• Journal of Platform Technology
• /
• v.8 no.4
• /
• pp.38-46
• /
• 2020

This study describes how to build a security control system using an open source big data solution so that private companies can build an overall security control infrastructure. In particular, the infrastructure was built using the Elastic Stack, one of the free open source big data analysis solutions, as a way to shorten the cost and development time when building a security control system. A comparative experiment was conducted. In addition, as a result of comparing and analyzing the functions, convenience, service and technical support of the two solution, it was found that the Elastic Stack has advantages in the security control of Big Data in terms of community and open solution. Using the Elastic Stack, security logs were collected, analyzed, and visualized step by step to create a dashboard, input large logs, and measure the search speed. Through this, we discovered the possibility of the Elastic Stack as a big data analysis solution that could replace Splunk.

• Journal of the Korea Society for Simulation
• /
• v.27 no.3
• /
• pp.65-73
• /
• 2018

In this paper, we propose a simulation output analysis environment using Elastic Stack technology in order to reduce the complexity of the simulation analysis process. The proposed simulation output analysis environment automatically transfers simulation outputs to a centralized analysis server from a set of simulation execution resources, physically separated over a network, manages the collected simulation outputs in a fashion that further analysis tasks can be easily performed, and provides a connection to analysis and visualization services of Kibana in Elastic Stack. The proposed analysis environment provides scalability where a set of computation resources can be added on demand. We demonstrate how the proposed simulation output analysis environment can perform the simulation output analysis effectively with an example of spreading epidemic diseases, such as influenza and flu.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.3-9
• /
• 2024

Currently, cyberattacks and security threats are constantly evolving, and organizations need quick and efficient security response methods. This paper proposes ways to strengthen internal network security by utilizing Unified Threat Management (UTM) equipment to improve network security and effectively manage and analyze the log data of the internal network collected through these equipment using Elastic Stack (Elasticsearch, Logstash, Kibana, hereinafter referred to as ELK Stack).

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.772-786
• /
• 2021

The process of tracking suspicious behavior manually on a system and gathering evidence are labor-intensive, variable, and experience-dependent. The system logs are the most important sources for evidences in this process. However, in the Microsoft Windows operating system, the action events are irregular and the log structure is difficult to audit. In this paper, we propose a model that overcomes these problems and efficiently analyzes Microsoft Windows logs. The proposed model extracts lists of both common and key events from the Microsoft Windows logs to determine detailed actions. In addition, we show an approach based on the proposed model applied to track illegal file access. The proposed approach employs three-step tracking templates using Elastic Stack as well as key-event, common-event lists and identify event lists, which enables visualization of the data for analysis. Using the three-step model, analysts can adjust the depth of their analysis.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.11a
• /
• pp.420-423
• /
• 2020

본 연구에서는 민간기업들이 전체적인 보안관제 인프라를 구축 할 수 있도록 오픈소스 빅데이터 솔루션을 이용하여 보안관제 체계를 구축하는 방법을 기술한다. 특히, 보안관제 시스템을 구축할 때 비용·개발시간을 단축 할 수 있는 하나의 방법으로 무료 오픈소스 빅데이터 분석 솔루션 중 하나인 Elastic Stack을 활용하여 인프라를 구축했으며, 산업에 많이 도입되는 제품인 Splunk와 비교실험을 진행했다. Elastic Stack을 활용해 보안로그를 단계별로 수집-분석-시각화 하여 대시보드를 만들고 대용량 로그를 입력 후 검색속도를 측정하였다. 이를 통해 Elastic Stack이 Splunk를 대체 할 수 있는 빅데이터 분석 솔루션으로서의 가능성을 발견했다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.1144-1147
• /
• 2021

코로나19 대유행으로 인해 전 세계가 원격으로 일상을 옮겨가면서 인터넷 트래픽량이 증가하고 보안 위협 또한 높아졌다. 높은 보안성이 요구되는 현 상황에 대응하기 위해 본 논문에서는 Suricata와 Elastic Stack, Kafka를 이용해 보안관제 로그 분석시스템을 구축하였다. 실시간으로 공격을 탐지하고 로그를 수집해 유의미한 데이터를 도출하여 시각화한다. 또한 시각화 한 대시보드를 제공함으로써 사용자는 공격의 위험도를 파악할 수 있고 앞으로의 공격을 대비할 수 있다.

