• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.11a
• /
• pp.920-923
• /
• 2020

사이버 공격이 더욱 지능화됨에 따라 기존의 침입 탐지 시스템(Intrusion Detection System)은 기존의 저장된 패턴에서 벗어난 지능형 공격을 탐지하기에 적절하지 않다. 딥러닝(Deep Learning) 기반 침입 탐지는 새로운 탐지 규칙을 생성하는데 적절하다. 그 이유는 딥러닝은 데이터 학습을 통해 새로운 침입 규칙을 자체적으로 생성하기 때문이다. 침입 탐지 시스템 데이터 세트는 가장 널리 사용되는 KDD99 데이터와 LID-DS(Leipzig Intrusion Detection-Data Set)를 사용했다. 본 논문에서는 1차원 벡터를 이미지로 변환하고 CNN(Convolutional Neural Network)을 적용하여 두 데이터 세트에 대한 성능을 실험했다. 평가를 위해 Accuracy, Precision, Recall 및 F1-Score 지표를 측정했다. 그 결과 LID-DS 데이터 세트의 Accuracy가 KDD99 데이터 세트의 Accuracy 보다 약 8% 높은 것을 확인했다. 또한, 1차원 벡터에 대한 데이터를 Kibana를 사용하여 데이터를 시각화하여 대용량 데이터를 한눈에 보기 어려운 단점을 해결하는 방법을 제안한다.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.3-9
• /
• 2024

Currently, cyberattacks and security threats are constantly evolving, and organizations need quick and efficient security response methods. This paper proposes ways to strengthen internal network security by utilizing Unified Threat Management (UTM) equipment to improve network security and effectively manage and analyze the log data of the internal network collected through these equipment using Elastic Stack (Elasticsearch, Logstash, Kibana, hereinafter referred to as ELK Stack).

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.24 no.2
• /
• pp.185-190
• /
• 2024

In 2022, we can see the real estate market in Korea going down. Corona 19 and the Russian invasion of Ukraine are cited as the biggest causes for this. These two problems ignited the economic recession, causing prices to fall and subsequently raising exchange rates and interest rates. Due to the aforementioned problems in the previously active real estate market, the number of actual transactions has decreased, resulting in a decline in the real estate market due to high interest rates. Data provided by the public data portal, KOSIS, and the Seoul Metropolitan Government were collected through Logstash, transferred to Elasticsearch, and visualized inflation, exchange rates, and loan interest rates using the dashboard function provided by Kibana, to analyze causes and derive results. In addition, three specific apartments in Nowon-gu and Jongno-gu, which have the highest number of actual transactions in Seoul, are selected and the actual transaction prices that change every month are displayed in the Data Table.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.2
• /
• pp.382-389
• /
• 2018

Recently cyber attacks can cause serious damage on various information systems. Log data analysis would be able to resolve this problem. Security log analysis system allows to cope with security risk properly by collecting, storing, and analyzing log data information. In this paper, a security log analysis system is designed and implemented in order to analyze security log data using the Logstash in the Elasticsearch, a distributed search engine which enables to collect and process various types of log data. The Kibana, an open source data visualization plugin for Elasticsearch, is used to generate log statistics and search report, and visualize the results. The performance of Elasticsearch-based security log analysis system is compared to the existing log analysis system which uses the Flume log collector, Flume HDFS sink and HBase. The experimental results show that the proposed system tremendously reduces both database query processing time and log data analysis time compared to the existing Hadoop-based log analysis system.

• Journal of Advanced Navigation Technology
• /
• v.28 no.1
• /
• pp.159-162
• /
• 2024

This paper proposes a novel safety autonomous platform (SAP) architecture that can automatically and precisely manage on-site safety through ensemble artificial intelligence models generated from video information, worker's biometric information, and the safety rule to estimate the risk index. We practically designed the proposed SAP architecture by the Hadoop ecosystem with Kafka/NiFi, Spark/Hive, Hue, ELK (Elasticsearch, Logstash, Kibana), Ansible, etc., and confirmed that it worked well with safety mobility gateways for providing various safety applications.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.39-42
• /
• 2018

Log analysis and monitoring have a significant importance in most of the systems. Log management has core importance in applications like distributed applications, cloud based applications, and applications designed for big data. These applications produce a large number of log files which contain essential information. This information can be used for log analytics to understand the relevant patterns from varying log data. However, they need some tools for the purpose of parsing, storing, and visualizing log informations. "Elasticsearch, Logstash, and Kibana"(ELK Stack) is one of the most popular analyzing tools for log management. For the ingestion of log files configuration files have a key importance, as they cover all the services needed to input, process, and output the log files. However, creating configuration files is sometimes very complicated and time consuming in many applications as it requires domain expertise and manual creation. In this paper, an auto configuration module for Logstash is proposed which aims to auto generate the configuration files for Logstash. The primary purpose of this paper is to provide a mechanism, which can be used to auto generate the configuration files for corresponding log files in less time. The proposed module aims to provide an overall efficiency in the log management system.

• Journal of the Korea Society for Simulation
• /
• v.27 no.3
• /
• pp.65-73
• /
• 2018

In this paper, we propose a simulation output analysis environment using Elastic Stack technology in order to reduce the complexity of the simulation analysis process. The proposed simulation output analysis environment automatically transfers simulation outputs to a centralized analysis server from a set of simulation execution resources, physically separated over a network, manages the collected simulation outputs in a fashion that further analysis tasks can be easily performed, and provides a connection to analysis and visualization services of Kibana in Elastic Stack. The proposed analysis environment provides scalability where a set of computation resources can be added on demand. We demonstrate how the proposed simulation output analysis environment can perform the simulation output analysis effectively with an example of spreading epidemic diseases, such as influenza and flu.