• Title/Summary/Keyword: Event Windows

Search Result 66, Processing Time 0.019 seconds

XML-based Windows Event Log Forensic tool design and implementation (XML기반 Windows Event Log Forensic 도구 설계 및 구현)

  • Kim, Jongmin;Lee, DongHwi
    • Convergence Security Journal
    • /
    • v.20 no.5
    • /
    • pp.27-32
    • /
    • 2020
  • The Windows Event Log is a Log that defines the overall behavior of the system, and these files contain data that can detect various user behaviors and signs of anomalies. However, since the Event Log is generated for each action, it takes a considerable amount of time to analyze the log. Therefore, in this study, we designed and implemented an XML-based Event Log analysis tool based on the main Event Log list of "Spotting the Adversary with Windows Event Log Monitoring" presented at the NSA.

Windows 7 Operating System Event based Visual Incident Analysis System (윈도우즈 7 운영체제 이벤트에 대한 시각적 침해사고 분석 시스템)

  • Lee, Hyung-Woo
    • Journal of Digital Convergence
    • /
    • v.10 no.5
    • /
    • pp.223-232
    • /
    • 2012
  • Recently, the leakage of personal information and privacy piracy increase. The victimized case of the malicious object rapidlies increase. Most of users use the windows operating system. Recently, the Windows 7 operating system was announced. Therefore, we need to study for the intrusion response technique at the next generation operate system circumstances. The accident response technique developed till now was mostly implemented around the Windows XP or the Windows Vista. However, a new vulnerability problem will be happen in the breach process of reaction as the Windows 7 operating system is announced. In the windows operating system, the system incident event needs to be efficiently analyzed. For this, the event information generated in a system needs to be visually analyzed around the time information or the security threat weight information. Therefore, in this research, we analyzed visually about the system event information generated in the Windows 7 operating system. And the system analyzing the system incident through the visual event information analysis process was designed and implemented. In case of using the system developed in this study the more efficient accident analysis is expected to be possible.

COVID-19 Pandemic and the Reaction of Asian Stock Markets: Empirical Evidence from Saudi Arabia

  • SHAIK, Abdul Rahman
    • The Journal of Asian Finance, Economics and Business
    • /
    • v.8 no.12
    • /
    • pp.1-7
    • /
    • 2021
  • The study examines the influence of COVID-19 on the stock market returns of Saudi Arabia. The data was analyzed through event study methodology using daily price data of Tadawul All Share Index (TASI). The study examines the behavior pattern of the Saudi Arabian stock market in different phases during the event period by selecting six-event windows with a range of 10 days. The results report a negative Abnormal Return (AR) of -0.003 on the event date, while the abnormal returns reversed the next day to 0.005 positively. The result of Cumulative Abnormal Return (CAR) is negative and significant at the 1 percent level in all the six-event windows starting from the event date to day 59 after the event for the TASI index. Even though the influence of the COVID-19 pandemic decreased after 30 days of the event date, it increased during the last ten days of the event window. The stock market volatility of Saudi Arabia increased during the post-event period compared to the pre-event period with a negative mean return of -0.326 and a greater standard deviation. In a conclusion, the study found a significant influence of the COVID-19 pandemic on the stock market returns of TASI.

Study on Windows Event Log-Based Corporate Security Audit and Malware Detection (윈도우 이벤트 로그 기반 기업 보안 감사 및 악성코드 행위 탐지 연구)

  • Kang, Serim;Kim, Soram;Park, Myungseo;Kim, Jongsung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.3
    • /
    • pp.591-603
    • /
    • 2018
  • Windows Event Log is a format that records system log in Windows operating system and methodically manages information about system operation. An event can be caused by system itself or by user's specific actions, and some event logs can be used for corporate security audits, malware detection and so on. In this paper, we choose actions related to corporate security audit and malware detection (External storage connection, Application install, Shared folder usage, Printer usage, Remote connection/disconnection, File/Registry manipulation, Process creation, DNS query, Windows service, PC startup/shutdown, Log on/off, Power saving mode, Network connection/disconnection, Event log deletion and System time change), which can be detected through event log analysis and classify event IDs that occur in each situation. Also, the existing event log tools only include functions related to the EVTX file parse and it is difficult to track user's behavior when used in a forensic investigation. So we implemented new analysis tool in this study which parses EVTX files and user behaviors.

