• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.7
• /
• pp.623-628
• /
• 2016

Because the log information provides some critical clues for solving the problem of illegal system access, it is very important for a system administrator to gather and analyze the log data. In a Linux system, the syslog utility has been used to gather various kinds of log data. Unfortunately, there is a limitation that a system administrator should rely on the services only provided by the syslog utility. To overcome this limitation, this paper suggests a syslog agent that allows the system administrator to gather log information for file access that is not serviced by syslog utility. The basic concept of the suggested syslog agent is that after creating a FUSE, it stores the accessed information of the files under the directory on which FUSE has been mounted into the log file via syslog utility. To review its functional validity, a FUSE file system was implemented on Linux (Ubunt 14.04), and the log information of a file access was collected and confirmed.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.9
• /
• pp.2442-2450
• /
• 1999

The audit logging system is to write the details of systems use and access on networks. These details are used for trailing the route, when illegal access or using system resource is occurred on networks. The logging system therefore, might be the first target of intruder. We developed the logging system which writes the information of logging and command execution on UNIX system. And we prepared the self-protecting functions of blocking intruder's attack on the logging system. They are protecting the logging process and the log file. To protect the logging process, we made it keep changing the process ID to avoid the intruder's attack. To protect the log file, we use hard link and mandatory file locking, so it can make it impossible to delete or change log file.

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.772-786
• /
• 2021

The process of tracking suspicious behavior manually on a system and gathering evidence are labor-intensive, variable, and experience-dependent. The system logs are the most important sources for evidences in this process. However, in the Microsoft Windows operating system, the action events are irregular and the log structure is difficult to audit. In this paper, we propose a model that overcomes these problems and efficiently analyzes Microsoft Windows logs. The proposed model extracts lists of both common and key events from the Microsoft Windows logs to determine detailed actions. In addition, we show an approach based on the proposed model applied to track illegal file access. The proposed approach employs three-step tracking templates using Elastic Stack as well as key-event, common-event lists and identify event lists, which enables visualization of the data for analysis. Using the three-step model, analysts can adjust the depth of their analysis.

• Journal of Information Technology Applications and Management
• /
• v.11 no.2
• /
• pp.29-43
• /
• 2004

As the development of an information technique, gradually, mobile device is going to be miniaturized and operates at high speed. By such the requirements, the devices using a flash memory as a storage media are increasing. The flash memory consumes low power, is a small size, and has a fast access time like the main memory. But the flash memory must erase for recording and the erase cycle is limited. JFFS is a representative filesystem which reflects the characteristics of the flash memory. JFFS to be consisted of LSF structure, writes new data to the flash memory in sequential, which is not related to a file size. Mounting a filesystem or an error recovery is achieved through the sequential approach. Therefore, the mounting delay time is happened according to the file system size. This paper proposes a MJFFS to use a multi-checkpoint information to manage a mass flash file system efficiently. A MJFFS, which improves JFFS, divides a flash memory into the block for suitable to the block device, and stores file information of a checkpoint structure at fixed interval. Therefore mounting and error recovery processing reduce efficiently a number of filesystem access by collecting a smaller checkpoint information than capacity of actual files. A MJFFS will be suitable to a mobile device owing to accomplish fast mounting and error recovery using advantage of log foundation filesystem and overcoming defect of JFFS.

• Journal of the Korean Society for information Management
• /
• v.17 no.2
• /
• pp.139-153
• /
• 2000

This article focuses on a transaction log analysis of the DISCOVER online catalog user interface at Duksung Women's University Library. The results show that the most preferred access point is the title field with rate of 59.2%. The least used access point is the author field with rate of 11.6%. Keyword searching covers only about 16% of all access points used. General failure rate of searching is 13.9% with the highest failure rate of 19.8% in the subject field and the lowest failure rate of 10.9% in author field.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.4-6
• /
• 2001

In this paper, we designed a system that can mine user's traversal patterns from web log files. The system cleans an input data, transactions of a web log file, and finds traversal patterns from the transactions, each of which consists of one user's access pages. The resulting traversal patterns are shown on a web browser, which can be used to analyze the patterns in visual form by a system manager or data miner. We have implemented the system in an IBM personal computer running on Windows 2000 in MS visual C++, and used the MS SQL Server 2000 to store the intermediate files and the traversal patterns which can be easily applied to a system for knowledge discovery in databases.

