• Journal of the Korea Society of Computer and Information
• /
• v.23 no.10
• /
• pp.11-21
• /
• 2018

In this paper we propose a novel log template discovery algorithm which achieves high quality of discovered log templates through iterative log filtering technique. Log templates are the static string pattern of logs that are used to produce actual logs by inserting variable values during runtime. Identifying individual logs into their template category correctly enables us to conduct automated analysis using state-of-the-art machine learning techniques. Our technique looks at the group of logs column-wise and filters the logs that have the value of the highest proportion. We repeat this process per each column until we are left with highly homogeneous set of logs that most likely belong to the same log template category. Then, we determine which column is the static part and which is the variable part by vertically comparing all the logs in the group. This process repeats until we have discovered all the templates from given logs. Also, during this process we discover the custom patterns such as ID formats that are unique to the application. This information helps us quickly identify such strings in the logs as variable parts thereby further increasing the accuracy of the discovered log templates. Existing solutions suffer from log templates being too general or too specific because of the inability to detect custom patterns. Through extensive evaluations we have learned that our proposed method achieves 2 to 20 times better accuracy.

• Journal of Information Processing Systems
• /
• v.7 no.4
• /
• pp.707-716
• /
• 2011

It is important that desktop grids should be able to aggressively deal with the dynamic properties that arise from the volatility and heterogeneity of resources. Therefore, it is required that task scheduling be able to positively consider the execution behavior that is characterized by an individual resource. In this paper, we implement a log analysis system with REST web services, which can analyze the execution behavior by utilizing the actual log data of desktop grid systems. To verify the log analysis system, we conducted simulations and showed that the resource group-based task scheduling, based on the analysis of the execution behavior, offers a faster turnaround time than the existing one even if few resources are used.

• Journal of Sensor Science and Technology
• /
• v.16 no.3
• /
• pp.202-210
• /
• 2007

The aim of this study is to acquire useful information of lower urinary tract symptom (LUTS) diagnosis through urophonography signal as a noninvasive method. The hardware and software which could evaluate the function of compensatory hypertrophy with noninvasive and comfortable method was implemented to measure uroflow and urophonography signal during urination. The PSD (power spectrum density) and the log-log plot gradient analysis were accomplished in frequency domain. For evaluation of the system and analysis method, a model system for the lower urinary system of men was used. From the evaluation of the model system, the PDS and the log-log plot gradient were dependent on the occlusion degree significantly. In a pilot study on normal and abnormal male subjects, the PSD and the log-log plot gradient were highly correlated with the artificial urethral obstruction.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1399-1410
• /
• 2015

Gartner is requiring companies to considerably change their survival paradigms insisting that companies need to understand and provide again the upcoming era of data competition. With the revealing of successful business cases through statistic algorithm-based predictive analytics, also, the conversion into preemptive countermeasure through predictive analysis from follow-up action through data analysis in the past is becoming a necessity of leading enterprises. This trend is influencing security analysis and log analysis and in reality, the cases regarding the application of the big data analysis framework to large-scale log analysis and intelligent and long-term security analysis are being reported file by file. But all the functions and techniques required for a big data log analysis system cannot be accommodated in a Hadoop-based big data platform, so independent platform-based big data log analysis products are still being provided to the market. This paper aims to suggest a framework, which is equipped with a real-time and non-real-time predictive analysis engine for these independent big data log analysis systems and can cope with cyber attack preemptively.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.48-59
• /
• 2018

Recently, network technology has been used in various fields due to development of network technology. However, there has been an increase in the number of attacks targeting public institutions and companies by exploiting the evolving network technology. Meanwhile, the existing network intrusion detection system takes much time to process logs as the amount of network log increases. Therefore, in this paper, we propose a Spark-based network log analysis system that detects unstructured network attack pattern. by using Snort. The proposed system extracts and analyzes the elements required for network attack pattern detection from large amount of network log data. For the analysis, we propose a rule to detect network attack patterns for Port Scanning, Host Scanning, DDoS, and worm activity, and can detect real attack pattern well by applying it to real log data. Finally, we show from our performance evaluation that the proposed Spark-based log analysis system is more than two times better on log data processing performance than the Hadoop-based system.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.77-85
• /
• 2018

With the convergence of communications network between control system and public network, such threats like information leakage/falsification could be fully shown in control system through diverse routes. Due to the recent diversification of security issues and violation cases of new attack techniques, the security system based on the information database that simply blocks and identifies, is not good enough to cope with the new types of threat. The current control system operates its security system focusing on the outside threats to the inside, and it is insufficient to detect the security threats by insiders with　the authority of security access. Thus, this study conducted the importance analysis based on the main event log list of "Spotting the Adversary with Windows Event Log Monitoring" announced by NSA. In the results, the matter of importance of event log for the detection of insider threats to control system was understood, and the results of this study could be contributing to researches in this area.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.35-40
• /
• 2017

The control system can have such threats as information leakage and falsification through various routes due to communications network fusion with public network. As the issues about security and the infringe cases by new attack methods are diversified recently, with the security system that makes information data database by simply blocking and checking it is difficult to cope with new types of threats. It is also difficult to respond security threats by insiders who have security access authority with the existing security equipment. To respond the threats by insiders, it is necessary to collect and analyze Event Log occurring in the internal system realtime. Therefore, this study could find out whether there is correlation of the elements among Event Logs through correlation analysis based on Event Logs that occur real time in the control system, and based on the analysis result, the study is expected to contribute to studies in this field.

• Journal of the Korean Data and Information Science Society
• /
• v.20 no.3
• /
• pp.493-504
• /
• 2009

The web log data analysis is to analysis traces which visitors remain while they drop by a web-site. Ultimately it can help to obtain a lot of useful information that can efficiently manage homepage and perform CRM(customer relationship management) using obtained information. In this paper, we provide a basic information to manage efficiently homepage of D university and to establish strategy for invitation of new pupil, as analyzing web log data for D university.

• Journal of Information Technology and Architecture
• /
• v.11 no.1
• /
• pp.25-32
• /
• 2014

Web mining techniques are often used to discover useful patterns from data log generated by Web servers for the purpose of web usage analysis. Yet traditional Web mining techniques do not reflect sufficiently sequential properties of Web log data. To address such weakness, we introduce a framework for analyzing Web access log data by using process mining techniques. To illustrate the proposed framework, we show the analysis of Web access log in a campus information system based on the framework and discuss the implication of the analysis result.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.4
• /
• pp.39-45
• /
• 2011

Application log files contain error messages; operational data and usage information that can help manage applications and servers. Log analysis system is software that read and parse log files, extract and aggregate information in order to generate reports on the application. In currently, the importance of log files of firewalls is growing bigger and bigger for the forensics of cyber crimes and the establishment of security policy. In this paper, we designed and implemented the SILAS(SysLog-based Integrated Log mAanagement System) in distribute network environments. It help to generate reports on the the log fires of firewalls - IP and users, and statistics of application usage.