Early Phase Warning Solution About System Security Based on Log Analysis

Abstract

Nowadays when the technology develops day by day, safety information and security system have become one of the biggest issues that many people are concerned about and research in order to find solutions to ensure the security of information systems. At present, the most important thing that network administrators care about is minimizing the damage to the enterprises when cyber security crimes invade the information system or attack the system anytime. Therefore, how they can proactively protect information, ensure the privacy of users, how to improve the confidentiality and security of information in business system. To solve the problem above, the research Early warning solution about system security based on log is extremely necessary, because it can help to warn and detect early-attacking information when there are abnormal signs in systems via logs. By inheriting the advantages, as well as overcoming the limitations of those previous related topics in the world, in this paper, we would like to develop and to build an early warning application tool capable of interacting, monitoring, adjusting, notifying from the scouting process of the attackers. The new proposed system in this research is based on the characteristics of attack techniques, components and packets through the system, we design a data collection model of Logs input and output. In order to detect and explore abnormal activities in network which are harmful for information systems, we use the log analysis of the information system with the method of analyzing APT target. We study the APT and its characteristic to build the knowledge that we can use an advanced AI algorithm, Deep & Wide Learning algorithm. With logs testing data we conducted in our LAN, we have reached some good results showed the potential of our proposals.