WEKO3
アイテム
A Design of a Logging System for a Computer Security Incident Response
https://ipsj.ixsq.nii.ac.jp/records/197582
https://ipsj.ixsq.nii.ac.jp/records/19758255516721-708c-4de6-9ea7-e2cacea0423b
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-IOT19046001.pdf (1.0 MB)
|
Copyright (c) 2019 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | SIG Technical Reports(1) | |||||||
|---|---|---|---|---|---|---|---|---|
| 公開日 | 2019-06-07 | |||||||
| タイトル | ||||||||
| タイトル | A Design of a Logging System for a Computer Security Incident Response | |||||||
| タイトル | ||||||||
| 言語 | en | |||||||
| タイトル | A Design of a Logging System for a Computer Security Incident Response | |||||||
| 言語 | ||||||||
| 言語 | eng | |||||||
| キーワード | ||||||||
| 主題Scheme | Other | |||||||
| 主題 | セキュリティ | |||||||
| 資源タイプ | ||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_18gh | |||||||
| 資源タイプ | technical report | |||||||
| 著者所属 | ||||||||
| Tottori University | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Tottori University | ||||||||
| 著者名 |
Motoyuki, Ohmori
× Motoyuki, Ohmori
|
|||||||
| 著者名(英) |
Motoyuki, Ohmori
× Motoyuki, Ohmori
|
|||||||
| 論文抄録 | ||||||||
| 内容記述タイプ | Other | |||||||
| 内容記述 | Computer security has been getting more attentions because a computer security incident may cause great damage on an organization. In order to quickly and properly detect and /or handle a computer security incident, ones may need store logging messages of network equipment and servers as many as possible. These logging messages then require a large size of storage while these logging messages are not so useful during daily normal operations. It is then better to minimize sizes of logging files as much as possible. On the other hand, ones may need to retrieve a specific logging message on a computer security incident, and its retrieval time should be shorter as much as possible. It is then necessary to solve this dilemma between a smaller storage size and shorter retrieval time. To this end, this paper proposes a new logging system dedicated for a computer security incident response. The proposed logging system is designed based upon natures of logging messages which are required for a computer security incident response. This paper firstly tries to find features of logging messages for a computer security incident response. For example, newer logging messages should be retrieved shorter than older logging messages, and all logging messages are in time series. This paper also tries to design a new logging system architecture dedicated for a computer security incident response while logging messages in todays' logging systems are stored in generic database like RDBMS or in text files consisting of raw syslog messages. | |||||||
| 論文抄録(英) | ||||||||
| 内容記述タイプ | Other | |||||||
| 内容記述 | Computer security has been getting more attentions because a computer security incident may cause great damage on an organization. In order to quickly and properly detect and S/or handle a computer security incident, ones may need store logging messages of network equipment and servers as many as possible. These logging messages then require a large size of storage while these logging messages are not so useful during daily normal operations. It is then better to minimize sizes of logging files as much as possible. On the other hand, ones may need to retrieve a specific logging message on a computer security incident, and its retrieval time should be shorter as much as possible. It is then necessary to solve this dilemma between a smaller storage size and shorter retrieval time. To this end, this paper proposes a new logging system dedicated for a computer security incident response. The proposed logging system is designed based upon natures of logging messages which are required for a computer security incident response. This paper firstly tries to find features of logging messages for a computer security incident response. For example, newer logging messages should be retrieved shorter than older logging messages, and all logging messages are in time series. This paper also tries to design a new logging system architecture dedicated for a computer security incident response while logging messages in todays' logging systems are stored in generic database like RDBMS or in text files consisting of raw syslog messages. | |||||||
| 書誌レコードID | ||||||||
| 収録物識別子タイプ | NCID | |||||||
| 収録物識別子 | AA12326962 | |||||||
| 書誌情報 |
研究報告インターネットと運用技術(IOT) 巻 2019-IOT-46, 号 1, p. 1-6, 発行日 2019-06-07 |
|||||||
| ISSN | ||||||||
| 収録物識別子タイプ | ISSN | |||||||
| 収録物識別子 | 2188-8787 | |||||||
| Notice | ||||||||
| SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc. | ||||||||
| 出版者 | ||||||||
| 言語 | ja | |||||||
| 出版者 | 情報処理学会 | |||||||
