• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.49 no.4
• /
• pp.1-8
• /
• 2012

The NTFS journaling file($LogFile) is used to keep the file system clean in the event of a system crash or power failure. The operation on files leaves large amounts of information in the $LogFile. Despite the importance of a journal file as a forensic evidence repository, its structure is not well documented. The researchers used reverse engineering in order to gain a better understanding of the log record structures of address parts, and utilized the address for identifying object files to gain forensic information.

• The KIPS Transactions:PartB
• /
• v.16B no.4
• /
• pp.309-318
• /
• 2009

The researches on the system that automatically records and retrieves one's everyday life is relatively actively worked recently. These systems, called personal memex or life log, usually entail dedicated devices such as SenseCam in MyLifeBits project. This research paid attention to the digital devices such as mobile phones, credit cards, and digital camera that people use everyday. The system enables a person to store everyday life systematically that are saved in the devices or the deviced-related web pages (e.g., phone records in the cellular phone company) and to refer this quickly later. The data collection agent in the proposed system, called MyMemex, collects the personal life log "web data" using the web services that the web sites provide and stores the web data into the server. The "file data" stored in the off-line digital devices are also loaded into the server. Each of the file data or web data is viewed as a memex event that can be described by 4W1H form. The different types of data in different services are transformed into the memex event data in 4W1H form. The memex event ontology is used in this transform. Users can sign in to the web server of this service to view their life logs in the chronological manner. Users can also search the life logs using keywords. Moreover, the life logs can be viewed as a diary or story style by converting the memex events to sentences. The related memex events are grouped to be displayed as an "episode" by a heuristic identification method. A result with high accuracy has been obtained by the experiment for the episode identification using the real life log data of one of the authors.

• The KIPS Transactions:PartD
• /
• v.13D no.2 s.105
• /
• pp.147-156
• /
• 2006

Event logging plays increasingly an important role in system and network management, and syslog is a de-facto standard for logging system events. However, due to the semi-structured features of Common Log Format data most studies on log analysis focus on the frequent patterns. The extensible Markup Language can provide a nice representation scheme for structure and search of formatted data found in syslog messages. However, previous XML-formatted schemes and applications for system logging are not suitable for semantic approach such as ranking based search or similarity measurement for log data. In this paper, based on ranked keyword search techniques over XML document, we propose an XML tree structure through a new data modeling approach for syslog data. Finally, we show suitability of proposed structure for semantic retrieval.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.05a
• /
• pp.33-36
• /
• 2022

이벤트 로그(Event Log)는 윈도우 운영체제에서 시스템 로그를 기록하는 형식으로 시스템 운영에 대한 정보를 체계적으로 관리한다. 이벤트는 시스템 자체 또는 사용자의 특정 행위로 인해 발생할 수 있고, 그러한 이벤트 로그는 시스템의 시작과 종료뿐만 아니라 기업 보안 감사, 악성코드 탐지 등 행위의 근거로 사용될 수 있다. 본 논문에서는 PC 종료 관련 실험을 통해 이벤트 로그와 ID를 분석하였다. 분석 결과를 통해 PC의 정상 및 비정상 종료 여부를 판단하여, 현장 압수·수색 시 해당 저장매체에 대해 선별압수·매체압수의 해당 여부 식별이 가능하다. 본 연구는 현장수사관이 디지털증거 압수·수색 시 절차적 적법성과 증거능력 확보의 근거 활용에 기여할 수 있다.

• Proceedings of the KIEE Conference
• /
• 2003.11c
• /
• pp.552-554
• /
• 2003

This paper is about the method by which Power Control Unit(PCU) of Control Rod Control System(CRCS) logs events in the system and the real-time monitoring display. This method enables the functions like the event logging of Control Rod Drive Mechanism(CRDM)/power Cabinet, the off-line show of the event data logged and the on-line show by communication between the PCU and the monitoring display. Operators in a nuclear power plant must be able to grasp any possible abnormal states correctly. Because our newly designed system has a good ability to log and display the kinds, tine, and the prior and posterior states of urgent or non-urgent events, the operators can judge, maintain and repair the abnormal event more easily.

