The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis of Network Log based on Hadoop

하둡 기반 네트워크 로그 시스템

  • 김정준 (한국산업기술대학교 컴퓨터공학과) ;
  • 박정민 (한국산업기술대학교 컴퓨터공학과) ;
  • 정성택 (한국산업기술대학교 컴퓨터공학과)
  • Received : 2017.08.11
  • Accepted : 2017.10.13
  • Published : 2017.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Since field control equipment such as PLC has no function to log key event information in the log, it is difficult to analyze the accident. Therefore, it is necessary to secure information that can analyze when a cyber accident occurs by logging the main event information of the field control equipment such as PLC and IED. The protocol analyzer is required to analyze the field control device (the embedded device) communication protocol for event logging. However, the conventional analyzer, such as Wireshark is difficult to process the data identification and extraction of the large variety of protocols for event logging is difficult analysis of the payload data based and classification. In this paper, we developed a system for Big Data based on field control device communication protocol payload data extraction for event logging of large studies.

PLC 등의 현장제어기기는 주요 이벤트 정보를 로깅하는 기능이 없기 때문에 사고분석이 힘들다. 따라서, PLC, IED와 같은 현장제어기기의 주요 이벤트 정보를 로깅하여, 사이버 사고 발생 시 분석이 가능한 정보 확보가 필요하다. 이벤트 로깅을 위한 현장제어기기(임베디드기기) 통신 프로토콜을 분석하기 위해서는 프로토콜 애널라이저(분석기)가 필요하다. 그러나 Wireshark와 같은 기존의 분석기는 페이로드 데이터 기반의 다양한 프로토콜 분석 및 분류가 어렵고 이벤트 로깅을 위한 대용량의 데이터 식별 및 추출을 처리하기에는 어려움이 있다. 따라서, 본 논문에서는 대용량의 이벤트 로깅을 위한 빅데이터 기반 현장제어기기 통신프로토콜 페이로드 데이터 추출을 위한 시스템을 연구개발하였다.

Keywords

References

  1. An H.M, Lee S.K., Sim K.S., Kim I.H., Jin S.H., and Kim M.S., "Big-Data Traffic Analysis for the Campus Network Resource Efficiency," Journal of Koran Institue of Communications and Information Sciences, Vol.40, No.3, 2015, pp541-550. https://doi.org/10.7840/kics.2015.40.3.541
  2. Zhang J., and Moore A., "Traffic trace artifacts due to monitoring via port mirroring," Proc. of End-to-End Monitoring Techniques and Services, 2007, pp.1-8.
  3. Park J.S., Yoon S.H., and Kim M.S., "Software architecture for a lightweight payload signature-based traffic classification system," Proc. of 3rd Int.Conf. Traffic Monitoring and Analysis 11, 2011, pp.136-149.
  4. Xu K., Zhang Z.L., and Bhattacharya S., "Profiling internet backbone traffic: behavior models and applications," Proc. of ACM SIGCOMM 2005, 2005, pp.169-180.
  5. Park B.C., Won Y.J., Kim M.S., and Hong J.W., "Towards automated application signature generation for traffic identification," Proc. of IEEE NOMS 2008, 2008, pp.160-167.
  6. Oh S.J., "Design of a Smart Application using Big Data," Jounal of IIBC, Vol.15. No.6, 2015, pp.79-84.
  7. Kang J., M., "A Study on Structural Holes of Privacy Protection for Life Logging Service as analyzing/processing of Big-Data", Jounal of IIBC, Vol.14, No.1, 2014, pp.189-193.
  8. Jo H., J & Rhee P., K., "Distributed Recommendation System Using Clustering-based Collaborative Filtering Algorithmm," Jounal of IIBC, Vol.14, No.1, 2014, pp.101-107.