• Title/Summary/Keyword: event log

Search Result 147, Processing Time 0.026 seconds

Implementation of Security Information and Event Management for Realtime Anomaly Detection and Visualization (실시간 이상 행위 탐지 및 시각화 작업을 위한 보안 정보 관리 시스템 구현)

  • Kim, Nam Gyun;Park, Sang Seon
    • Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
    • /
    • v.8 no.5
    • /
    • pp.303-314
    • /
    • 2018
  • In the past few years, government agencies and corporations have succumbed to stealthy, tailored cyberattacks designed to exploit vulnerabilities, disrupt operations and steal valuable information. Security Information and Event Management (SIEM) is useful tool for cyberattacks. SIEM solutions are available in the market but they are too expensive and difficult to use. Then we implemented basic SIEM functions to research and development for future security solutions. We focus on collection, aggregation and analysis of real-time logs from host. This tool allows parsing and search of log data for forensics. Beyond just log management it uses intrusion detection and prioritize of security events inform and support alerting to user. We select Elastic Stack to process and visualization of these security informations. Elastic Stack is a very useful tool for finding information from large data, identifying correlations and creating rich visualizations for monitoring. We suggested using vulnerability check results on our SIEM. We have attacked to the host and got real time user activity for monitoring, alerting and security auditing based this security information management.

Simulation-Based Operational Risk Assessment (시뮬레이션 기법을 이용한 운영리스크 평가)

  • Hwang, Myung-Soo;Lee, Young-Jai
    • Journal of Information Technology Services
    • /
    • v.4 no.1
    • /
    • pp.129-139
    • /
    • 2005
  • This paper proposes a framework of Operational Risk-based Business Continuity System(ORBCS), and develops protection system for operational risk through operational risk assessment and loss distribution approach based on risk management guideline announced in the basel II. In order to find out financial operational risk, business processes of domestic bank are assorted by seven event factors and eight business activities so that we can construct the system. After we find out KRI(Key Risk Indicator) index, tasks and risks, we calculated risk possibility and expected cost by analyzing quantitative data, questionnaire and qualitative approach for AHP model from the past events. Furthermore, we can assume unexpected cost loss by using loss distribution approach presented in the basel II. Each bank can also assume expected loss distributions of operational risk by seven event factors and eight business activities. In this research, we choose loss distribution approach so that we can calculate operational risk. In order to explain number of case happened, we choose poisson distribution, log-normal distribution for loss cost, and estimate model for Monte-Carlo simulation. Through this process which is measured by operational risk. of ABC bank, we find out that loss distribution approach explains closer unexpected cost directly compared than internal measurement approach, and makes less unexpected cost loss.

A Study on ESM(Enterprise Security Management) System Standard (통합 보안 관리 시스템 표준화에 대한 연구)

  • 소우영
    • Convergence Security Journal
    • /
    • v.2 no.2
    • /
    • pp.109-121
    • /
    • 2002
  • As the development of information technology and thus the growth of security incidents, there has been increasing demand on developing a system for centralized security management, also known as Enterprise Security Management(ESM), uniting functions of various security systems such as firewall, intrusion detection system, virtual private network and so on. Unfortunately, however, developers have been suffering with a lack of related standard. Although ISTF recently announced firewall system and intrusion detection system log format, it still needs for truly efficient ESM further development of the related standard including event and control messaging. This paper analyses ISTF standard and further suggests an additional event and control messaging standard for firewall and intrusion detection systems. It is expected that this effort would be helpful for the development of ESM and further related standard.