• The Journal of Society for e-Business Studies
• /
• v.12 no.2
• /
• pp.219-231
• /
• 2007

Based on a complex event processing technique, an event analysis method for Business Activity Monitoring(BAM) is developed to provide an early warning for on-going events so that process managers effectively detect and monitor potential risks prior to the completion of the events. In this study, process-based event monitoring procedures to extract events with significant risks are presented; Complex event patterns are defined from historical event log data and risks of events are evaluated based on the patterns. A process-based event monitoring architecture for BAM is also presented. The proposed method has been applied to a service process of a home shopping company.

• Smart Structures and Systems
• /
• v.16 no.1
• /
• pp.163-181
• /
• 2015

This research investigates the structural health monitoring of nonlinear structures after a major seismic event. It considers the identification of flag-shaped or pinched hysteresis behavior in response to structures as a more general case of a normal hysteresis curve without pinching. The method is based on the overall least squares methods and the log likelihood ratio test. In particular, the structural response is divided into different loading and unloading sub-half cycles. The overall least squares analysis is first implemented to obtain the minimum residual mean square estimates of structural parameters for each sub-half cycle with the number of segments assumed. The log likelihood ratio test is used to assess the likelihood of these nonlinear segments being true representations in the presence of noise and model error. The resulting regression coefficients for identified segmented regression models are finally used to obtain stiffness, yielding deformation and energy dissipation parameters. The performance of the method is illustrated using a single degree of freedom system and a suite of 20 earthquake records. RMS noise of 5%, 10%, 15% and 20% is added to the response data to assess the robustness of the identification routine. The proposed method is computationally efficient and accurate in identifying the damage parameters within 10% average of the known values even with 20% added noise. The method requires no user input and could thus be automated and performed in real-time for each sub-half cycle, with results available effectively immediately after an event as well as during an event, if required.

• 한국HCI학회:학술대회논문집
• /
• 2009.02a
• /
• pp.232-239
• /
• 2009

Emerging social networking services provide a new paradigm for human-to-human communication. However, these services are centralized and managed by single service provider. In this paper, we propose MicroPost, a decentralized event notification service architecture for social applications based on publish/subscribe model. In our design space, event brokers are structured as an overlay network which provides the substrate of distributed peer-to-peer lookup service for storing and retrieving subscriptions with hashed keys. Event clients interact with event brokers to publish or subscribe social messages over the wide-area network. Using XML standards, we present an efficient algorithm to forward events for rendezvous-based matching in this paper. In our design space, the cost of routing is O(${\omega}log_kN$), where N is the number of event brokers, ${\omega}$ is the number of meta-data obtained from event messages, and k is a constant, which is selected by our design, to divide the identifier space and to conquer the lookup of given key. Consequently, what we achieved is an asynchronous social messaging service architecture which is decentralized, efficient, scalable, and flexible.

• Journal of Digital Convergence
• /
• v.12 no.8
• /
• pp.351-359
• /
• 2014

The log data generated by security equipment have been synthetically analyzed on the ESM(Enterprise Security Management) base so far, but due to its limitations of the capacity and processing performance, it is not suited for big data processing. Therefore the another way of technology on the big data platform is necessary. Big Data platform can achieve a large amount of data collection, storage, processing, retrieval, analysis, and visualization by using Hadoop Ecosystem. Currently ESM technology has developed in the way of SIEM (Security Information & Event Management) technology, and to implement security technology in SIEM way, Big Data platform technology is essential that can handle large log data which occurs in the current security devices. In this paper, we have a big data platform Hadoop Ecosystem technology for analyzing the security log for sure how to implement the system model is studied.

• The Journal of Society for e-Business Studies
• /
• v.18 no.2
• /
• pp.191-203
• /
• 2013

Today, information technologies have been applied to operations in container terminals, and it is possible to collect operational log data due to development of equipment and operations technology. Terminal operators are collecting event log data and try to figure out the way of resolving operations problems. Operators want to analyze event logs to determine the causes of the operation problems, but it can hardly be done manually. In this paper, we suggest a formal framework to evaluate performance measures using the collected log data of operations in container terminals. The proposed formal framework supports different container terminal layout, operational processes, and equipment. Our formal framework is composed of specification of terminal layout, log data, workflow, statistics, and report, based on the concept of container handling objects. For validation of our framework, we have implemented a terminal performance analysis system based on the proposed framework.