1. Download PDF
Keywords: Information Security Management, Network Security, Malware Analysis, Docker Platform, ELK Stack

Ching-Yu Yang1, Jia-Siang Guo2, Hsin-Te Wu

Department of Computer Science and Information Engineering, National Penghu University of Science and Technology, Taiwan.
1 This email address is being protected from spambots. You need JavaScript enabled to view it.2This email address is being protected from spambots. You need JavaScript enabled to view it.

Abstract

With the advances in the technology era, the Internet has provided tremendous convenience. Apart from bringing business opportunities for enterprises, the Internet has also become a criminal tool for unscrupulous people, which has increased the problem of cyber crime year by year, such as stealing confidential information, denial-of-service (DoS) attacks, malware implantation, and relevant crimes. Therefore, enterprises are suggested to install a comprehensive system that could implement the process of digital forensics effectively and immediately right after encountering a cybercrime. Once a cybercrime happened, it requires a processing system with sufficient capability and techniques to track the computers that involve in the crime, which enables the company to find the source computer internally and the criminal efficiently and effectively in the shortest time. The system this study offers consists of three different kinds of software, it back the computer system of the criminal up and conduct investigation processes of searching, analyzing logs, and index scanning; the system simplifies the old cumbersome and inefficient investigation process to understand the execution tendencies of the software and produce reports through Cuckoo Sandbox Analysis.


References

  1. Borkar, A. Donode and A. Kumari, “A survey on Intrusion Detection System (IDS) and Internal Intrusion Detection and protection system (IIDPS)”, 2017 International Conference on Inventive Computing and Informatics (ICICI), 2017. Google Scholar
  2. J. V. A. Sukumar, I. Pranav, M.M. Neetish and J. Narayanan, “Network Intrusion Detection Using Improved Genetic k-means Algorithm”, 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2018. Google Scholar
  3. Y. Gong, S. Mabu, C. Chen, Y. Wang and K. Hirasawa, “Intrusion detection system combining misuse detection and anomaly detection using Genetic Network Programming”, 2009 ICCAS-SICE, 2009. Google Scholar
  4. W. Li, Y. Meng, and L.-F. Kwok, “Enhancing Trust Evaluation Using Intrusion Sensitivity in Collaborative Intrusion Detection Networks: Feasibility and Challenges”, 2013 Ninth International Conference on Computational Intelligence and Security, 2013. Google Scholar
  5. R. Lupu, R. Badea and I. C. Mihai, “Agent-based IDMEF alerting infrastructure for distributed intrusion detection and prevention systems: Design and validation”, 2016 International Conference on Communications (COMM), 2016. Google Scholar
  6. Y. K. Penya and P. G. Bringas, “Experiences on Designing an Integral Intrusion Detection System”, 19th International Conference on Database and Expert Systems Application, 2008. Google Scholar
  7. Warzyński and G. Kołaczek, “Intrusion detection systems vulnerability on adversarial examples”, 2018 Innovations in Intelligent Systems and Applications (INISTA), 2018. Google Scholar
  8. Ryan Watson(2018 年),Windows Events Sysmon and Elk…oh my!(Part1), SilentBreakSecurity 
  9. Ryan Watson(2018 年),Windows Events Sysmon and Elk…oh my!(Part2), SilentBreakSecurity 
  10. (美)蘇庫拉.塞哈特(2016 年),Learning ELK Stack,電子工業出版社。
  11. Docker 三大核心概念:鏡像、容器、倉庫
  12. Docker 快速入門之原理篇
  13. James 的資訊安全實驗室--如何自行架設惡意程式分析沙盒(Cuckoo Sandbox)_介 紹篇。
  14. Rootkkit,https://zh.wikipedia.org/wiki/Rootkit
  15. WarunikaAmali,Cuckoo Sandbox 安裝指南,2017 年 7 月 9 日 
  16. Weiweiwesley(2017 年),30 天 Docker、ELK Stack 系列,iT 邦幫忙網站
  17. 木馬(Trojan)
  18. 有容雲-原理|Docker 存儲驅動之 AUFS。 (2017-03-17)
  19. 何宗諭,淺談輕量化的虛擬技術-Docker 容器,臺灣大學計算機及資訊網路中心程 式設計組幹事。
  20. 後門(Backdoor) 
  21. 間諜軟體(Spyware)
  22. 資安科技研究所/技術研發中心/財團法人資訊工業策進會,Docker 容器虛擬化資安 最佳化實務與應用。
  23. 廣告軟體
  24. 叢培侃(2005 年),特定領域之整合式搜尋引擎分類系統設計與建置,中央警察大 學,資訊管理研究所碩士班。
  25. 饒琛琳(2017 年),ELK Stack 權威指南,電子工業出版社。

For more information about this article, please contact us here