  • PDF

Analysis Framework using Process Mining for Block Movement Process in Shipyards (조선 산업에서 프로세스 마이닝을 이용한 블록 이동 프로세스 분석 프레임워크 개발)

  • Lee, Dongha;Bae, Hyerim
    • Journal of Korean Institute of Industrial Engineers
    • /
    • v.39 no.6
    • /
    • pp.577-586
    • /
    • 2013
  • In a shipyard, it is hard to predict block movement due to the uncertainty caused during the long period of shipbuilding operations. For this reason, block movement is rarely scheduled, while main operations such as assembly, outfitting and painting are scheduled properly. Nonetheless, the high operating costs of block movement compel task managers to attempt its management. To resolve this dilemma, this paper proposes a new block movement analysis framework consisting of the following operations: understanding the entire process, log clustering to obtain manageable processes, discovering the process model and detecting exceptional processes. The proposed framework applies fuzzy mining and trace clustering among the process mining technologies to find main process and define process models easily. We also propose additional methodologies including adjustment of the semantic expression level for process instances to obtain an interpretable process model, definition of each cluster's process model, detection of exceptional processes, and others. The effectiveness of the proposed framework was verified in a case study using real-world event logs generated from the Block Process Monitoring System (BPMS).

An Empirical Study on Manufacturing Process Mining of Smart Factory (스마트 팩토리의 제조 프로세스 마이닝에 관한 실증 연구)

  • Taesung, Kim
    • Journal of the Korea Safety Management & Science
    • /
    • v.24 no.4
    • /
    • pp.149-156
    • /
    • 2022
  • Manufacturing process mining performs various data analyzes of performance on event logs that record production. That is, it analyzes the event log data accumulated in the information system and extracts useful information necessary for business execution. Process data analysis by process mining analyzes actual data extracted from manufacturing execution systems (MES) to enable accurate manufacturing process analysis. In order to continuously manage and improve manufacturing and manufacturing processes, there is a need to structure, monitor and analyze the processes, but there is a lack of suitable technology to use. The purpose of this research is to propose a manufacturing process analysis method using process mining and to establish a manufacturing process mining system by analyzing empirical data. In this research, the manufacturing process was analyzed by process mining technology using transaction data extracted from MES. A relationship model of the manufacturing process and equipment was derived, and various performance analyzes were performed on the derived process model from the viewpoint of work, equipment, and time. The results of this analysis are highly effective in shortening process lead times (bottleneck analysis, time analysis), improving productivity (throughput analysis), and reducing costs (equipment analysis).

Additive hazards models for interval-censored semi-competing risks data with missing intermediate events (결측되었거나 구간중도절단된 중간사건을 가진 준경쟁적위험 자료에 대한 가산위험모형)

  • Kim, Jayoun;Kim, Jinheum
    • The Korean Journal of Applied Statistics
    • /
    • v.30 no.4
    • /
    • pp.539-553
    • /
    • 2017
  • We propose a multi-state model to analyze semi-competing risks data with interval-censored or missing intermediate events. This model is an extension of the three states of the illness-death model: healthy, disease, and dead. The 'diseased' state can be considered as the intermediate event. Two more states are added into the illness-death model to incorporate the missing events, which are caused by a loss of follow-up before the end of a study. One of them is a state of the lost-to-follow-up (LTF), and the other is an unobservable state that represents an intermediate event experienced after the occurrence of LTF. Given covariates, we employ the Lin and Ying additive hazards model with log-normal frailty and construct a conditional likelihood to estimate transition intensities between states in the multi-state model. A marginalization of the full likelihood is completed using adaptive importance sampling, and the optimal solution of the regression parameters is achieved through an iterative quasi-Newton algorithm. Simulation studies are performed to investigate the finite-sample performance of the proposed estimation method in terms of empirical coverage probability of true regression parameters. Our proposed method is also illustrated with a dataset adapted from Helmer et al. (2001).

Automatic Test Report Recording Program Design and Implementation for Integration Test (통합시험을 위한 자동 시험일지 작성프로그램 설계 및 구현)

  • Jeong, Younghwan;Song, Kyoungrok;Lee, Wonsik;Wi, Sounghyouk
    • KIISE Transactions on Computing Practices
    • /
    • v.24 no.1
    • /
    • pp.33-39
    • /
    • 2018
  • For the integration test in the current field of defense simulation, each actual equipment and simulator's logging information is automated. Although the event of the integrated test system is written in the test log, it is not automated, and relies on the operator's handwriting or file creation, resulting in ineffective aspects such as low-quality record content and repetition of the same content. In this study, we propose the automatic test report recording program that solves these problems. Automatic test report recording program uses framework-based technology to receive information from the test control computer and user to record a log of the test log. Automatic test report recording program allows the user to record the repeated test content in a stable manner. Additionally, even if the number of test operators is limited, the efficiency is improved so that we can fucus on the integration test.

