Russian Federation
Russian Federation
The work explores the use of the ELK stack (Elasticsearch, Logstash, Kibana) for automated analysis of event logs in information systems to improve the efficiency of anomaly detection, indicating malicious activities. Elasticsearch is used as the main tool, enabling efficient storage and analysis of large data volumes, as well as the integration of various systems for security monitoring. The paper focuses on the development of event correlation methods and the use of machine learning for real-time threat detection. Special attention is given to optimizing information security monitoring processes, reducing response times to incidents, and improving threat diagnosis accuracy. The proposed approach integrates into existing infrastructures and adapts to changing conditions, ensuring flexibility and efficiency in working with logs. Future research will include experimental implementation of the method and comparison with other solutions to evaluate its effectiveness.
event log analysis, information security, ELK stack, Elasticsearch, anomalies, machine learning, automation, monitoring
1. A Technique for Detecting the Substitution of a Java-Module of an Information System Prone to Pharming with Using a Hidden Embedding of a Digital Watermark Resistant to Decompilation / Sh. Pavel [et al.] // International Congress on Ultra Modern Telecommunications and Control Systems and Workshops: Virtual, Online, 2021. P. 219–223. DOI:https://doi.org/10.1109/ICUMT54235.2021.9631736. EDN YVVEUX.
2. Issledovanie i algoritm predotvrashcheniya ekspluatacii uyazvimostej biblioteki zhurnalirovaniya Log4j v informacionnyh sistemah Java-prilozhenij / P.I. Sharikov [i dr.] // Vestnik Sankt-Peterburgskogo gosudarstvennogo universiteta tekhnologii i dizajna. Ser. 1: Estestvennye i tekhnicheskie nauki. 2023. № 4. S. 100–106. DOI:https://doi.org/10.46418/2079-8199_2023_4_19. EDN BULSOH.
3. Sharikov P.I. Issledovanie ataki obfuskaciej na bajt-kod java-prilozheniya s cel'yu razrusheniya ili povrezhdeniya cifrovogo vodyanogo znaka // I-methods. 2022. T. 14. № 1. EDN GQGKIV.
4. Primenenie steka ELK dlya analiza setevogo trafika / M.S. Protod'yakonova [i dr.] // World science: problems and innovations. 2018. T. 1. S. 105–106.
5. Kotenko I.V., Kuleshov A.A., Ushakov I.A. Sistema sbora, hraneniya i obrabotki informacii i sobytij bezopasnosti na osnove sredstv Elastic Stack // Trudy SPIIRAN. 2017. № 5 (54). S. 5–34.
6. Primenenie steka tekhnologij ELK dlya sbora i analiza sistemnyh zhurnalov sobytij / N.A. Balashov [i dr.] // Sovremennye informacionnye tekhnologii i IT-obrazovanie. 2021. T. 17. № 1. S. 61–68.
7. Dzik C.S., Piletski I.I. Real-Time AWS resources monitoring and analytics // Big data and advanced analytics. 2021. № 7-1. S. 25–30.
8. Majorov A.V. Arhitektura i programmnaya realizaciya sistemy obnaruzheniya komp'yuternyh atak v korporativnyh i gosudarstvennyh informacionnyh sistemah na osnove metodov intellektual'nogo analiza // Vestnik Sankt-Peterburgskogo gosudarstvennogo universiteta tekhnologii i dizajna. Ser. 1: Estestvennye i tekhnicheskie nauki. 2023. № 2. S. 40–46. DOI:https://doi.org/10.46418/2079-8199_2023_2_8. EDN HEPDFF.
9. Majorov A.V., Krasov A.V., Ushakov I.A. Model' predstavleniya bol'shih dannyh o komp'yuternyh atakah v formate nosql // Vestnik Sankt-Peterburgskogo gosudarstvennogo universiteta tekhnologii i dizajna. Ser. 1: Estestvennye i tekhnicheskie nauki. 2023. № 2. S. 47–54. DOI:https://doi.org/10.46418/2079-8199_2023_2_9. EDN GDZKWM.
10. An approach for stego-insider detection based on a hybrid nosql database / I. Kotenko [et al.] // Journal of Sensor and Actuator Networks. 2021. Vol. 10. № 2. DOI:https://doi.org/10.3390/jsan10020025. EDN IKOMVS.
11. Detection of stego-insiders in corporate networks based on a hybrid NoSQL database model / I. Kotenko [et al.] // ACM International Conference Proceeding Ser.: 4. SPb., 2020. P. 3442612. DOI:https://doi.org/10.1145/3440749.3442612. EDN EYKYHJ.
12. Big Data Processing for Full-Text Search and Visualization with Elasticsearch / A. Voit [et al.] // (IJACSA) International Journal of Advanced Computer Science and Applications. 2017. T. 8. № 12. P. 76–83.
13. Hårek Haugerud, Mohamad Sobhie, Anis Yazidi Tuning of Elasticsearch Configuration: Parameter Optimization Through Simultaneous Perturbation Stochastic Approximation // Frontiers in big data. 2022. T. 8.
14. Logging Java Apps with ELK. URL: https://logz.io/blog/logging-java-elk-stack (data obrashcheniya: 20.11.2024).
15. Store Java application's logs in Elasticsearch. URL: https://mostafa-asg.github.io/post/ship-app-logs-to-elasticsearch-elk-filebeat (data obrashcheniya: 20.11.2024).
16. Java logging with Fluent Bit and Elasticsearch. URL: https://chronosphere.io/learn/java-logging-with-fluent-bit-and-elasticsearch (data obrashcheniya: 20.11.2024).
17. Spring Boot Logs Aggregation and Monitoring Using ELK Stack. URL: https://auth0.com/blog/spring-boot-logs-aggregation-and-monitoring-using-elk-stack (data obrashcheniya: 20.11.2024).
