Paper Abstract and Keywords |
Presentation |
2014-03-28 11:15
Timeline-Based Event Log Viewer over Multi-Host Environment Takashi Tomine, Yu Tsuda, Masaki Kamizono (NICT), Kazunori Sugiura (Keio Univ.), Daisuke Inoue, Koji Nakao (NICT) ICSS2013-79 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
A cyber attacking becomes clever and complicated.
Recently the number of Advanced Persistent Threat (APT) attacks to get confidential information from the targeted companies is increasing.
In many cases, APT malware are acting thief information over some hosts.
In addition, these are long-term attacks for several months.
It is very hard and needs much time to analyze these kinds of attacks, because there are so much event logs from many distributed hosts in targeted companies over a long period of time.
In this paper, we proposed a graphical interface based on a date-time with gathered various information and event logs from various hosts.
By this interface, we can analyze huge event logs efficiently, since we can recognize a connection among some events happened in closed time visually.
Therefore, we obtain finding overlooked cyber-security incidents and grasping harmful in own environment effectively. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Cyber Attack / Advanced Persistent Threat / Log Collection / Log Analysis / Visualization / / / |
Reference Info. |
IEICE Tech. Rep., vol. 113, no. 502, ICSS2013-79, pp. 125-130, March 2014. |
Paper # |
ICSS2013-79 |
Date of Issue |
2014-03-20 (ICSS) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
ICSS2013-79 |
|