Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/20006
標題: 基於雲端運算架構之安全性資訊和事件管理系統 -以網頁應用程式防火牆為例
Design and Implement of a Hadoop-based SIEM System -A Case Study of Web Application Firewall
作者: 劉宗治
Liu, Tsung-Chih
關鍵字: 安全性資訊和事件管理系統
SIEM
Hodoop
雲端運算
網頁應用程式防火牆
Hadoop
Cloud Computing
WAF
出版社: 資訊科學與工程學系所
引用: [1] Linda Morales, Melissa Dark, “Information Security Education and Foundational Research”, HICSS, IEEE, 2007 [2] Jian-hua Huang, Man-qi Zhang, Yuan-long Jiang, “The design and implement of the centralized log gathering and analysis system”, ICIME, IEEE, P. 185-189, 2012 [3] 朱金松,“以Q-方案論探討IT人員對資訊安全委外採用因素之分析“,淡江大學資訊管理學系,民101年6月 [4] http://hadoop.apache.org/ [5] Anthony C. Boucouvalas , Constantine J. Aivalis, “An E-shop Log File Analysis Toolbox”, CSNDSP, IEEE, P.289-294, 2010 [6] Theint Theint Shew, Su Su Htay, Thida Myint, Swe Swe Nyein, Theint Theint Aye, Mie Mie Su Thwin, “FRAMEWORK FOR MULTI-PURPOSE WEB LOG ACCESS ANALYZER”, 2nd Internalional Conference on Computer Engineering and Technology, IEEE, Volume 3 P289-293, 2010 [7] Mahendra Pratap Yadav, PankajKumar Keserwani,Shefalika Ghosh Samaddar, “An Efficient Web Mining Algorithm for Web Log Analysis: E-Web Miner”, 1st Int’l Conf. on Recent Advances in Information Technology, IEEE, 2012 [8] Paul Hernandez, Irene Garrigos, Jose-Norberto Mazon, “Modeling Web logs to enhance the analysis of Web usage data”, Workshops on Database and Expert Systems Applications, IEEE, P.297-301, 2010 [9] Dileepa Jayathilake, “Towards Structured Log Analysis”, Ninth International Joint Conference on Computer Science and Software Engineering, IEEE, P.259-264, 2012 [10] Seung-hoon Kang, Juho Kim, “Network Forensic Analysis Using Visualization Effect”, International Conference on Information Security and Assurance, IEEE, P.466-473, 2008 [11] Benjamin Turnbull, Jill Slay, “Wireless Forensic Analysis Tools for use in the Electronic Evidence Collection Process”, Proceedings of the 40th Hawaii International Conference on System Sciences, IEEE, 2007 [12] Joonho Choi, Antonio Savoldi, Paolo Gubian, Seokhee Lee, and Sangjin Lee, “Live Forensic Analysis of a Compromised Linux System Using LECT (Linux Evidence Collection Tool)”, IEEE, P.231-236, 2008 [13] http://www.gartner.com/ [14] Idoia Aguirre, Sergio Alonso, “Improving the Automation of Security Information Management: A Collaborative Approach”, IEEE, P.55-59, 2012 [15] https://www.owasp.org/index.php/Top_10_2010-Main [16] http://www.google.com.tw/intl/zh-TW/about/company/ [17] http://research.google.com/archive/gfs.html, 2003 [18] http://research.google.com/archive/mapreduce.html, 2004 [19] http://research.google.com/archive/bigtable.html [20] http://hadoop.apache.org/docs/r2.0.2-alpha/hadoop-yarn/hadoop-yarn-site/Federation.html [21] http://hadoop.apache.org/docs/r2.0.2-alpha/hadoop-yarn/hadoop-yarn-site/YARN.html [22] http://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0050022
摘要: 資訊安全的議題伴隨著網路普及化而逐漸被世人所重視,其中藉由分析日誌資料以截取出攻擊行為,加以警示或執行防禦政策已成為一門顯學;同時,為了能快速且自動化管理資訊安全,因此有研究提出安全性資訊和事件管理系統,以期第一時間對於風險或攻擊事件做出反應。 然而,隨著數位資料的快速增長,日誌資料量也大幅增加,使得以傳統單機方式分析日誌資料的時間也大幅增加。因此,本研究利用雲端運算架構,透過Hadoop生態系統實作出一個安全性資訊和事件管理系統的私有雲,並以網頁應用程式防火牆的日誌作為研究範例,比較在不同雲端運算架構下分析日誌所需的時間。 實驗結果證明雲端運算架構可以大幅縮短日誌的分析時間,因此非常適合安全性資訊和事件管理系統這類需要大量資料儲存與處理的系統運作,大幅提昇資訊人員面對巨大資料時代的嚴苛挑戰。
With the tremendously improvement of network technologies and the increased popularization of networking, information security has received a significant attention from human beings. Especially, analyzing a huge amount of log data to extract implicit or explicit attacks, so to alert system managers or execute defense procedures has become a major research area. To rapidly and automatically handle the information security issue, many researchers have proposed the Security Informant and Event Management (SIEM) system. Thus, by the SIEM system, we can detect and response immediately when an attack is issued. However, with the rapid growth of amount of digital information, log data is also significantly increased. As a result, using traditional single-computer approach to analyze the large amount of log data becomes impossible. Thus, in this thesis, we utilize the Hadoop-based ecosystem to design and implement a SIEM system on a private cloud. Besides, we use Web Application Firewall as a case study to compare the performance of analyzing the firewall’s logs under different cloud architectures. From the experimental results, Hadoop-based cloud systems can indeed reduce the time of analyzing the log. Therefore, Hadoop-based cloud architecture is suitable to run the system, e.g., SIEM, which requires a significant amount of space and time to store and analyze data respectively. Thus, Hadoop-based cloud can significantly provide IT staff the ability to face and handle the era of Big Data.
URI: http://hdl.handle.net/11455/20006
其他識別: U0005-2201201314232500
文章連結: http://www.airitilibrary.com/Publication/alDetailedMesh1?DocID=U0005-2201201314232500
Appears in Collections:資訊科學與工程學系所

文件中的檔案:

取得全文請前往華藝線上圖書館



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.