• Title/Summary/Keyword: network log analysis

Search Result 132, Processing Time 0.025 seconds

Spark-based Network Log Analysis Aystem for Detecting Network Attack Pattern Using Snort (Snort를 이용한 비정형 네트워크 공격패턴 탐지를 수행하는 Spark 기반 네트워크 로그 분석 시스템)

  • Baek, Na-Eun;Shin, Jae-Hwan;Chang, Jin-Su;Chang, Jae-Woo
    • The Journal of the Korea Contents Association
    • /
    • v.18 no.4
    • /
    • pp.48-59
    • /
    • 2018
  • Recently, network technology has been used in various fields due to development of network technology. However, there has been an increase in the number of attacks targeting public institutions and companies by exploiting the evolving network technology. Meanwhile, the existing network intrusion detection system takes much time to process logs as the amount of network log increases. Therefore, in this paper, we propose a Spark-based network log analysis system that detects unstructured network attack pattern. by using Snort. The proposed system extracts and analyzes the elements required for network attack pattern detection from large amount of network log data. For the analysis, we propose a rule to detect network attack patterns for Port Scanning, Host Scanning, DDoS, and worm activity, and can detect real attack pattern well by applying it to real log data. Finally, we show from our performance evaluation that the proposed Spark-based log analysis system is more than two times better on log data processing performance than the Hadoop-based system.

A Study on the Search Behavior of Digital Library Users: Focus on the Network Analysis of Search Log Data (디지털 도서관 이용자의 검색행태 연구 - 검색 로그 데이터의 네트워크 분석을 중심으로 -)

  • Lee, Soo-Sang;Wei, Cheng-Guang
    • Journal of Korean Library and Information Science Society
    • /
    • v.40 no.4
    • /
    • pp.139-158
    • /
    • 2009
  • This paper used the network analysis method to analyse a variety of attributes of searcher's search behaviors which was appeared on search access log data. The results of this research are as follows. First, the structure of network represented depending on the similarity of the query that user had inputed. Second, we can find out the particular searchers who occupied in the central position in the network. Third, it showed that some query were shared with ego-searcher and alter searchers. Fourth, the total number of searchers can be divided into some sub-groups through the clustering analysis. The study reveals a new recommendation algorithm of associated searchers and search query through the social network analysis, and it will be capable of utilization.

  • PDF

Development of the SysLog-based Integrated Log Management system for Firewalls in Distributed Network Environments (분산 환경에서 SysLog기반의 방화벽 통합로그관리시스템 개발)

  • Lee, Dong Young;Seo, Hee Suk;Lee, Eul Suk
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.7 no.4
    • /
    • pp.39-45
    • /
    • 2011
  • Application log files contain error messages; operational data and usage information that can help manage applications and servers. Log analysis system is software that read and parse log files, extract and aggregate information in order to generate reports on the application. In currently, the importance of log files of firewalls is growing bigger and bigger for the forensics of cyber crimes and the establishment of security policy. In this paper, we designed and implemented the SILAS(SysLog-based Integrated Log mAanagement System) in distribute network environments. It help to generate reports on the the log fires of firewalls - IP and users, and statistics of application usage.

A Study on the Analysis of Validity and Importance of Event Log for the Detection of Insider Threats to Control System (제어시스템의 내부자 위협 탐지를 위한 Event Log 타당성 및 중요도 분석에 관한 연구)

  • Kim, Jongmin;Kim, DongMin;Lee, DongHwi
    • Convergence Security Journal
    • /
    • v.18 no.3
    • /
    • pp.77-85
    • /
    • 2018
  • With the convergence of communications network between control system and public network, such threats like information leakage/falsification could be fully shown in control system through diverse routes. Due to the recent diversification of security issues and violation cases of new attack techniques, the security system based on the information database that simply blocks and identifies, is not good enough to cope with the new types of threat. The current control system operates its security system focusing on the outside threats to the inside, and it is insufficient to detect the security threats by insiders with the authority of security access. Thus, this study conducted the importance analysis based on the main event log list of "Spotting the Adversary with Windows Event Log Monitoring" announced by NSA. In the results, the matter of importance of event log for the detection of insider threats to control system was understood, and the results of this study could be contributing to researches in this area.

  • PDF

A Study on Event Log Correlation Analysis for Control System Threat Analysis (제어시스템 위협분석을 위한 Event Log 상관분석에 관한 연구)

  • Kim, Jongmin;Kim, Minsu;Lee, DongHwi
    • Convergence Security Journal
    • /
    • v.17 no.5
    • /
    • pp.35-40
    • /
    • 2017
  • The control system can have such threats as information leakage and falsification through various routes due to communications network fusion with public network. As the issues about security and the infringe cases by new attack methods are diversified recently, with the security system that makes information data database by simply blocking and checking it is difficult to cope with new types of threats. It is also difficult to respond security threats by insiders who have security access authority with the existing security equipment. To respond the threats by insiders, it is necessary to collect and analyze Event Log occurring in the internal system realtime. Therefore, this study could find out whether there is correlation of the elements among Event Logs through correlation analysis based on Event Logs that occur real time in the control system, and based on the analysis result, the study is expected to contribute to studies in this field.

