A SURVEY OF NETWORK SERVICE LOG PROCESSING PLATFORMS AND TECHNIQUES FOR THE DETECTION OF INFORMATION INSECURITY RISKS

Authors

  • Phạm Duy Lộc The Faculty of Information Technology, Dalat University, Viet Nam
  • Hoàng Xuân Dậu The Faculty of Information Technology, Posts and Telecommunications Institute of Technology, Viet Nam

DOI:

https://doi.org/10.37569/DalatUniversity.8.2.405(2018)

Keywords:

Anomaly detection, Intrusion detection, Security information and event management.

Abstract

In the layers of information security measures, the monitoring and detection measures of anomalous activities and information insecurity risks are considered the second defense layer behind firewalls and access controls. This defense layer includes intrusion detection and prevention systems for hosts and networks. This paper examines platforms, tools and techniques for processing and analyzing access logs of network service servers for the detection of anomalous activities and information insecurity risks. Based on the survey results, the paper proposes the architecture of the monitoring and information security insurance system for small and medium-sized networks of organizations with limited resources.

Downloads

Download data is not yet available.

References

Antonakakis, M., Perdisci, R., Lee, W., Vasiloglou, N. I. I., & Dagon, D. (2011). Detecting malware domains at the upper DNS hierarchy. Retrieved from http://astrolavos.gatech.edu/articles/kopis.pdf.

Bilge, L., Kirda, E., Kruegel, C., & Balduzzi, M. (2011). EXPOSURE: Finding malicious domains using passive DNS analysis. Paper presented at The Network and Distributed System Security Symposium, USA.

Cho, S., & Cha, S. (2004). SAD: Web session anomaly detection based on parameter estimation. Journal of Computers & Security, 23(4), 312-319.

Cục An toàn Thông tin. (2016). Báo cáo An toàn thông tin Việt Nam 2016. Hà Nội, Việt Nam: Cục An toàn Thông tin.

Faradzhullaev, R. (2008). Analysis of Web server log files and attack detection. Journal of Automatic Control and Computer Sciences, 42(1), 50-54.

Graylog. (2017). Enterprise log management for all. Retrieved from https://www.graylog.org.

IBM QRadar. (2017). How QRadar SIEM can help your business. Retrieved from https://www.ibm.com/ms-en/marketplace/ibm-qradar-siem.

Jiang, N., Cao, J., Jin, Y., Li, L., & Zhang, Z. L. (2010). Identifying suspicious activities through DNS failure graph analysis. Paper presented at The IEEE International Conference on Network Protocols (ICNP), Japan.

Kheir, N., Tran, F., Caron, P., & Deschamps, N. (2014). Mentor: Positive DNS reputation to skim-off benign domains in botnet C&C blacklists. Paper presented at The ICT Systems Security and Privacy Protection Conference, Morocco.

Kruegel, C., & Giovanni, V. (2003). Anomaly detection of Web-based attacks. Paper presented at The ACM Conference on Computer and Communications Security, USA.

LOGalyze. (2017). Free unlimited log management tool for everyone. Retrieved from http://www.logalyze.com.

Logstash. (2017). Centralize, transform, & stash your data. Retrieved from http://logstash.net.

Ma, X., Zhang, J., Li, Z., Li, J., Tao, J., Guan, X., Lui, J. C., & Towsley, D. (2015). Accurate DNS query characteristics estimation via active probing. Journal of Network Computing Applications, 47, 72-84.

Meyer, R. (2008). Detecting attacks on Web applications from log files. Retrieved from https://www.sans.org/reading-room/whitepapers/logging/detecting-attacks-web-applications-log-files-2074.

Moh, M., Pininti, S., Doddapaneni, S., & Moh, T. S. (2016). Detecting Web attacks using multi-stage log analysis. Paper presented at The International Conference on Advanced Computing (IACC), India.

Perdisci, R., Corona, I., Dagon, D., & Lee, W. (2009). Detecting malicious flux service networks through passive analysis of recursive DNS traces. Paper presented at The Annual Computer Security Applications Conference (ACSAC), USA.

Ramachandran, A., Feamster, N., & Dagon, D. (2006). Revealing botnet membership using DNSBL counter-intelligence. Retrieved from https://www.usenix.org/legacy/event/sruti06/tech/full_papers/ramachandran/ramachandran_html/index.html.

Salama, S. E., Marie, M. I., El-fangary, L. M., & Helmy, Y. K. (2011). Web server logs preprocessing for Web intrusion detection. Journal of Computer and Information Science, 4(4), 123-133.

Snort. (2017). Snort IDS. Retrieved from http://www.snort.org.

Splunk. (2017). Hyatt innovates and ensures seamless customer experience with Splunk. Retrieved from http://www.splunk.com.

Stalmans, E., & Irwin, B. (2011). A framework for DNS based detection and mitigation of malware infections on a network. Paper presented at The Information Security South Africa (ISSA), South Africa.

Sumo Logic. (2017). Delight your customers with modern analytics. Retrieved from http://www.sumologic.com.

Villamari, S. R., & Brustoloni, J. C. (2008). Identifying botnets using anomaly detection techniques applied to DNS traffic. Paper presented at The Consumer Communications and Networking Conference (CCNC), USA.

VNCS. (2017). Giải pháp giám sát Website tập trung. Retrieved from http://vncs.vn/portfolio/giai-phap-giam-sat-websites-tap-trung.

Webalizer. (2017). The Webalizer. Retrieved from http://www.webalizer.org.

Yadav, S., Reddy, A. K. K., Reddy, A., & Ranjan, S. (2010). Detecting algorithmically generated malicious domain names. Paper presented at The ACM SIGCOMM Conference on Internet Measurement, Australia.

Yen, T. F., Oprea, A., Onarlioglu, K., Leetham, T., Robertson, W., Juels, A., & Kirda, E. (2013). Beehive: Large-scale log analysis detecting suspicious activity in enterprise networks. Paper presented at The Annual Computer Security Applications Conference, USA.

Published

01-07-2018

Volume and Issues

Section

Natural Sciences and Technology

How to Cite

Lộc, P. D., & Dậu, H. X. (2018). A SURVEY OF NETWORK SERVICE LOG PROCESSING PLATFORMS AND TECHNIQUES FOR THE DETECTION OF INFORMATION INSECURITY RISKS. Dalat University Journal of Science, 8(2), 89-108. https://doi.org/10.37569/DalatUniversity.8.2.405(2018)