• Title/Summary/Keyword: log analysis system

Search Result 561, Processing Time 0.028 seconds

Web Log Analysis System Using SAS/AF

  • Koh, Bong-Sung;Lee, Gu-Eun
    • Journal of the Korean Data and Information Science Society
    • /
    • v.15 no.2
    • /
    • pp.317-329
    • /
    • 2004
  • The Web log has caught much attraction for tracing of customer activity. So many researches have been carried on it. As a result, Web log analysis solutions has been developed and launched lately. It has been in the spotlight to the website administrators and people in practical marketing business. In this paper, we made an analysis on the various behavior patterns of customers in cooperation with SAS/AF and SCL modules, based on development of GUI from SAS package for disposal of statistical data.

  • PDF

ILVA: Integrated audit-log analysis tool and its application. (시스템 보안 강화를 위한 로그 분석 도구 ILVA와 실제 적용 사례)

  • 차성덕
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.9 no.3
    • /
    • pp.13-26
    • /
    • 1999
  • Widespread use of Internet despite numerous positive aspects resulted in increased number of system intrusions and the need for enhanced security mechanisms is urgent. Systematic collection and analysis of log data are essential in intrusion investigation. Unfortunately existing logs are stored in diverse and incompatible format thus making an automated intrusion investigation practically impossible. We examined the types of log data essential in intrusion investigation and implemented a tool to enable systematic collection and efficient analysis of voluminous log data. Our tool based on RBDMS and SQL provides graphical and user-friendly interface. We describe our experience of using the tool in actual intrusion investigation and explain how our tool can be further enhanced.

Design and Verification of the Integrated Log Analysis System for Enterprise Information Security (기업정보 유출 방지를 위한 통합 로그분석 시스템 설계 및 검증)

  • Lee, Jae-Yong;Kang, Soo-Yong
    • Journal of Digital Contents Society
    • /
    • v.9 no.3
    • /
    • pp.491-498
    • /
    • 2008
  • The leakage of sensitive information by an insider within the organization becomes a serious threat nowadays. Sometimes, these insider threats are more harmful to an organization than external attack. Companies cannot afford to continue ignoring the potential of insider attacks. The purpose of this study is to design an integrated log analysis system that can detect various types of information leakages. The system uses threat rules generated through risk analysis, and monitors every aspect of the online activities of authorized insider. Not only should system have the ability to identify abnormal behavior, they should also be able to predict and even help to prevent potential risk. The system is composed of three modules, which are log collector, log analyzer and report generator.

  • PDF

Service Status Analysis About the Spatial Information Open Platform based on the Analysis of Web Server Log and System Log (웹 및 시스템 로그 분석 기반 공간정보 오픈플랫폼 서비스 사용 현황 분석)

  • Jang, Han Sol;Hong, Seong Hun;Kim, Min Soo;Jang, In Sung
    • Spatial Information Research
    • /
    • v.23 no.3
    • /
    • pp.45-54
    • /
    • 2015
  • Since the V-World, the Spatial Information Open Platform service, has started in 2012, a lot of people have increased explosively every year with their interest. It is necessary to know the specific service status in order to serve as indicators of the improvement of user's environment and the service to be added in the future based on the user's increasing need. However, there is difficulty to figure out more specific service status, such as the usage of hardware resources for 2D / 3D / Portal services and the actual user usage patterns, because the current system does not have the real-time monitoring system. Therefore, in this paper, through the analysis of the usage of system resources for 2D / 3D / Portal services based on web server log and the usage of hardware resources such as CPU, Memory based on system log, we analyze the usage of service in 2015 and compare with the results of the 2014, to present problems of the current system and the solutions about the problems.

Anomalous Pattern Analysis of Large-Scale Logs with Spark Cluster Environment

  • Sion Min;Youyang Kim;Byungchul Tak
    • Journal of the Korea Society of Computer and Information
    • /
    • v.29 no.3
    • /
    • pp.127-136
    • /
    • 2024
  • This study explores the correlation between system anomalies and large-scale logs within the Spark cluster environment. While research on anomaly detection using logs is growing, there remains a limitation in adequately leveraging logs from various components of the cluster and considering the relationship between anomalies and the system. Therefore, this paper analyzes the distribution of normal and abnormal logs and explores the potential for anomaly detection based on the occurrence of log templates. By employing Hadoop and Spark, normal and abnormal log data are generated, and through t-SNE and K-means clustering, templates of abnormal logs in anomalous situations are identified to comprehend anomalies. Ultimately, unique log templates occurring only during abnormal situations are identified, thereby presenting the potential for anomaly detection.

