• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.48-59
• /
• 2018

Recently, network technology has been used in various fields due to development of network technology. However, there has been an increase in the number of attacks targeting public institutions and companies by exploiting the evolving network technology. Meanwhile, the existing network intrusion detection system takes much time to process logs as the amount of network log increases. Therefore, in this paper, we propose a Spark-based network log analysis system that detects unstructured network attack pattern. by using Snort. The proposed system extracts and analyzes the elements required for network attack pattern detection from large amount of network log data. For the analysis, we propose a rule to detect network attack patterns for Port Scanning, Host Scanning, DDoS, and worm activity, and can detect real attack pattern well by applying it to real log data. Finally, we show from our performance evaluation that the proposed Spark-based log analysis system is more than two times better on log data processing performance than the Hadoop-based system.

• Journal of Korean Library and Information Science Society
• /
• v.40 no.4
• /
• pp.139-158
• /
• 2009

This paper used the network analysis method to analyse a variety of attributes of searcher's search behaviors which was appeared on search access log data. The results of this research are as follows. First, the structure of network represented depending on the similarity of the query that user had inputed. Second, we can find out the particular searchers who occupied in the central position in the network. Third, it showed that some query were shared with ego-searcher and alter searchers. Fourth, the total number of searchers can be divided into some sub-groups through the clustering analysis. The study reveals a new recommendation algorithm of associated searchers and search query through the social network analysis, and it will be capable of utilization.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.4
• /
• pp.39-45
• /
• 2011

Application log files contain error messages; operational data and usage information that can help manage applications and servers. Log analysis system is software that read and parse log files, extract and aggregate information in order to generate reports on the application. In currently, the importance of log files of firewalls is growing bigger and bigger for the forensics of cyber crimes and the establishment of security policy. In this paper, we designed and implemented the SILAS(SysLog-based Integrated Log mAanagement System) in distribute network environments. It help to generate reports on the the log fires of firewalls - IP and users, and statistics of application usage.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.77-85
• /
• 2018

With the convergence of communications network between control system and public network, such threats like information leakage/falsification could be fully shown in control system through diverse routes. Due to the recent diversification of security issues and violation cases of new attack techniques, the security system based on the information database that simply blocks and identifies, is not good enough to cope with the new types of threat. The current control system operates its security system focusing on the outside threats to the inside, and it is insufficient to detect the security threats by insiders with　the authority of security access. Thus, this study conducted the importance analysis based on the main event log list of "Spotting the Adversary with Windows Event Log Monitoring" announced by NSA. In the results, the matter of importance of event log for the detection of insider threats to control system was understood, and the results of this study could be contributing to researches in this area.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.35-40
• /
• 2017

The control system can have such threats as information leakage and falsification through various routes due to communications network fusion with public network. As the issues about security and the infringe cases by new attack methods are diversified recently, with the security system that makes information data database by simply blocking and checking it is difficult to cope with new types of threats. It is also difficult to respond security threats by insiders who have security access authority with the existing security equipment. To respond the threats by insiders, it is necessary to collect and analyze Event Log occurring in the internal system realtime. Therefore, this study could find out whether there is correlation of the elements among Event Logs through correlation analysis based on Event Logs that occur real time in the control system, and based on the analysis result, the study is expected to contribute to studies in this field.

• Proceedings of the IEEK Conference
• /
• 2002.07a
• /
• pp.429-432
• /
• 2002

The existing recovery technique using the logging technique in the client/sewer database system only administers the log as a whole in a server. This contains the logging record transmission cost on the transaction that is executed in each client potentially and increases network traffic. In this paper, the logging technique for redo-only log is suggested, which removes the redundant before-image and supports the client-based logging to eliminate the transmission cost of the logging record. Also, in case of a client crash, redo recovery through a backward client analysis log is performed in a self-recovering way. In case of a server crash, the after-image of the pages which needs recovery through simultaneous backward analysis log is only transmitted and redo recovery is done through the received after-image and backward analysis log. Also, we select the comparing model to estimate the performance about the proposed recovery technique. And we analyzed the redo and recovery time about the change of the number of client and the rate of updating operation.

• Journal of Digital Contents Society
• /
• v.18 no.4
• /
• pp.747-751
• /
• 2017

The log has variable informations that are important and necessary to manage a network when accessed to network servers. These informations are used to reduce a cost and efficient manage a network through the meaningful prediction information extraction from the amount of user access. And, the network manager can instantly monitor the status of CPU, memory, disk usage ratio on network using the SNMP. In this paper, firstly, we have accumulated and analysed the 6 network logs and extracted the informations that used to predict the amount of user access. And then, we experimented the prediction simulation with the time series analysis such as moving average method and exponential smoothing. Secondly, we have simulated the usage ration of CPU, memory, and disk using Xian SNMP simulator and extracted the OID for the time series prediction of CPU, memory, and disk usage ration. And then, we presented the visual result of the variable experiments through the Excel and R programming language.

• Journal of Korea Multimedia Society
• /
• v.23 no.1
• /
• pp.24-30
• /
• 2020

As the number of internet-connected appliances and the variety of IoT services are rapidly increasing, it is hard to protect IT assets with traditional network security techniques. Most traditional network log analysis systems use rule based mechanisms to reduce the raw logs. But using predefined rules can't detect new attack patterns. So, there is a need for a mechanism to reduce congested raw logs and detect new attack patterns. This paper suggests enterprise security management for IoT services using graph and network measures. We model an event network based on a graph of interconnected logs between network devices and IoT gateways. And we suggest a network clustering algorithm that estimates the attack probability of log clusters and detects new attack patterns.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2004.05a
• /
• pp.544-547
• /
• 2004

Current increasingly information systems log historic information in a systematic way. Not only workflow management systems, but also ERP, CRM, SCM, and B2B systems often provide a so-called 'event log'. Unfortunately, the information in these event logs is rarely used to analyze the underlying processes. Process mining aims at improving this problem by providing techniques and tools for discovering process, control, data, organizational, and social structures from event logs. This paper focuses on the mining social networks. This is possible because event logs typically record information about the users executing the activities recorded in the log. To do this we combine concepts from workflow management and social network analysis. This paper introduces the approach and presents a tool to mine social networks from event logs.

• Journal of Information Technology Applications and Management
• /
• v.13 no.4
• /
• pp.141-153
• /
• 2006

According to supply of super high way internet service, importance of security becomes more emphasizing. Therefore, flawless security solution is needed for blocking information outflow when we send or receive data. large enterprise and public organizations can react to this problem, however, small organization with limited work force and capital can't. Therefore they need to elevate their level of information security by improving their information security system without additional money. No hackings can be done without passing invasion blocking system which installed at the very front of network. Therefore, if we manage.isolation log effective, we can recognize hacking trial at the step of pre-detection. In this paper, it supports information security manager to execute isolation log analysis very effectively. It also provides isolation log analysis module which notifies hacking attack by analyzing isolation log.