A Study on Efficient Log Visualization Using D3 Component against APT: How to Visualize Security Logs Efficiently?

Abstract

APT attack has caused chaos in society since 2006. Especially, the vulnerability of the infrastructure is exposed to the outside a lot due to the development of the IT infrastructure in Korea. In addition, APT attacks targeting companies' major confidential information are increasing every year. APT attack causes negative publicity for the company and financial damage. APT is completely different from the problem which most organizations have been dealt with. Cyber-attack threats were visible in the past. But currently, APT attacks were invisible and focused on confidential data. Therefore, we need a new approach to solve this problem. We have to find traces of prejudice in the circumstances, everything seems normal. If we perform a correlation analysis of the log acquired from all the devices, systems and applications, we can easily understand the problems which occur in our information systems. Current commercial SIEM has the ability to visualize the correlation analysis and the log. But the security officer takes a lot of time to understand the visualized security logs. Moreover, due to expensive cost of SIEM solution, small companies have difficulty introducing SIEM solution. For these reasons, we have developed a SIEM solution based on open-source program such as D3 component which results in decreasing the cost of the program. In addition, we analyzed the D3 components which can visualize the security logs, and matched D3 components with the security logs. In this paper, we propose the visualization methods using D3 components for analyzing the security logs efficiently.