• Title/Summary/Keyword: Security Event Monitoring

Search Result 39, Processing Time 0.028 seconds

A Security Monitoring System for Security Information Sharing and Cooperative Countermeasure (협력대응기반 전역네트워크 보안정보공유 시스템)

  • Kim, Ki-Young;Lee, Sung-Won;Kim, Jong-Hyun
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.50 no.2
    • /
    • pp.60-69
    • /
    • 2013
  • Highlighted by recent security breaches including Google, Western Energy Company, and the Stuxnet infiltration of Iranian nuclear sites, Cyber warfare attacks pose a threat to national and global security. In particular, targeted attacks such as APT exploiting a high degree of stealthiness over a long period, has extended their victims from PCs and enterprise servers to government organizations and critical national infrastructure whereas the existing security measures exhibited limited capabilities in detecting and countermeasuring them. As a solution to fight against such attacks, we designed and implemented a security monitoring system, which shares security information and helps cooperative countermeasure. The proposed security monitoring system collects security event logs from heterogeneous security devices, analyses them, and visualizes the security status using 3D technology. The capability of the proposed system was evaluated and demonstrated throughly by deploying it under real network in a ISP for a week.

Design of a Security Monitoring System based on correlation analysis (침해위협 상관분석 기반의 보안관제시스템 설계)

  • Jeong, Ki-Moon;Park, Hark-Soo
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2011.06a
    • /
    • pp.335-338
    • /
    • 2011
  • 최근 정보화가 고도화됨에 따라 해킹, 웜 바이러스 등 사이버 침해사고 또한 증가하고 있다. 이에 따라 사이버 침해사고를 예방하고 대응하기 위하여 보안관제의 필요성이 대두되고 있으며 이를 지원하기 위한 시스템이 등장하고 있다. 단순한 사이버 공격을 탐지하는 수준에서 벗어나 분석 및 대응 등 넓은 의미의 보안관제 활동을 수행하기 위한 시스템은 이기종 환경에서 대용량의 데이터를 처리하여 신속하고 정확한 탐지 결과를 보여줄 수 있어야 한다. 또한 다양한 보안관제 활동을 원활히 수행할 수 있는 기능을 제공하여야 한다. 본 논문에서는 이러한 요구사항을 반영하여 대용량 보안이벤트 데이터를 동적으로 상관 분석하여 탐지 효율성과 신속성을 향상시킬 수 있는 보안관제시스템을 설계 제안한다.

  • PDF

Real-Time Attack Detection System Using Event-Based Runtime Monitoring in ROS 2 (ROS 2의 이벤트 기반 런타임 모니터링을 활용한 실시간 공격 탐지 시스템)

  • Kang, Jeonghwan;Seo, Minseong;Park, Jaeyeol;Kwon, Donghyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.6
    • /
    • pp.1091-1102
    • /
    • 2022
  • Robotic systems have developed very rapidly over the past decade. Robot Operating System is an open source-based software framework for the efficient development of robot operating systems and applications, and is widely used in various research and industrial fields. ROS applications may contain various vulnerabilities. Various studies have been conducted to monitor the excution of these ROS applications at runtime. In this study, we propose a real-time attack detection system using event-based runtime monitoring in ROS 2. Our attack detection system extends tracetools of ros2_tracing to instrument events into core libraries of ROS 2 middleware layer and monitors the events during runtime to detect attacks on the application layer through out-of-order execution of the APIs.

Study on Methodology of Collecting Realtime File Access Event Information (실시간 파일 접근 이벤트 정보 수집 방법에 관한 연구)

  • Han, Sung-Hwa
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2021.10a
    • /
    • pp.447-448
    • /
    • 2021
  • The boundary-based security architecture has the advantage of easy deployment of security solutions and high operational efficiency. The boundary-based security architecture is easy to detect and block externally occurring security threats, but is inappropriate to block internally occurring security threats. Unfortunately, internal security threats are increasing in frequency. In order to solve this problem, a zero trust model has been proposed. The zero trust model requires a real-time monitoring function to analyze the behavior of a subject accessing various information resources. However, there is a limit to real-time monitoring of file access of a subject confirmed to be trusted in the system. Accordingly, this study proposes a method to monitor user's file access in real time. To verify the effectiveness of the proposed monitoring method, the target function was verified after the demonstration implementation. As a result, it was confirmed that the method proposed in this study can monitor access to files in real time.

  • PDF

A Design of File Leakage Response System through Event Detection (이벤트 감지를 통한 파일 유출 대응 시스템 설계)

  • Shin, Seung-Soo
    • Journal of Industrial Convergence
    • /
    • v.20 no.7
    • /
    • pp.65-71
    • /
    • 2022
  • With the development of ICT, as the era of the 4th industrial revolution arrives, the amount of data is enormous, and as big data technologies emerge, technologies for processing, storing, and processing data are becoming important. In this paper, we propose a system that detects events through monitoring and judges them using hash values because the damage to important files in case of leakage in industries and public places is serious nationally and property. As a research method, an optional event method is used to compare the hash value registered in advance after performing the encryption operation in the event of a file leakage, and then determine whether it is an important file. Monitoring of specific events minimizes system load, analyzes the signature, and determines it to improve accuracy. Confidentiality is improved by comparing and determining hash values pre-registered in the database. For future research, research on security solutions to prevent file leakage through networks and various paths is needed.

