Network security enhancement through effective log analysis using ELK

2017 International Conference on Computing Methodologies and Communication (ICCMC) Pub Date : 2017-07-18 DOI:10.1109/ICCMC.2017.8282530

Ibrahim Yahya Mohammed Al-Mahbashi, M. Potdar, Prashant Chauhan

{"title":"Network security enhancement through effective log analysis using ELK","authors":"Ibrahim Yahya Mohammed Al-Mahbashi, M. Potdar, Prashant Chauhan","doi":"10.1109/ICCMC.2017.8282530","DOIUrl":null,"url":null,"abstract":"The main aim for any organization is to provide protection for their critical assets because they are face to face with many external threats that may cause interruption on providing services to customers which will lead to economical and reputation disaster. As long as organizations need to provide the protection required to secure their business they have to focus on two types of threats, internal and external threats. In previous paper [1] I have discussed about external threats and in this paper I will draw more attention on how the internal threats that will affect the overall network security mechanism. Log analysis can also help us to reveal the gap existed on our safeguards, which used to provide a protection for our systems, by which we can have a knowledge from the information extracted from our data that will help us to be aware of the gaps and vulnerabilities may found to resolve them before we become victims. For log analysis I will use ELK stack that will help me to receive the forwarded logs from a well-known commercial safeguard deployed in a real environment.","PeriodicalId":163288,"journal":{"name":"2017 International Conference on Computing Methodologies and Communication (ICCMC)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Computing Methodologies and Communication (ICCMC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCMC.2017.8282530","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

Abstract

The main aim for any organization is to provide protection for their critical assets because they are face to face with many external threats that may cause interruption on providing services to customers which will lead to economical and reputation disaster. As long as organizations need to provide the protection required to secure their business they have to focus on two types of threats, internal and external threats. In previous paper [1] I have discussed about external threats and in this paper I will draw more attention on how the internal threats that will affect the overall network security mechanism. Log analysis can also help us to reveal the gap existed on our safeguards, which used to provide a protection for our systems, by which we can have a knowledge from the information extracted from our data that will help us to be aware of the gaps and vulnerabilities may found to resolve them before we become victims. For log analysis I will use ELK stack that will help me to receive the forwarded logs from a well-known commercial safeguard deployed in a real environment.

查看原文本刊更多论文

利用ELK进行有效的日志分析，增强网络安全

任何组织的主要目标都是为他们的关键资产提供保护，因为他们面对许多外部威胁，这些威胁可能会导致中断向客户提供服务，从而导致经济和声誉灾难。只要组织需要提供所需的保护以确保其业务安全，他们就必须关注两种类型的威胁，内部和外部威胁。在之前的论文b[1]中，我讨论了外部威胁，在本文中，我将更多地关注内部威胁如何影响整个网络安全机制。日志分析还可以帮助我们揭示安全措施上存在的漏洞，这些漏洞曾经为我们的系统提供保护，通过这些漏洞，我们可以从从数据中提取的信息中获得知识，这将帮助我们意识到可能发现的漏洞，并在我们成为受害者之前解决它们。对于日志分析，我将使用ELK堆栈，它将帮助我接收来自部署在真实环境中的知名商业保护的转发日志。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 International Conference on Computing Methodologies and Communication (ICCMC)

自引率

0.00%

发文量