Análise de logs de rede sem fio com suporte à tomada de decisão na infraestrutura Tecnologia da informação

Abstract

In recent years, the Brazilian federal government has given more attention to cybersecurity, culminating in 2022 in the development of a policy for the management of computer system logs. These logs, generated in large volumes, can be analyzed to identify patterns and understand events, failures, and security breaches. Inadequate analysis of these records hinders detailed investigations in cases of anomalies and cyber crimes due to the amount of data in less user-friendly formats. At the Federal University of the South and Southeast of Pará (Unifesspa), as well as in many public agencies, there is a large volume of logs generated in response to anomalies in ICT systems, which can be used to prevent risks and block dangerous actions in real-time. This work aims to develop a tool that automates log management efficiently, supporting investigations and decision-making in the ICT infrastructure sector. Log analysis techniques have been implemented, allowing the IT team to make decisions quickly and accurately. The results showed that 89.9% of login requests are successful, while authentication errors account for 10.1% of the total, approximately 56,279 records. Detailed data analysis not only helps identify problems but is also essential for mitigating risks and maintaining network security. In the future, there are plans to enhance the application in a dashboard format for better visualization and consultation of the generated data.

References

  1. S. He, P. He, Z. Chen, T. Yang, Y. Su, and M. R. Lyu, “A survey on automated log analysis for reliability engineering,” ACM Comput. Surv., vol. 54, no. 6, jul 2021.URL: https://doi.org/10.1145/3460345.
  2. S. de Governo Digital, “Modelo de política de gestão de registros (logs) de auditoria,” 2023. Acessado em 16 de fevereiro de 2024. URL: www.gov.br/governodigital/pt-br/privacidade_e_seguranca/ppsi/modelo_ politica_logs_auditoria.pdf.
  3. S. He, P. He, Z. Chen, T. Yang, Y. Su, and M. R. Lyu, “A survey on automated log analysis for reliability engineering,” ACM Comput. Surv., vol. 54, no. 6, jul 2021. URL: https://doi.org/10.1145/3460345.
  4. B. Debnath, M. Solaimani, M. Gulzar, N. Arora, C. Lumezanu, J. Xu, B. Zong, H. Zhang, G. Jiang, and L. Khan, “Loglens: A real-time log analysis system,” 07 2018.
  5. A. B. de Normas Técnicas, “Abnt nbr iso/iec 27001:2013. Acessado em 16 de fevereiro de 2024. URL: https://bit.ly/ ABNTNBRISOIEC270012013.
  6. J. Svacina, J. Raffety, C. Woodahl, B. Stone, T. Cerny, M. Bures, D. Shin, K. Frajtak, and P. Tisnovsky, “On vulnerability and security log analysis: A systematic literature review on recent trends,” in Proceedings of the International Conference on Research in Adaptive and Convergent Systems, ser. RACS ’20. New York, NY, USA: Association for Computing Machinery, 2020, p. 175–180.URL: https://doi.org/10.1145/3400286.3418261.
  7. S. Alspaugh, B. Chen, J. Lin, A. Ganapathi, M. Hearst, and R. Katz, “Analyzing log analysis: An empirical study of user log mining,” in 28th Large Installation System Administration Conference (LISA14). Seattle, WA: USENIX Association, Nov. 2014, pp. 62–77. URL: https://www.usenix.org/conference/lisa14/conference-program/presentation/alspaugh.
  8. D.-Q. Zou, H. Qin, and H. Jin, “UiLog: Improving log-based fault diagnosis by log analysis,” J. Comput. Sci. Technol., vol. 31, no. 5, pp. 1038–1052, Sep. 2016.
  9. P. Dusane and G. Sujatha, “Logea: Log extraction and analysis tool to support forensic investigation of linux-based system,” in 2021 5th International Conference on Trends in Electronics and Informatics (ICOEI), 2021, pp. 909–916.
  10. J. Zhu, S. He, J. Liu, P. He, Q. Xie, Z. Zheng, and M. R. Lyu, “Tools and benchmarks for automated log parsing,” in 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), 2019, pp. 121– 130.
  11. M. Fält, S. Forsström, Q. He, and T. Zhang, “Learning-based anomaly detection using log files with sequential relationships,” in 2022 6th International Conference on System Reliability and Safety (ICSRS), 2022, pp. 337–342.
  12. M. Landauer, S. Onder, F. Skopik, and M. Wurzenberger, “Deep learning for anomaly detection in log data: A survey,” Machine Learning with Applications, vol. 12, p. 100470, 2023. URL: https://www.sciencedirect.com/science/article/pii/ S2666827023000233.
  13. A. H. Shah, D. Pasha, E. H. Zadeh, and S. Konur, “Automated log analysis and anomaly detection using machine learning,” vol. 358, Virtual, Online, China, 2022, pp. 137 – 147, analysis detection;Anomaly detection;Clusterings;Labeled dataset;Labelings;Log;Log analysis;Logfile;Machine-learning.URL:http://dx.doi.org/10.3233/FAIA220378 C
  14. RENAN CAVALHEIRO. Computação Forense: A Ciência da Solução de Crimes Digitais. Acessado em: 1 out. 2024. URL: https://academiadeforensedigital.com.br/computacao-forense-a-ciencia-da-solucao-de-crimes-digitais/
  15. ELEUTÉRIO, Pedro Monteiro da Silva; MACHADO, Marcio Pereira. Desvendando a Computação Forense. 1 ed. São Paulo: Novatec, v.7, 2011. 200 p. ISBN: 978-85-7522-260-7.
  16. Y. Wang, “Design of visual log analysis system,” in 2023 IEEE International Conference on Sensors, Electronics and Computer Engineering (ICSECE), 2023, pp. 1649–1652.
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Copyright (c) 2025 Brazilian Journal of Criminalistics

Share

Download

pdf (Português (Brasil))

Author(s)