Model Proposal for Detection Method of Cyber Attack using SIEM (SIEM을 이용한 침해사고 탐지방법 모델 제안)

  • Um, Jin-Guk;Kwon, Hun-Yeong
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.16 no.6
    • /
    • pp.43-54
    • /
    • 2016
  • The occurrence of cyber crime is on the rise every year, and the security control center, which should play a crucial role in monitoring and early response against the cyber attacks targeting various information systems, its importance has increased accordingly. Every endeavors to prevent cyber attacks is being attempted by information security personnel of government and financial sector's security control center, threat response Center, cyber terror response center, Cert Team, SOC(Security Operator Center) and else. The ordinary method to monitor cyber attacks consists of utilizing the security system or the network security device. It is anticipated, however, to be insufficient since this is simply one dimensional way of monitoring them based on signatures. There has been considerable improvement of the security control system and researchers also have conducted a number of studies on monitoring methods to prevent threats to security. In accordance with the environment changes from ESM to SIEM, the security control system is able to be provided with more input data as well as generate the correlation analysis which integrates the processed data, by extraction and parsing, into the potential scenarios of attack or threat. This article shows case studies how to detect the threat to security in effective ways, from the initial phase of the security control system to current SIEM circumstances. Furthermore, scenarios based security control systems rather than simple monitoring is introduced, and finally methods of producing the correlation analysis and its verification methods are presented. It is expected that this result contributes to the development of cyber attack monitoring system in other security centers.

Exhibition Monitoring System using USN/RFID based on ECA (USN/RFID를 이용한 ECA기반 전시물 정보 모니터링 시스템)

  • Kim, Gang-Seok;Song, Wang-Cheol
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.9 no.6
    • /
    • pp.95-100
    • /
    • 2009
  • Nowadays there are many studies and there's huge development about USN/RFID which have great developmental potential to many kinds of applications. More and more real time application apply USN/RFID technology to identify data collect and locate objects. Wide deployment of USN/RFID will generate an unprecedented volume of primitive data in a short time. Duplication and redundancy of primitive data will affect real time performance of application. Thus, security applications must filter primitive data and correlate them for complex pattern detection and transform them to events that provide meaningful, actionable information to end application. In this paper, we design a ECA Rule system for security monitoring of exhibition. This system will process USN/RFID primitive data and event and perform data transformation. It's had applied each now in exhibition hall through this study and efficient data transmission and management forecast that is possible.

  • PDF

Enhancing on Security Monitoring & Control Redundancy Facilities Config uration & Operation in the COVDI-19 Pandemic Environment (코로나19 환경에서 무중단 보안관제센터 구성 및 운영 강화 연구)

  • Kang, Dongyoon;Lee, Jeawoo;Park, Wonhyung
    • Convergence Security Journal
    • /
    • v.21 no.1
    • /
    • pp.25-31
    • /
    • 2021
  • The purpose of this study was to keep the Security Control Center, which operates under a shift system, uninterrupted during the COVID-19 virus epidemic. Security facilities responding to cybersecurity threats are essential security facilities that must be operated 24 hours a day, 365 days a day in real time, and are critical to security operations and management. If security facilities such as infectious disease epidemic, system failure, and physical impact are closed or affected, they cannot respond to real-time cyberattacks and can be fatal to security issues. Recently, there have been cases in which security system facilities cannot be operated, such as the closure of facilities due to the COVID-19 virus epidemic and the availability of security systems due to the rainy season, and other cases need to be prepared. In this paper, we propose a plan to configure a security system facility as a multiplexing facility and operate it as an alternative in the event of a closed situation.

Security Framework for Intelligent Predictive Surveillance Systems (지능형 예측감시 시스템을 위한 보안 프레임워크)

  • Park, Jeonghun;Park, Namje
    • Journal of the Korea Convergence Society
    • /
    • v.11 no.3
    • /
    • pp.77-83
    • /
    • 2020
  • Recently, intelligent predictive surveillance system has emerged. It is a system that can probabilistically predict the future situation and event based on the existing data beyond the scope of the current object or object motion and situation recognition. Since such intelligent predictive monitoring system has a high possibility of handling personal information, security consideration is essential for protecting personal information. The existing video surveillance framework has limitations in terms of privacy. In this paper, we proposed a security framework for intelligent predictive surveillance system. In the proposed method, detailed components for each unit are specified by dividing them into terminals, transmission, monitoring, and monitoring layers. In particular, it supports active personal information protection in the video surveillance process by supporting detailed access control and de-identification.

Implementation of Security Information and Event Management for Realtime Anomaly Detection and Visualization (실시간 이상 행위 탐지 및 시각화 작업을 위한 보안 정보 관리 시스템 구현)

  • Kim, Nam Gyun;Park, Sang Seon
    • Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
    • /
    • v.8 no.5
    • /
    • pp.303-314
    • /
    • 2018
  • In the past few years, government agencies and corporations have succumbed to stealthy, tailored cyberattacks designed to exploit vulnerabilities, disrupt operations and steal valuable information. Security Information and Event Management (SIEM) is useful tool for cyberattacks. SIEM solutions are available in the market but they are too expensive and difficult to use. Then we implemented basic SIEM functions to research and development for future security solutions. We focus on collection, aggregation and analysis of real-time logs from host. This tool allows parsing and search of log data for forensics. Beyond just log management it uses intrusion detection and prioritize of security events inform and support alerting to user. We select Elastic Stack to process and visualization of these security informations. Elastic Stack is a very useful tool for finding information from large data, identifying correlations and creating rich visualizations for monitoring. We suggested using vulnerability check results on our SIEM. We have attacked to the host and got real time user activity for monitoring, alerting and security auditing based this security information management.