Journal of Digital Convergence (디지털융복합연구)

The Society of Digital Policy and Management (한국디지털정책학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on implementation model for security log analysis system using Big Data platform

빅데이터 플랫폼을 이용한 보안로그 분석 시스템 구현 모델 연구

  • Received : 2014.06.10
  • Accepted : 2014.08.20
  • Published : 2014.08.28
Download PDF
⟨ Previous Next ⟩

Abstract

The log data generated by security equipment have been synthetically analyzed on the ESM(Enterprise Security Management) base so far, but due to its limitations of the capacity and processing performance, it is not suited for big data processing. Therefore the another way of technology on the big data platform is necessary. Big Data platform can achieve a large amount of data collection, storage, processing, retrieval, analysis, and visualization by using Hadoop Ecosystem. Currently ESM technology has developed in the way of SIEM (Security Information & Event Management) technology, and to implement security technology in SIEM way, Big Data platform technology is essential that can handle large log data which occurs in the current security devices. In this paper, we have a big data platform Hadoop Ecosystem technology for analyzing the security log for sure how to implement the system model is studied.

보안 장비에서 발생하는 로그는 그동안 ESM(Enterprise Security Management) 기반으로 통합적으로 데이터를 분석하였으나 데이터 저장 용량의 한계와 ESM자체의 데이터 처리 성능의 한계로 빅데이터 처리에 부적합하기 때문에 빅데이터 플랫폼을 이용한 보안로그 분석 기술이 필요하다. 빅데이터 플랫폼은 Hadoop Echosystem을 이용하여 대용량의 데이터 수집, 저장, 처리, 검색, 분석, 시각화 기능을 구현할 수 있다. 현재 ESM기술은 SIEM(Security Information & Event Management)방식으로 기술이 발전하고 있으며 SIEM방식의 보안기술을 구현하기 위해서는 현재 보안장비에서 발생하는 방대한 로그 데이터를 처리할 수 있는 빅데이터 플랫폼 기술이 필수적이다. 본 논문은 Hadoop Echosystem 이 가지고 있는 빅데이터 플랫폼 기술을 활용하여 보안로그를 분석하기 위한 시스템을 어떻게 구현할 수 있는지에 대한 모델을 연구하였다.

Keywords

References

  1. Cardenas, A. A. , Manadhata, P. K. , Rajan, S. P. : "Big Data Analytics for Security", IEEE SECURITY AND PRIVACY MAGAZINE Vol.11 No.6, 2013.
  2. Dae-Soo Choi ,Gil-Jong Mun ,Yong-Min Kim, Bong-Nam Noh : "An Analysis of Large-Scale Security Log using MapReduce", Korean Institute Of Information Technology, Vol.9 No.8, 2011.
  3. Forte, D. : "The importance of log files in security incident prevention", NETWORK SECURITY Vol.2009 No.7, 2009.
  4. Jiaqi Zhaoa, Lizhe Wangb, Jie Taoc, Jinjun Chend, Weiye Sunc, Rajiv Ranjane, Joanna Kolodziejf, Achim Streitc, Dimitrios Georgakopoulose: "A security framework in G-Hadoop for big data computing across distributed Cloud data centres", Journal of Computer and System Sciences, Vol.80 No.5, 2014.
  5. Kyoo-Sung Noh, Doosik Lee : "A study on implementation model for Big Data Platform", The Society of Digital Policy & Management, Spring Conference Paper, 2014.
  6. Ok Hyun Ha: "A Study on Conversion Security Control System for Industrial Security", Korea Information Assuarance Society, Journal of Information and Security, Vol.9 No.4, 2009.
  7. Tankard, Colin : "Big data security", Network Security. Jul2012, Vol. 2012 Issue 7, 2012.
  8. Xin Liang Li , Jian De Zheng : "Improvement of Hadoop Security Mechanism", Applied Mechanics and Materials (Volumes 484 - 485), Green Power, Materials and Manufacturing Technology and Applications III Chapter 7: Computer and Numerical Technologies 912-915, 2014.
  9. http://flume.apache.org/
  10. http://hadoop.apache.org/
  11. http://hive.apache.org/
  12. https://oozie.apache.org/
  13. http://sqoop.apache.org/
  14. http://www.r-project.org/
  15. http://www.nodejs.org/