Layer Based Log Analysis for Enhancing Security of Enterprise Data Center: The Case of Ethiopian Education and Research Network

No Thumbnail Available

Date

2015-02

Journal Title

Journal ISSN

Volume Title

Publisher

Addis Ababa University

Abstract

The development of various Internet technologies recently leads many organizations to connect their data center with the global networking infrastructure for communication and sharing of resources. This proves the concept of “global village” that can foster corporation among organizations. However, the issues of security are becoming important as society is moving to the digital information age. For enterprises to evaluate, know data center health as well as conduct their business in a secured manner they must incorporate security. Though, existing security systems use limited log files type and formats for analysis, lead to unclear picture for administrators to decide the existence of attacks in their data center infrastructure. In this thesis, log analysis technique was used to identify intrusions found at different layers of organizations data center through scrutinizing log events recorded by various network devices, applications and others. Log analysis is an approach that provides valuable information by utilizing various collections of log files gathered from critical data center devices. Thus, to discover a wide range of anomalies (attacks) the considerations of heterogeneous log files are basis for analysis and provides surplus amount of information about the health status of the data center. In our work, central engine is composed of two major components to perform log analysis tasks. Those are clustering module and correlation process which is core of the log analyzer and work together with attack knowledge base to identify attacks. The collected log files are well organized together into common format and analyzed based on their features to identify anomalies. Clustering algorithms such as Expectation Maximization, K-means were used to determine the number of clusters and filter events based on filtering threshold respectively. On the other hand, correlation finds a relationship among log events and investigates new attack definitions. We have evaluated the prototype of our proposed system and obtained an encouraging result. Further study and implementation of log analysis like we developed can significantly enhance data center security of an organization. Key words: Log analysis, Data center security, Layered security, Attack identification.

Description

Keywords

Log Analysis, Data Center Security, Layered Security, Attack Identification

Citation