• Smart Media Journal
• /
• v.7 no.4
• /
• pp.70-78
• /
• 2018

Current trends in information system have led many companies to adopt security solutions. However, even with a large budget, they cannot function properly without proper security monitoring that manages them. Security monitoring necessitates a quick response in the event of a problem, and it is needed to design appropriate visualization dashboards for monitoring purposes so that necessary information can be delivered quickly. This paper shows how to visualize a security log using the open source program Elastic Stack and demonstrates that the proposed method is suitable for network security monitoring by implementing it as a appropriate dashboard for monitoring purposes. We confirmed that the dashboard was effectively exploited for the analysis of abnormal traffic growth and attack paths.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.5
• /
• pp.303-314
• /
• 2018

In the past few years, government agencies and corporations have succumbed to stealthy, tailored cyberattacks designed to exploit vulnerabilities, disrupt operations and steal valuable information. Security Information and Event Management (SIEM) is useful tool for cyberattacks. SIEM solutions are available in the market but they are too expensive and difficult to use. Then we implemented basic SIEM functions to research and development for future security solutions. We focus on collection, aggregation and analysis of real-time logs from host. This tool allows parsing and search of log data for forensics. Beyond just log management it uses intrusion detection and prioritize of security events inform and support alerting to user. We select Elastic Stack to process and visualization of these security informations. Elastic Stack is a very useful tool for finding information from large data, identifying correlations and creating rich visualizations for monitoring. We suggested using vulnerability check results on our SIEM. We have attacked to the host and got real time user activity for monitoring, alerting and security auditing based this security information management.

• Proceedings of the Korean Society for Noise and Vibration Engineering Conference
• /
• 2008.11a
• /
• pp.230-236
• /
• 2008

In this paper, a model-based stick-slip compensation for the micro-positioning is proposed using an enhanced stick-slip model based on statistical rough surface contact model. The smart structure is comprised with PZT (lead (Pb) zirconia (Zr) Titanate (Ti)) based stack actuator incorporating with the PID (Proportional-Integral-Derivative) control algorithm, mechanical displacement amplifier and positioning devices. For the stick-slip compensation, the elastic-plastic static friction model is used considering the elastic-plastic asperity contact in the rough surfaces statistically. Mathematical model of system for the positioning apparatus was derived from the dynamic behaviors of structural parts. PID feedback control algorithms with the developed stick-slip model as well as feedforward friction compensator are formulated for achieving the accurate positioning performance. Experimental results are provided to show the performances of friction control using the developed positioning apparatus.

• Transactions of the Korean Society for Noise and Vibration Engineering
• /
• v.18 no.11
• /
• pp.1134-1142
• /
• 2008

In this paper, a model-based stick-slip compensation for the micro-positioning is proposed using an enhanced stick-slip model based on statistical rough surface contact model. The smart structure is comprised with PZT(lead (Pb) zirconia(Zr) Titanate(Ti)) based stack actuator incorporating with the PID(proportional-integral-derivative) control algorithm, mechanical displacement amplifier and positioning devices. For the stick-slip compensation, the elastic-plastic static friction model is used considering the elastic-plastic asperity contact in the rough surfaces statistically. Mathematical model of system for the positioning apparatus was derived from the dynamic behaviors of structural parts. PID feedback control algorithms with the developed stick-slip model as well as feedforward friction compensator are formulated for achieving the accurate positioning performance. Experimental results are provided to show the performances of friction control using the developed positioning apparatus.