• The KIPS Transactions:PartA
• /
• v.8A no.4
• /
• pp.331-338
• /
• 2001

With the general use of network, cyber terror rages throughout the world. However, IP Fragmentation isn\`t free from its security problem yet, even though it guarantees effective transmission of the IP package in its network environment. Illegal invasion could happen or disturb operation of the system by using attack mechanism such as IP Spoofing, Ping of Death, or ICMP taking advantage of defectiveness, if any, which IP Fragmentation needs improving. Recently, apart from service refusal attack using IP Fragmentation, there arises a problem that it is possible to detour packet filtering equipment or network-based attack detection system using IP Fragmentation. In the paper, we generate the real time access log file to make the system manager help decision support and to make the system manage itself in case that some routers or network-based attack detection systems without packet reassembling function could not detect or suspend illegal invasion with divided datagrams of the packet. Through the implementation of the self-managing system we verify its validity and show its future effect.

• Journal of KIISE:Computing Practices and Letters
• /
• v.13 no.7
• /
• pp.476-487
• /
• 2007

Flash memory offers attractive features, such as non-volatile, shock resistance, fast access, and low power consumption for data storage. However, it has one main drawback of requiring an erase before updating the contents. Furthermore, flash memory can only be erased limited number of times. To overcome limitations, flash memory needs a software layer called flash translation layer (FTL). The basic function of FTL is to translate the logical address from the file system like file allocation table (FAT) to the physical address in flash memory. In this paper, a new FTL algorithm called an efficient and advanced space-management technique (EAST) is proposed. EAST improves the performance by optimizing the number of log blocks, by applying the state transition, and by using reallocation blocks. The results of experiments show that EAST outperforms FAST, which is an enhanced log block scheme, particularly when the usage of flash memory is not full.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.5
• /
• pp.1189-1202
• /
• 1999

As compared with VOD data, NOD article data has the following characteristics: it is created at any time, has a short life cycle, is selected as not one article but several articles by a user, and has high access locality in time. Because of these intrinsic features, user access patterns of NOD article data are different from those of VOD. Thus, building NOD system using the existing techniques of VOD system leads to poor performance. In this paper, we analysis the log file of a currently running electronic newspaper, show that the popularity distribution of NOD articles is different from Zipf distribution of VOD data, and suggest a new popularity model of NOD article data MS-Zipf(Multi-Selection Zipf) distribution and its approximate solution. Also we present a life cycle model of NOD article data, which shows changes of popularity over time. Using this life cycle model, we develop LLBF (Largest Life-cycle Based Frequency) prefetching algorithm and analysis he performance by simulation. The developed LLBF algorithm supports the similar level in hit-ratio to the other prefetching algorithms such as LRU(Least Recently Used) etc, while decreasing the number of data replacement in article prefetching and reducing the overhead of the prefetching in system performance. Using the accurate user access patterns of NOD article data, we could analysis correctly the performance of NOD server system and develop the efficient policies in the implementation of NOD server system.

• The Journal of the Korea Contents Association
• /
• v.19 no.5
• /
• pp.417-425
• /
• 2019

Storage snapshot technology allows to preserve data at a specific point in time, and recover and access data at a desired point in time. It is an essential technology for storage protection application. Existing snapshot methods have some problems in that they dependent on storage hardware vendor, file system or virtual block device. In this paper, we propose a new snapshot method for solving the problems and creating snapshots on-line. The proposed snapshot method uses a method of extracting the log records of update operations at the virtual file system layer to enable the snapshot method to operate independently on file systems, virtual block devices, and storage hardwares. In addition, the proposed snapshot mehod creates and manages snapshots for directories and files without interruption to the storage service. Finally, through experiments we measure the snapshot creation time and the performance degradation caused by the snapshot.