TY - GEN
T1 - A Study on Efficient Log Visualization Using D3 Component against APT
T2 - 3rd International Conference on Platform Technology and Service, PlatCon 2016
AU - Lee, Jaehee
AU - Jeon, Jinhyeok
AU - Lee, Changyeob
AU - Lee, Junbeom
AU - Cho, Jaebin
AU - Lee, Kyungho
N1 - Funding Information:
This research was supported by the MSIP (Ministry of Science ICT and Future Planning), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2015-R0992-15-1006) supervised by the IITP (Institute for Information & communications Technology Promotion).
Publisher Copyright:
© 2016 IEEE.
Copyright:
Copyright 2016 Elsevier B.V., All rights reserved.
PY - 2016/4/19
Y1 - 2016/4/19
N2 - APT attack has caused chaos in society since 2006. Especially, the vulnerability of the infrastructure is exposed to the outside a lot due to the development of the IT infrastructure in Korea. In addition, APT attacks targeting companies' major confidential information are increasing every year. APT attack causes negative publicity for the company and financial damage. APT is completely different from the problem which most organizations have been dealt with. Cyber-attack threats were visible in the past. But currently, APT attacks were invisible and focused on confidential data. Therefore, we need a new approach to solve this problem. We have to find traces of prejudice in the circumstances, everything seems normal. If we perform a correlation analysis of the log acquired from all the devices, systems and applications, we can easily understand the problems which occur in our information systems. Current commercial SIEM has the ability to visualize the correlation analysis and the log. But the security officer takes a lot of time to understand the visualized security logs. Moreover, due to expensive cost of SIEM solution, small companies have difficulty introducing SIEM solution. For these reasons, we have developed a SIEM solution based on open-source program such as D3 component which results in decreasing the cost of the program. In addition, we analyzed the D3 components which can visualize the security logs, and matched D3 components with the security logs. In this paper, we propose the visualization methods using D3 components for analyzing the security logs efficiently.
AB - APT attack has caused chaos in society since 2006. Especially, the vulnerability of the infrastructure is exposed to the outside a lot due to the development of the IT infrastructure in Korea. In addition, APT attacks targeting companies' major confidential information are increasing every year. APT attack causes negative publicity for the company and financial damage. APT is completely different from the problem which most organizations have been dealt with. Cyber-attack threats were visible in the past. But currently, APT attacks were invisible and focused on confidential data. Therefore, we need a new approach to solve this problem. We have to find traces of prejudice in the circumstances, everything seems normal. If we perform a correlation analysis of the log acquired from all the devices, systems and applications, we can easily understand the problems which occur in our information systems. Current commercial SIEM has the ability to visualize the correlation analysis and the log. But the security officer takes a lot of time to understand the visualized security logs. Moreover, due to expensive cost of SIEM solution, small companies have difficulty introducing SIEM solution. For these reasons, we have developed a SIEM solution based on open-source program such as D3 component which results in decreasing the cost of the program. In addition, we analyzed the D3 components which can visualize the security logs, and matched D3 components with the security logs. In this paper, we propose the visualization methods using D3 components for analyzing the security logs efficiently.
KW - APT
KW - Bigdata Visualization
KW - D3 component
KW - Log correlation analysis
KW - Log visualization
KW - SIEM
UR - http://www.scopus.com/inward/record.url?scp=84968624047&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84968624047&partnerID=8YFLogxK
U2 - 10.1109/PlatCon.2016.7456778
DO - 10.1109/PlatCon.2016.7456778
M3 - Conference contribution
AN - SCOPUS:84968624047
T3 - 2016 International Conference on Platform Technology and Service, PlatCon 2016 - Proceedings
BT - 2016 International Conference on Platform Technology and Service, PlatCon 2016 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 15 February 2016 through 17 February 2016
ER -