A Recovery Technique Using Client-based Logging in Client/Server Environment

  • Park, Yong-Mun;Lee, Chan-Seob;Kim, Dong-Hyuk;Park, Eui-In
    • Proceedings of the IEEK Conference
    • /
    • 2002.07a
    • /
    • pp.429-432
    • /
    • 2002
  • The existing recovery technique using the logging technique in the client/sewer database system only administers the log as a whole in a server. This contains the logging record transmission cost on the transaction that is executed in each client potentially and increases network traffic. In this paper, the logging technique for redo-only log is suggested, which removes the redundant before-image and supports the client-based logging to eliminate the transmission cost of the logging record. Also, in case of a client crash, redo recovery through a backward client analysis log is performed in a self-recovering way. In case of a server crash, the after-image of the pages which needs recovery through simultaneous backward analysis log is only transmitted and redo recovery is done through the received after-image and backward analysis log. Also, we select the comparing model to estimate the performance about the proposed recovery technique. And we analyzed the redo and recovery time about the change of the number of client and the rate of updating operation.

  • PDF

Server Management Prediction System based on Network Log and SNMP (네트워크 로그 및 SNMP 기반 네트워크 서버 관리 예측 시스템)

  • Moon, Sung-Joo
    • Journal of Digital Contents Society
    • /
    • v.18 no.4
    • /
    • pp.747-751
    • /
    • 2017
  • The log has variable informations that are important and necessary to manage a network when accessed to network servers. These informations are used to reduce a cost and efficient manage a network through the meaningful prediction information extraction from the amount of user access. And, the network manager can instantly monitor the status of CPU, memory, disk usage ratio on network using the SNMP. In this paper, firstly, we have accumulated and analysed the 6 network logs and extracted the informations that used to predict the amount of user access. And then, we experimented the prediction simulation with the time series analysis such as moving average method and exponential smoothing. Secondly, we have simulated the usage ration of CPU, memory, and disk using Xian SNMP simulator and extracted the OID for the time series prediction of CPU, memory, and disk usage ration. And then, we presented the visual result of the variable experiments through the Excel and R programming language.

Intrusion Detection on IoT Services using Event Network Correlation (이벤트 네트워크 상관분석을 이용한 IoT 서비스에서의 침입탐지)

  • Park, Boseok;Kim, Sangwook
    • Journal of Korea Multimedia Society
    • /
    • v.23 no.1
    • /
    • pp.24-30
    • /
    • 2020
  • As the number of internet-connected appliances and the variety of IoT services are rapidly increasing, it is hard to protect IT assets with traditional network security techniques. Most traditional network log analysis systems use rule based mechanisms to reduce the raw logs. But using predefined rules can't detect new attack patterns. So, there is a need for a mechanism to reduce congested raw logs and detect new attack patterns. This paper suggests enterprise security management for IoT services using graph and network measures. We model an event network based on a graph of interconnected logs between network devices and IoT gateways. And we suggest a network clustering algorithm that estimates the attack probability of log clusters and detects new attack patterns.

Mining Social Networks from business process log (비즈니스 프로세스 수행자들의 Social Network Mining에 대한 연구)

  • Song, Min-Seok;Aalst, W.M.P Van Der;Choe, In-Jun
    • Proceedings of the Korean Operations and Management Science Society Conference
    • /
    • 2004.05a
    • /
    • pp.544-547
    • /
    • 2004
  • Current increasingly information systems log historic information in a systematic way. Not only workflow management systems, but also ERP, CRM, SCM, and B2B systems often provide a so-called 'event log'. Unfortunately, the information in these event logs is rarely used to analyze the underlying processes. Process mining aims at improving this problem by providing techniques and tools for discovering process, control, data, organizational, and social structures from event logs. This paper focuses on the mining social networks. This is possible because event logs typically record information about the users executing the activities recorded in the log. To do this we combine concepts from workflow management and social network analysis. This paper introduces the approach and presents a tool to mine social networks from event logs.

  • PDF

A Study on the Intrusion Detection Method using Firewall Log (방화벽 로그를 이용한 침입탐지기법 연구)

  • Yoon, Sung-Jong;Kim, Jeong-Ho
    • Journal of Information Technology Applications and Management
    • /
    • v.13 no.4
    • /
    • pp.141-153
    • /
    • 2006
  • According to supply of super high way internet service, importance of security becomes more emphasizing. Therefore, flawless security solution is needed for blocking information outflow when we send or receive data. large enterprise and public organizations can react to this problem, however, small organization with limited work force and capital can't. Therefore they need to elevate their level of information security by improving their information security system without additional money. No hackings can be done without passing invasion blocking system which installed at the very front of network. Therefore, if we manage.isolation log effective, we can recognize hacking trial at the step of pre-detection. In this paper, it supports information security manager to execute isolation log analysis very effectively. It also provides isolation log analysis module which notifies hacking attack by analyzing isolation log.

  • PDF