Journal of Digital Contents Society (디지털콘텐츠학회 논문지)

Digital Contents Society (한국디지털콘텐츠학회)
권호 표지
DOI QR코드

DOI QR Code

Security Operation Implementation through Big Data Analysis by Using Open Source ELK Stack

오픈소스 ELK Stack 활용 정보보호 빅데이터 분석을 통한 보안관제 구현

  • Hyun, Jeong-Hoon (Department of Big Data Application and Security, Korea University) ;
  • Kim, Hyoung-Joong (Department of Big Data Application and Security, Korea University)
  • 현정훈 (고려대학교 빅데이터 응용 및 보안학과) ;
  • 김형중 (고려대학교 빅데이터 응용 및 보안학과)
  • Received : 2017.11.21
  • Accepted : 2018.01.29
  • Published : 2018.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

With the development of IT, hacking crimes are becoming intelligent and refined. In Emergency response, Big data analysis in information security is to derive problems such as abnormal behavior through collecting, storing, analyzing and visualizing whole log including normal log generated from various information protection system. By using the full log data, including data we have been overlooked, we seek to detect and respond to the abnormal signs of the cyber attack from the early stage of the cyber attack. We used open-source ELK Stack technology to analyze big data like unstructured data that occur in information protection system, terminal and server. By using this technology, we can make it possible to build an information security control system that is optimized for the business environment with its own staff and technology. It is not necessary to rely on high-cost data analysis solution, and it is possible to accumulate technologies to defend from cyber attacks by implementing protection control system directly with its own manpower.

IT발전과 함께 해킹 범죄는 지능화, 정교화 되고 있다. 침해대응에 있어 빅데이터 분석이란 정보보호 시스템에서 발생하는 정상로그 등 전체 로그를 수집, 저장, 분석 및 시각화하여 이상행위와 같은 특이점을 도출하는 것이다. 기존에 간과해왔던 데이터를 포함하는 전수 로그를 활용하여 사이버 침해의 초기단계에서부터 침해에 대한 이상 징후를 탐지 및 대응하고자 한다. 정보보호 시스템과 단말 및 서버 등에서 발생하는 비정형에 가까운 빅데이터를 분석하기 위해서 오픈소스 기술을 사용하였다. ELK Stack 오픈소스를 사용한다는 점은 해당 기관의 자체 인력으로 기업 환경에 최적화된 정보보호 관제 체계를 구축하는 것이다. 고가의 상용 데이터 통합 분석 솔루션에 의존할 필요가 없으며, 자체 인력으로 직접 정보보호 관제 체계를 구현함으로써 침해대응의 기술 노하우 축적이 가능하다.

Keywords

References

  1. H. O. Koo, S. H. Baek, and C. S. Oh, "Effective traffic analysis in DDoS attack", Journal of the Korea Contents Society, Vol. 2, No. 1, pp. 268-272, May 2004
  2. T. Y. Shim, I. J. Choi, J. I. Lee, B. K. Hong, and C. S. Oh, "Methodology for DDoS Detection Using Pattern Matching in Distributed Environment", Journal of the Korea Institute of Information Technology, Vol. 11, No. 8, pp. 101-110, Jul. 2013
  3. M. Kaeo, Designing Network Security, 2nd ed. Cisco Press, pp. 343-353, Mar. 2004
  4. D. S. Moon, H. S. Lee, and I. K. Kim, "Host based Feature Description Method for Detecting APT Attack", Journal of the Korea Institute of Information Security & Cryptology, Vol. 24, No. 5, pp. 839-850, Oct. 2014 https://doi.org/10.13089/JKIISC.2014.24.5.839
  5. I. S. Jeon, K. H. Han, D. W. Kim, and J. Y. Choi, "Using the SIEM Software vulnerability detection model proposed", Journal of the Korea Institute of Information Security & Cryptology, Vol. 24, No. 4, pp. 961-974, Aug. 2015
  6. S. J. Lee and D. H. Lee, "Real time predictive analytic system design and implementation using Big Data-log" Journal of the Korea Institute of Information Security & Cryptology, Vol. 25, No. 6, pp. 1399-1410, Dec. 2015 https://doi.org/10.13089/JKIISC.2015.25.6.1399
  7. D. K. Kim, S. B. Pyo, and C. H. Kim, "Study on APT Attack response Techniques Based on Big Data Analysis", The Society of Convergence Knowledge Transactions, Vol. 4, No. 1, pp. 29-34, Jan. 2016
  8. J. S. Hong, Y. H. Lim, W. H. Park, and K. H. Kook, "Improved Security Monitoring and Control Using Analysis of Cyber Attack in Small Businesses", Journal of Society for e-Business Studies, Vol. 19, No. 4, pp. 195-204, Nov. 2014
  9. Verizon. 2012 Data Breach Investigations Report [Internet]. Available: http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2012-ebk_en_xg.pdf
  10. H. J. Kim, J. H. Hyun, H. J. Lee, P. J. Park, and A. L. Lee, The 4th Industrial Revolution Futures technology and Security of Company, 1st ed. InfoTheBooks, pp. 61-73, Jan. 2017
  11. D. J. Jeon and D. G. Park, "Analysis Model for Prediction of Cyber Threats by Utilizing Big Data Technology", Journal of Korea Institute of Information Technology Vol. 12, No. 5, pp. 81-100, May 31. 2014
  12. S. J. Moon, "Server Management Prediction System based on Network Log and SNMP", Journal of Digital Contents Society Vol. 18, No. 4, pp 747-751, Jul. 2017 https://doi.org/10.9728/DCS.2017.18.4.747
  13. ElasticSearch [Internet]. Available: https://www.elastic.co/kr/products/elasticsearch
  14. S. W. Son, K. S. Kim, J. W. Choi, and G. S. Lee, "Development of Managing Security Services System Protection Profile", Journal of Digital Contents Society Vol. 16, No. 2, pp 345-353, Apr. 2015 https://doi.org/10.9728/dcs.2015.16.2.345
  15. J. W. Yoon, C. Y. Park, and U. S. Song, "Building the Educational Practice System based on Open Source Cloud Computing", Journal of Digital Contents Society Vol. 14, No. 4, pp 505-511, Dec. 2013 https://doi.org/10.9728/dcs.2013.14.4.505

Cited by

  1. 네트워크 보안 관제를 위한 로그 시각화 방법 vol.7, pp.4, 2018, https://doi.org/10.30693/smj.2018.7.4.70
  2. 딥러닝을 활용한 마스크 착용 얼굴 체온 측정 시스템 vol.24, pp.2, 2021, https://doi.org/10.9717/kmms.2020.24.2.208
  3. 웹 모니터링 기반 암호화 웹트래픽 공격 탐지 시스템 vol.25, pp.3, 2018, https://doi.org/10.6109/jkiice.2021.25.3.449