• Journal of the Korean Data and Information Science Society
• /
• v.15 no.2
• /
• pp.317-329
• /
• 2004

The Web log has caught much attraction for tracing of customer activity. So many researches have been carried on it. As a result, Web log analysis solutions has been developed and launched lately. It has been in the spotlight to the website administrators and people in practical marketing business. In this paper, we made an analysis on the various behavior patterns of customers in cooperation with SAS/AF and SCL modules, based on development of GUI from SAS package for disposal of statistical data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.3
• /
• pp.13-26
• /
• 1999

Widespread use of Internet despite numerous positive aspects resulted in increased number of system intrusions and the need for enhanced security mechanisms is urgent. Systematic collection and analysis of log data are essential in intrusion investigation. Unfortunately existing logs are stored in diverse and incompatible format thus making an automated intrusion investigation practically impossible. We examined the types of log data essential in intrusion investigation and implemented a tool to enable systematic collection and efficient analysis of voluminous log data. Our tool based on RBDMS and SQL provides graphical and user-friendly interface. We describe our experience of using the tool in actual intrusion investigation and explain how our tool can be further enhanced.

• Journal of Digital Contents Society
• /
• v.9 no.3
• /
• pp.491-498
• /
• 2008

The leakage of sensitive information by an insider within the organization becomes a serious threat nowadays. Sometimes, these insider threats are more harmful to an organization than external attack. Companies cannot afford to continue ignoring the potential of insider attacks. The purpose of this study is to design an integrated log analysis system that can detect various types of information leakages. The system uses threat rules generated through risk analysis, and monitors every aspect of the online activities of authorized insider. Not only should system have the ability to identify abnormal behavior, they should also be able to predict and even help to prevent potential risk. The system is composed of three modules, which are log collector, log analyzer and report generator.

• Spatial Information Research
• /
• v.23 no.3
• /
• pp.45-54
• /
• 2015

Since the V-World, the Spatial Information Open Platform service, has started in 2012, a lot of people have increased explosively every year with their interest. It is necessary to know the specific service status in order to serve as indicators of the improvement of user's environment and the service to be added in the future based on the user's increasing need. However, there is difficulty to figure out more specific service status, such as the usage of hardware resources for 2D / 3D / Portal services and the actual user usage patterns, because the current system does not have the real-time monitoring system. Therefore, in this paper, through the analysis of the usage of system resources for 2D / 3D / Portal services based on web server log and the usage of hardware resources such as CPU, Memory based on system log, we analyze the usage of service in 2015 and compare with the results of the 2014, to present problems of the current system and the solutions about the problems.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.3
• /
• pp.127-136
• /
• 2024

This study explores the correlation between system anomalies and large-scale logs within the Spark cluster environment. While research on anomaly detection using logs is growing, there remains a limitation in adequately leveraging logs from various components of the cluster and considering the relationship between anomalies and the system. Therefore, this paper analyzes the distribution of normal and abnormal logs and explores the potential for anomaly detection based on the occurrence of log templates. By employing Hadoop and Spark, normal and abnormal log data are generated, and through t-SNE and K-means clustering, templates of abnormal logs in anomalous situations are identified to comprehend anomalies. Ultimately, unique log templates occurring only during abnormal situations are identified, thereby presenting the potential for anomaly detection.

• Journal of Information Technology and Architecture
• /
• v.11 no.1
• /
• pp.25-32
• /
• 2014

Web mining techniques are often used to discover useful patterns from data log generated by Web servers for the purpose of web usage analysis. Yet traditional Web mining techniques do not reflect sufficiently sequential properties of Web log data. To address such weakness, we introduce a framework for analyzing Web access log data by using process mining techniques. To illustrate the proposed framework, we show the analysis of Web access log in a campus information system based on the framework and discuss the implication of the analysis result.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.85-96
• /
• 2015

In IT system, logs are an indicator of the previous key events. Therefore, when a security problem occurs in the system, logs are used to find evidence and solution to the problem. So, it is important to ensure the integrity of the stored logs. Existing schemes have been proposed to detect tampering of the stored logs after the key has been exp osed. Existing schemes are designed separately in terms of log transmission and storage. We propose a new log sys tem for integrating log transmission with storage. In addition, we prove the security requirements of the proposed sc heme and computational efficiency with existing schemes.

• The Journal of Information Systems
• /
• v.23 no.1
• /
• pp.185-202
• /
• 2014

ERP, a typical enterprise application, helps companies to increase their productivity and to support their decision makings. ERP is composed of diverse functions that are optimized under PC environment, whereas the ERP applications on a mobile platform have many constraints such as a small screen, limited resolution, and computing power. Because all the functions of a ERP legacy system are not required for ERP on a mobile device, the core functions of the ERP system should be selected to increase system efficiency. In this study, two main methods were used; interviews and log analyses. The end users using a ERP system were interviewed for their perceptions, and log data analyses were made for the hitting number of specific ERP functions. The differences between the actual usage based on log data and users' cognitive preferences about ERP functions were analysed. Finally, the functional differences between users' perception and actual usage were suggested for some practical implications.

• Journal of Internet Computing and Services
• /
• v.11 no.6
• /
• pp.73-86
• /
• 2010

In proportion to the rapid increase in the number of Web users, web attack techniques are also getting more sophisticated. Therefore, we need not only to detect Web attack based on the log analysis but also to extract web attack events from audit information such as Web firewall, Web IDS and system logs for detecting abnormal Web behaviors. In this paper, web attack detection system was designed and implemented based on integrated web audit data for detecting diverse web attack by generating integrated log information generated from W3C form of IIS log and web firewall/IDS log. The proposed system analyzes multiple web sessions and determines its correlation between the sessions and web attack efficiently. Therefore, proposed system has advantages on extracting the latest web attack events efficiently by designing and implementing the multiple web session and log correlation analysis actively.

• Korean Management Science Review
• /
• v.19 no.1
• /
• pp.29-38
• /
• 2002

Due to the rapid increase In the Internet traffic volume, ISPs are faced with the definite need of the expansion of server capacity. In order to Provide prompt services for customers and still prevent excessive facility cost, it is critical to determine the optimum level of internet server capacity. The purpose of this Paper is to provide a simple but effective strategy on the expansion of servers capacity according to the increase in internet traffic. We model an internet server as an M/G/m/m queueing system and derive an efficient method to compute the loss probability which, In turn, Is used as a basis to determine proper server capacity. The Process of estimating the traffic parameter values at each server based on log data analysis is also given. All the procedures are numerically demonstrated through the process of analyzing actual log data collected from a game company.