A Framework for Web Log Analysis Using Process Mining Techniques (프로세스 마이닝을 이용한 웹 로그 분석 프레임워크)

  • Ahn, Yunha;Oh, Kyuhyup;Kim, Sang-Kuk;Jung, Jae-Yoon
    • Journal of Information Technology and Architecture
    • /
    • v.11 no.1
    • /
    • pp.25-32
    • /
    • 2014
  • Web mining techniques are often used to discover useful patterns from data log generated by Web servers for the purpose of web usage analysis. Yet traditional Web mining techniques do not reflect sufficiently sequential properties of Web log data. To address such weakness, we introduce a framework for analyzing Web access log data by using process mining techniques. To illustrate the proposed framework, we show the analysis of Web access log in a campus information system based on the framework and discuss the implication of the analysis result.

Comparative Analysis of Security Schemes for Log System Providing Forward Security (전방 안전성이 보장되는 로그 시스템 보안기법 비교분석)

  • Kang, Seok-Gyu;Park, Chang-Seop
    • Convergence Security Journal
    • /
    • v.15 no.7
    • /
    • pp.85-96
    • /
    • 2015
  • In IT system, logs are an indicator of the previous key events. Therefore, when a security problem occurs in the system, logs are used to find evidence and solution to the problem. So, it is important to ensure the integrity of the stored logs. Existing schemes have been proposed to detect tampering of the stored logs after the key has been exp osed. Existing schemes are designed separately in terms of log transmission and storage. We propose a new log sys tem for integrating log transmission with storage. In addition, we prove the security requirements of the proposed sc heme and computational efficiency with existing schemes.

The Difference Analyses between Users' Actual Usage and Perceived Preference: The Case of ERP Functions on Legacy Systems (사용자의 실제 이용과 인지된 선호도 차이 분석: 레거시 시스템의 ERP 기능을 중심으로)

  • Cho, Yong-Tak;Kim, Injai
    • The Journal of Information Systems
    • /
    • v.23 no.1
    • /
    • pp.185-202
    • /
    • 2014
  • ERP, a typical enterprise application, helps companies to increase their productivity and to support their decision makings. ERP is composed of diverse functions that are optimized under PC environment, whereas the ERP applications on a mobile platform have many constraints such as a small screen, limited resolution, and computing power. Because all the functions of a ERP legacy system are not required for ERP on a mobile device, the core functions of the ERP system should be selected to increase system efficiency. In this study, two main methods were used; interviews and log analyses. The end users using a ERP system were interviewed for their perceptions, and log data analyses were made for the hitting number of specific ERP functions. The differences between the actual usage based on log data and users' cognitive preferences about ERP functions were analysed. Finally, the functional differences between users' perception and actual usage were suggested for some practical implications.

Design and Implementation of Web Attack Detection System Based on Integrated Web Audit Data (통합 이벤트 로그 기반 웹 공격 탐지 시스템 설계 및 구현)

  • Lee, Hyung-Woo
    • Journal of Internet Computing and Services
    • /
    • v.11 no.6
    • /
    • pp.73-86
    • /
    • 2010
  • In proportion to the rapid increase in the number of Web users, web attack techniques are also getting more sophisticated. Therefore, we need not only to detect Web attack based on the log analysis but also to extract web attack events from audit information such as Web firewall, Web IDS and system logs for detecting abnormal Web behaviors. In this paper, web attack detection system was designed and implemented based on integrated web audit data for detecting diverse web attack by generating integrated log information generated from W3C form of IIS log and web firewall/IDS log. The proposed system analyzes multiple web sessions and determines its correlation between the sessions and web attack efficiently. Therefore, proposed system has advantages on extracting the latest web attack events efficiently by designing and implementing the multiple web session and log correlation analysis actively.

Capacity Analysis of Internet Servers Based on Log-Data Analysis (로그자료 분석을 통한 인터넷 서버의 용량 분석)

  • 김수진;윤복식;이용주;강금석
    • Korean Management Science Review
    • /
    • v.19 no.1
    • /
    • pp.29-38
    • /
    • 2002
  • Due to the rapid increase In the Internet traffic volume, ISPs are faced with the definite need of the expansion of server capacity. In order to Provide prompt services for customers and still prevent excessive facility cost, it is critical to determine the optimum level of internet server capacity. The purpose of this Paper is to provide a simple but effective strategy on the expansion of servers capacity according to the increase in internet traffic. We model an internet server as an M/G/m/m queueing system and derive an efficient method to compute the loss probability which, In turn, Is used as a basis to determine proper server capacity. The Process of estimating the traffic parameter values at each server based on log data analysis is also given. All the procedures are numerically demonstrated through the process of analyzing actual log data collected from a game company.