Using Users Profiling to Identifying an Attacks
Main Article Content
Abstract
Nowadays crime activities have increased in almost all areas, but this paper only focuses on who performs illegal activities within the organization. A user may perform insider and phishing attacks in the organization. A legitimate user of an organization may try to login in the administrator id, and then perform some illegal activities. Due to these activities, sensitive data can be modified or corrupted. Identification of illegal user’s behavior is very difficult within the organization. The scope of this work is to analyze the log files, to filter out the user profiles of those who are involved in suspicious activity and to detect the suspicious activity of the user. In any organization, large number of log files is being generated, log manger system helps to take an optimal solutions. Although, a variety of log supervisor gadget exists, however, they are not providing that much efficiency. This paper analyses the ELK stack working principles and compare it with Splunk. ELK stack include many additional features such as indexing, preprocessing a large amount of logs and producing graphical representation output using kibana.
Downloads
Metrics
Article Details
Licensing
TURCOMAT publishes articles under the Creative Commons Attribution 4.0 International License (CC BY 4.0). This licensing allows for any use of the work, provided the original author(s) and source are credited, thereby facilitating the free exchange and use of research for the advancement of knowledge.
Detailed Licensing Terms
Attribution (BY): Users must give appropriate credit, provide a link to the license, and indicate if changes were made. Users may do so in any reasonable manner, but not in any way that suggests the licensor endorses them or their use.
No Additional Restrictions: Users may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.