Çѱ¹Á¤º¸Åë½ÅÇÐȸ ³í¹®Áö (Journal of the Korea Institute of Information and Communication Engineering)
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
¾ÆÆÄÄ¡ ¿¤¶ó½ºÆ½¼Ä¡ ±â¹Ý ·Î±×½ºÅ½ø¦ ÀÌ¿ëÇÑ º¸¾È·Î±× ºÐ¼®½Ã½ºÅÛ |
| ¿µ¹®Á¦¸ñ(English Title) |
A Security Log Analysis System using Logstash based on Apache Elasticsearch |
| ÀúÀÚ(Author) |
À̺Àȯ
¾çµ¿¹Î
Bong-Hwan Lee
Dong-Min Yang
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 22 NO. 02 PP. 0382 ~ 0389 (2018. 02) |
Çѱ۳»¿ë
(Korean Abstract) |
ÃÖ±Ù »çÀ̹ö °ø°ÝÀº ´Ù¾çÇÑ Á¤º¸½Ã½ºÅÛ¿¡ ½É°¢ÇÑ ÇÇÇظ¦ ÁÖ°í ÀÖ´Ù. ·Î±× µ¥ÀÌÅÍ ºÐ¼®Àº ÀÌ·¯ÇÑ ¹®Á¦¸¦ ÇØ°áÇÏ´Â ÇϳªÀÇ ¹æ¹ýÀÌ´Ù. º¸¾È ·Î±× ºÐ¼®½Ã½ºÅÛÀº ·Î±× µ¥ÀÌÅÍ Á¤º¸¸¦ ¼öÁý, ÀúÀå, ºÐ¼®ÇÏ¿© º¸¾È À§Çè¿¡ ÀûÀýÈ÷ ´ëóÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù. º» ³í¹®¿¡¼´Â º¸¾È ·Î±× ºÐ¼®À» À§ÇÏ¿© ºÐ»ê °Ë»ö ¿£ÁøÀ¸·Î »ç¿ëµÇ°í ÀÖ´Â Elasticsearch¿Í ´Ù¾çÇÑ Á¾·ùÀÇ ·Î±× µ¥ÀÌÅ͸¦ ¼öÁýÇÏ°í °¡°ø ¹× ó¸®ÇÒ ¼ö ÀÖ°Ô ÇÏ´Â Logstash¸¦ »ç¿ëÇÏ¿© º¸¾È ·Î±× ºÐ¼®½Ã½ºÅÛÀ» ¼³°èÇÏ°í ±¸ÇöÇÏ¿´´Ù. ºÐ¼®ÇÑ ·Î±× µ¥ÀÌÅÍ´Â Kibana¸¦ ÀÌ¿ëÇÏ¿© ·Î±× Åë°è ¹× °Ë»ö ¸®Æ÷Æ®¸¦ »ý¼ºÇÏ°í ±× °á°ú¸¦ ½Ã°¢ÈÇÒ ¼ö ÀÖ°Ô ÇÏ¿´´Ù. ±¸ÇöÇÑ °Ë»ö¿£Áø ±â¹Ý º¸¾È ·Î±× ºÐ¼®½Ã½ºÅÛ°ú ±âÁ¸ÀÇ Flume ·Î±× ¼öÁý±â, Flume HDFS ½ÌÅ© ¹× HBase¸¦ »ç¿ëÇÏ¿© ±¸ÇöÇÑ º¸¾È ·Î±× ºÐ¼®½Ã½ºÅÛÀÇ ¼º´ÉÀ» ºñ±³ ºÐ¼®ÇÏ¿´´Ù. ½ÇÇè °á°ú Elasticsearch ±â¹ÝÀÇ ·Î±× ºÐ¼®½Ã½ºÅÛÀ» »ç¿ëÇÒ °æ¿ì ÇÏµÓ ±â¹ÝÀÇ ·Î±× ºÐ¼®½Ã½ºÅÛ¿¡ ºñÇÏ¿© µ¥ÀÌÅͺ£À̽º Äõ¸® 󸮽ð£ ¹× ·Î±× µ¥ÀÌÅÍ ºÐ¼® ½Ã°£À» ÇöÀúÇÏ°Ô ÁÙÀÏ ¼ö ÀÖÀ½À» º¸¿´´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
Recently cyber attacks can cause serious damage on various information systems. Log data analysis would be able to resolve this problem. Security log analysis system allows to cope with security risk properly by collecting, storing, and analyzing log data information. In this paper, a security log analysis system is designed and implemented in order to analyze security log data using the Logstash in the Elasticsearch, a distributed search engine which enables to collect and process various types of log data. The Kibana, an open source data visualization plugin for Elasticsearch, is used to generate log statistics and search report, and visualize the results. The performance of Elasticsearch-based security log analysis system is compared to the existing log analysis system which uses the Flume log collector, Flume HDFS sink and HBase. The experimental results show that the proposed system tremendously reduces both database query processing time and log data analysis time compared to the existing Hadoop-based log analysis system.
|
| Å°¿öµå(Keyword) |
º¸¾È
·Î±×½ºÅ½Ã
¿¤¶ó½Ãƽ¼Ä¡
ÇϵÓ
Security
Logstacy
Elasticsearch
Hadoop
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
