Browse > Article
http://dx.doi.org/10.30693/SMJ.2018.7.4.70

A log visualization method for network security monitoring  

Joe, Woo-Jin (충남대학교 컴퓨터공학과)
Shin, Hyo-Jeong (충남대학교 소프트웨어연구소)
Kim, Hyong-Shik (충남대학교 컴퓨터공학과)
Publication Information
Smart Media Journal / v.7, no.4, 2018 , pp. 70-78 More about this Journal
Abstract
Current trends in information system have led many companies to adopt security solutions. However, even with a large budget, they cannot function properly without proper security monitoring that manages them. Security monitoring necessitates a quick response in the event of a problem, and it is needed to design appropriate visualization dashboards for monitoring purposes so that necessary information can be delivered quickly. This paper shows how to visualize a security log using the open source program Elastic Stack and demonstrates that the proposed method is suitable for network security monitoring by implementing it as a appropriate dashboard for monitoring purposes. We confirmed that the dashboard was effectively exploited for the analysis of abnormal traffic growth and attack paths.
Keywords
Security monitoring; Visualization; Open Source; Elastic Stack;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 연도별 기술유출 현황(2012-2016), http://www.smba.go.kr (accessed Sep., 27, 2018).
2 주요 개인정보 유출 현황(2012-2016), http://www.kcc.go.kr (accessed Sep., 27, 2018).
3 남승수, 서창호, 이주영, 김종현, 김익균, "통합 사이버 보안 상황분석을 통한 관제 상황인지 기술," 스마트미디어저널, 제4권, 제4호, 80-85쪽, 2015년 12월
4 차준섭, "통합 사이버 보안 상황분석을 통한 관제 상황인지 기술," 스마트미디어저널, 제4권, 제4호, 86-92쪽, 2015년 12월
5 현정훈, 김현중, "오픈소스 ELK Stack 활용 정보보호 빅데이터 분석을 통한 보안관제 구현," 디지털콘텐츠학회논문지, 제19권, 제1호, 181-191쪽, 2018년 1월
6 장상근, "네트워크 보안 시스템 구축과 보안 관제," 한빛미디어, 2016
7 ESM의 구성도 및 구성요소, http://www.jidum.com/jidums/view.do?jidumId=608 (accessed Sep., 27, 2018).
8 Akshaya H L, "A Basic Introduction to DevOps Tools," International Journal of Computer Science and Information Technologies, pp. 2349-2353, 2015.
9 김성락, "상호연관성 분석을 이용한 웹서버 보안관리 시스템", 한국컴퓨터정보학회논문지, 제9권, 제4호, 157-165쪽, 2004년 12월
10 SANS 2017 Security Operations Center Survey, https://pages.endgame.com/rs/627-YBU-612/images/SOC%20Survey%202017.pdf (accessed Sep., 27, 2018).
11 Heya, Elastic Stack and X-Pacx, https://www.elastic.co/blog/heya-elastic-stack-and-x-pack (accessed Sep., 27, 2018).
12 Getting started with the Elastic Stack, https://www.elastic.co/guide/en/elastic-stack-get-started/6.4/get-started-elastic-stack.html#install-elasticsearch (accessed Sep., 27, 2018).
13 Lahmadi, Abdelkader, and Frederic Beck. "Powering monitoring analytics with ELK stack,." 9th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2015). 2015
14 Splunk Quick Reference Guide, https://www.splunk.com/pdfs/solution-guides/splunk-quick-reference-guide.pdf (accessed Sep., 27, 2018).
15 Sung Jun Son, "Performance of ELK Stack and Commercial System in Security Log Analysis," Malaysia International Conference on Communications, pp. 28-30, Nov., 2017.
16 S. Vidhya, S. Sarumathi, and N. Shanthi. "Comparative analysis of diverse collection of big data analytics tools," International Journal of Computer, Electrical, Automation, Control and Information Engineering, vol. 8, no. 9, 2014.
17 이봉환, "아파치 엘라스틱서치 기반 로그스태시를 이용한 보안로그 분석시스템," 한국정보통신학회논문지, 제22권, 제2호, 382-389쪽, 2018년 2월   DOI
18 Google Trends(2018), https://trends.google.com/trends/explore?date=all&q=elasticsearch%20%2B%20logstash%20%2B%20kibana,splunk,jaspersoft,pentaho&hl=en-US, (accessed Sep., 27, 2018).
19 이상준, 이동훈, "빅 데이터 로그를 이용한 실시간 예측 분석시스템 설계 및 구현," 정보보호학회논문지, 제25권, 제6호, 1399-1410쪽, 2015년 12월   DOI
20 Bro log file Document(2018), https://www.bro.org/sphinx-git/script-reference/log-files.html. (accessed Sep., 27, 2018).