Результаты исследований: Глава в книге, отчете, сборнике статей › Материалы конференции › Рецензирование
Результаты исследований: Глава в книге, отчете, сборнике статей › Материалы конференции › Рецензирование
}
TY - GEN
T1 - Analysis of Operating System Event Logs when Investigating Information Security Incidents
AU - Stepanenko, Dmitry v.
AU - Stoychin, Krasimir l.
AU - Shevchenko, Daria v.
PY - 2023/5/15
Y1 - 2023/5/15
N2 - The article proposes a method based on the analysis of the event logs of the Linux operating system, which allows you to automatically detect information security events. The method consists of sequentially implemented steps: reading event logs into single data arrays, clustering and classifying event log entries by available attributes based on regular expressions. Based on the results of the classification of records, histograms of the distribution of information security events by day are formed, which allow us to assess the need for advanced data analysis on the carrier (on the device) where the incident occurred. In addition, the analysis of the existing basic clustering algorithms on the affected topic was carried out, their quantitative and qualitative assessment was given. Separately, emphasis is placed on the use of the ELK Stack (Elasticsearch, Logstash, and Kibana) framework as a set of components that provide convenient centralized logging from different servers and data centers.
AB - The article proposes a method based on the analysis of the event logs of the Linux operating system, which allows you to automatically detect information security events. The method consists of sequentially implemented steps: reading event logs into single data arrays, clustering and classifying event log entries by available attributes based on regular expressions. Based on the results of the classification of records, histograms of the distribution of information security events by day are formed, which allow us to assess the need for advanced data analysis on the carrier (on the device) where the incident occurred. In addition, the analysis of the existing basic clustering algorithms on the affected topic was carried out, their quantitative and qualitative assessment was given. Separately, emphasis is placed on the use of the ELK Stack (Elasticsearch, Logstash, and Kibana) framework as a set of components that provide convenient centralized logging from different servers and data centers.
UR - http://www.scopus.com/inward/record.url?partnerID=8YFLogxK&scp=85164958542
U2 - 10.1109/USBEREIT58508.2023.10158875
DO - 10.1109/USBEREIT58508.2023.10158875
M3 - Conference contribution
SP - 313
EP - 315
BT - Proceedings - 2023 IEEE Ural-Siberian Conference on Biomedical Engineering, Radioelectronics and Information Technology, USBEREIT 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2023 IEEE Ural-Siberian Conference on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT)
Y2 - 15 May 2023 through 17 May 2023
ER -
ID: 41988540