A Model for Illegal File Access Tracking Using Windows Logs and Elastic Stack

  • Kim, Jisun;Jo, Eulhan;Lee, Sungwon;Cho, Taenam
    • Journal of Information Processing Systems
    • /
    • v.17 no.4
    • /
    • pp.772-786
    • /
    • 2021
  • The process of tracking suspicious behavior manually on a system and gathering evidence are labor-intensive, variable, and experience-dependent. The system logs are the most important sources for evidences in this process. However, in the Microsoft Windows operating system, the action events are irregular and the log structure is difficult to audit. In this paper, we propose a model that overcomes these problems and efficiently analyzes Microsoft Windows logs. The proposed model extracts lists of both common and key events from the Microsoft Windows logs to determine detailed actions. In addition, we show an approach based on the proposed model applied to track illegal file access. The proposed approach employs three-step tracking templates using Elastic Stack as well as key-event, common-event lists and identify event lists, which enables visualization of the data for analysis. Using the three-step model, analysts can adjust the depth of their analysis.

Implementation and performance evaluationof the XTP(xpress transport protocol) for multicasting in high-speed netorks (고속망에서의 멀티캐스트를 위한 고속 수송 프로토콜(XTP)의 구현 및 성능 평가)

  • 이경호;이완직;이선우;김철우;김정삼;장성식;한기준
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.21 no.9
    • /
    • pp.2415-2421
    • /
    • 1996
  • This paper describes implementation and performance evaluation of XTP(Xpress Transport Protocol) onthe Windows NT for multicasting in high-speed communication networks. We designed the protocol byan event-driven method and implemented it in form of network driver in a kernel for performace enhancement. Various applications program are used for its functional test and comparison with the TCP protocol.

  • PDF

A Study on the Analysis of Validity and Importance of Event Log for the Detection of Insider Threats to Control System (제어시스템의 내부자 위협 탐지를 위한 Event Log 타당성 및 중요도 분석에 관한 연구)

  • Kim, Jongmin;Kim, DongMin;Lee, DongHwi
    • Convergence Security Journal
    • /
    • v.18 no.3
    • /
    • pp.77-85
    • /
    • 2018
  • With the convergence of communications network between control system and public network, such threats like information leakage/falsification could be fully shown in control system through diverse routes. Due to the recent diversification of security issues and violation cases of new attack techniques, the security system based on the information database that simply blocks and identifies, is not good enough to cope with the new types of threat. The current control system operates its security system focusing on the outside threats to the inside, and it is insufficient to detect the security threats by insiders with the authority of security access. Thus, this study conducted the importance analysis based on the main event log list of "Spotting the Adversary with Windows Event Log Monitoring" announced by NSA. In the results, the matter of importance of event log for the detection of insider threats to control system was understood, and the results of this study could be contributing to researches in this area.

  • PDF

A Empirical Analysis on the Effect of Seasoned Equity Offering on the Stock's Price (SEO공시 전후의 주가변화에 대한 실증분석)

  • Shin, Yeon-Soo
    • Journal of Industrial Convergence
    • /
    • v.1 no.1
    • /
    • pp.127-142
    • /
    • 2003
  • This Study examines the implications for event studies using the daily stock data. The output present the event study results. The event period is defined from 30 days before through 30 days after the event date, and is broken into four "windows" for abnormal return cumulation: the pre-event period, days -30 through -2; dajys -1 and 0, a period commonly investigated for the immediate impact of the event; and the post-event period, days +1 through +30. It shows how firm's information offerings affect the price process and consequent issues. The Patell Z test is an examples of a standardized abnormal return approach, which estimate a separate standard error for each security-event and assumes cross-sectional independence. The generalized sign test adjusts for the fraction of positive abnormal returns in the estimation period instead of assuming 0.5.

  • PDF

Enhancement of Clock Advancement in Parallel Logic Simulation (병렬처리 논리 시뮬레이션에서 클럭 진행의 개선)

  • 정연모
    • Journal of the Korea Society for Simulation
    • /
    • v.3 no.2
    • /
    • pp.15-25
    • /
    • 1994
  • Efficient event evaluation and propagation techniques are proposed to enhance the advancement of simulation clocks of conservative and optimistic logic simulation protocols on parallel processing environments. The first idea of the techniques proposed in this paper is to allow more than one event evaluation per simulation cycle and to pack more than one propagation event in a single message. The second idea is to use advancement windows resulted in good performance in parallelism and execution times.

  • PDF

Event Log Validity Analysis for Detecting Threats by Insiders in Control System

  • Kim, Jongmin;Kang, Jiwon;Lee, DongHwi
    • Journal of information and communication convergence engineering
    • /
    • v.18 no.1
    • /
    • pp.16-21
    • /
    • 2020
  • Owing to the convergence of the communication network with the control system and public network, security threats, such as information leakage and falsification, have become possible through various routes. If we examine closely at the security type of the current control system, the operation of the security system focuses on the threats made from outside to inside, so the study on the detection system of the security threats conducted by insiders is inadequate. Thus, this study, based on "Spotting the Adversary with Windows Event Log Monitoring," published by the National Security Agency, found that event logs can be utilized for the detection and maneuver of threats conducted by insiders, by analyzing the validity of detecting insider threats to the control system with the list of important event logs.