An event-driven intelligent failure analysis for marine diesel engines (이벤트 기반 지능형 선박엔진 결함분석)

  • Lee, Yang-Ji;Kim, Duck-Young;Hwang, Min-Soon;Cheong, Young-Soo
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.17 no.4
    • /
    • pp.71-85
    • /
    • 2012
  • This paper aims to develop an event-driven failure analysis and prognosis system that is able to monitor ship status in real time, and efficiently react unforeseen system failures. In general, huge amount of recorded sensor data must be effectively interpreted for failure analysis, but unfortunately noise and redundant information in the gathered sensor data are obstacles to a successful analysis. This paper therefore applies 'Equal-frequency binning' and 'Entropy' techniques to extract only important information from the raw sensor data while minimizing information loss. The efficiency of the developed failure analysis system is demonstrated with the collected sensor data from a marine diesel engine.

Repair Cost Analysis for Chloride Ingress on RC Wall Considering Log and Normal Distribution of Service Life (로그 및 정규분포 수명함수를 고려한 콘크리트 벽체의 염해 보수비용 산정)

  • Yoon, Yong-Sik;Kwon, Seung-Jun
    • Journal of the Korea institute for structural maintenance and inspection
    • /
    • v.23 no.2
    • /
    • pp.10-19
    • /
    • 2019
  • Management plan with repairing is essential for RC structures exposed to chloride attack since durability problems occur with extended service life. Conventionally deterministic method is adopted for evaluation of service life and repair cost, however more reasonable repair cost can be obtained through continuous repair cost from probabilistic maintenance technique. Unlike the previous researches considering only normal distribution of life time, PLTFs (Probabilistic Life Time Function) which can be capable of handling log and normal distributions are attempted for initial and repair service life, and repair cost is evaluated for OPC and GGBFS concrete. PLTF with log distributions in initial service life is more effective to save repair cost since it is more dominant after average than normal distribution. Repair cost in GGBFS concrete decreases to 30% of OPC concrete due to longer initial service life and lower repairing event. The proposed PLTF from the work can handle not only normal distributions but also log distributions for initial and repair service life, so that it can provide more reasonable repair cost evaluation.

A Study on Process Mining for B2C service industry (B2C 서비스 산업의 프로세스 마이닝에 대한 연구)

  • Kang, Min-Shik
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2012.05a
    • /
    • pp.785-788
    • /
    • 2012
  • 최근 B2C 서비스산업에 있어 기업 간의 경쟁이 심화되고 새로운 비즈니스 가치 창출을 위한 필요 성이 증대되고 있는 상황에서, 기업들은 비즈니스 프로세스 관리 기술에 많은 관심을 기울이고 있다. 프로세스의 최적화를 통해 지속적으로 서비스 품질을 개선하기 위해 비즈니스 프로세스 재설계의 근거로 사용될 수 있는 비즈니스 프로세스 마이닝이 중요한 개념으로 인식되고 있다. 하지만 기존의 프로세스 마이닝에 관한 연구에서는 완성되어 있는 프로세스 로그를 기반으로 워크플로우 기반의 프 로세스 모델을 추출하는 단조로운 형태였기 때문에 다양한 형태의 비즈니스 프로세스를 표현하는데 한계가 있었다. 본 논문에서는 컨벤션, 대학,병원등 광범위한 지식서비스 분야에서 적합한 Prototype 기관을 Test bed로 다양한 프로세스 마이닝 기법으로 분석하여 해당 조직의 문제 프로세스를 발견하 고 개선점을 제안하다. 또한 B2C 서비스 산업에서 적절한 Test bed를 선정하여, 실제 프로세스를 기 존의 legacy system의 event log file에서 분석하여 bottle neck process를 찾아내고, 문제 프로세스를 개선하는 과정을 자동화된 모델링 및 분석 툴을 사용하여 실증적으로 보여준다.

  • PDF