensible Markup Language can provide a nice representation scheme for structure and search of formatted data found in syslog messages. However, previous XML-formatted schemes and applications for system logging are not suitable for semantic approach such as ranking based search or similarity measurement for log data. In this paper, based on ranked keyword search techniques over XML document, we propose an XML tree structure through a new data modeling approach for syslog data. Finally, we show suitability of proposed structure for semantic retrieval.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.638-639
• /
• 2013

Anymon Plus(ver 3.0)은 통합 로그 분석 시스템으로 대용량 로그 및 빅데이터의 실시간 수집 저장 분석할 수 있는 제품(초당 40,000 이벤트 처리)으로서, 방화벽 로그 분석을 통한 비정상 네트워크 행위 탐지, 웹 로그 분석을 통한 사용 패턴 분석, 인터넷 쇼핑몰 사기 주문 분석 및 탐지, 내부 정부 유출 분석 및 탐지 등과 같은 다양한 분야로 응용이 확대되고 있다. 본 논문에서는 보안관련 인프라 로그를 분석하고 예측하여 예상 보안사고 시기에 집중적 경계를 통한 선제적 대응을 모색하기 위해 통계적 이론에 기반한 통합 로그 분석 시스템을 개발하기 위해, 회귀분석 및 시계열 분석이 가능한 예측 엔진 시스템을 설계하고 구현한다.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.13-23
• /
• 2021

The attacker's techniques and tools are becoming intelligent and sophisticated. Existing Anti-Virus cannot prevent security accident. So the security threats on the endpoint should also be considered. Recently, EDR security solutions to protect endpoints have emerged, but they focus on visibility. There is still a lack of detection and responsiveness. In this paper, we use real-world EDR event logs to aggregate knowledge-based MITRE ATT&CK and autoencoder-based anomaly detection techniques to detect anomalies in order to screen effective analysis and analysis targets from a security manager perspective. After that, detected anomaly attack signs show the security manager an alarm along with log information and can be connected to legacy systems. The experiment detected EDR event logs for 5 days, and verified them with hybrid analysis search. Therefore, it is expected to produce results on when, which IPs and processes is suspected based on the EDR event log and create a secure endpoint environment through measures on the suspicious IP/Process.

• The Journal of Society for e-Business Studies
• /
• v.12 no.2
• /
• pp.219-231
• /
• 2007

Based on a complex event processing technique, an event analysis method for Business Activity Monitoring(BAM) is developed to provide an early warning for on-going events so that process managers effectively detect and monitor potential risks prior to the completion of the events. In this study, process-based event monitoring procedures to extract events with significant risks are presented; Complex event patterns are defined from historical event log data and risks of events are evaluated based on the patterns. A process-based event monitoring architecture for BAM is also presented. The proposed method has been applied to a service process of a home shopping company.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.04a
• /
• pp.680-681
• /
• 2012

Anti-DDoS 시스템은 분산 공격에 따라 발생하는 대량의 보안 이벤트 로그를 효과적으로 처리하여야 한다. 본 연구는 Anti-DDoS시스템에서 로그 기록에 간여 하는 모듈 간 인터페이스의 연결 및 속도 등을 분석하고 간략한 모델로 표현하였다. 이러한 모델을 기반으로 그 성능을 분석하고 시뮬레이션을 구현하였다. 구현된 시뮬레이션을 이용해 부하량 변화에 따른 로그 기록 상태를 측정하여 현재의 로그 기록 시스템의 성능을 분석하였으며, 보다 효율적인 로그 기록 시스템을 구성하기 위한 대안을 제시하고자 한다.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.2
• /
• pp.221-227
• /
• 2021

In this paper, we tried to explore factors influencing the diffusion of online events through SNS by analyzing the online footprint of consumers. To this end, log data of online events conducted by "C" beer brands were collected and analyzed. The analysis unit of log data was set for each one hour, and the analyzing method used descriptive and regression analysis. Results are as follows. First, factors influencing the diffusion of the view of SNS-based online events were like, friend used coupon, and friend size. In particular, the size of friends had the greatest impact on the diffusion, which again suggests the importance of social hubs in online events. Second, factors influencing the diffusion of the number of inflows were also like, friend used coupon, and size of friends. Third, it was found that the number of reply did not affect the diffusion of views and inflows. This study is meaningful that it suggested an alternative plan to increase the effect of online events by using real data.

• Convergence Security Journal
• /
• v.15 no.5
• /
• pp.37-45
• /
• 2015

In IT system, logs are an indicator of the previous key events. Therefore, when a security problem occurs in the system, logs are used to find evidence and solution to the problem. So, it is important to ensure the integrity of the stored logs. Existing schemes have been proposed to detect tampering of the stored logs after the key has been exp osed. Existing schemes are designed separately in terms of log transmission and storage. We propose a new log sys tem for integrating log transmission with storage. In addition, we prove the security requirements of the proposed sc heme and computational efficiency with existing schemes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.1009-1017
• /
• 2022

Log data has been used as a basis in understanding and deciding the main functions and state of information systems. It has also been used as an important input for the various applications in cybersecurity. It is an essential part to get necessary information from log data, to make a decision with the information, and to take a suitable countermeasure according to the information for protecting and operating systems in stability and reliability, but due to the explosive increase of various types and amounts of log, it is quite challenging to effectively and efficiently deal with the problem using existing tools. Therefore, this study has suggested a multiclass classification of the security severity level of multi-source event log using machine learning based on natural language processing. The experimental results with the training and test samples of 472,972 show that our approach has archived the accuracy of 99.59%.