An ELK Stack-Based Framework for Post-Intrusion Analysis of DDoS Attacks
Abstract
This work presents a framework based on the Elasticsearch, Logstash and Kibana (ELK) aimed to analyze the logs of a computing platform denial-of-service attacks, known as DDoS. The proposed framework enables the post-intrusion investigation, running an attack identification algorithm and performing the data storage, analysis and visualization related to the cybernetic attack. Thus, the log analyzing can be performed in a friendly interface, since in a normal scenario there are several system logs and raw data, leading the attack verification into a complex process. The tests were performed using two differents DDoS aproaches. The results show the framework was able to collect information only from the system network logs, identify the malicious packages, and forward them to the visualization interface.References
(2021). Ddos dissector. Disponível em: [link]. Acesso em: 28 fev. 2021.
(2021). Elastic stack. Disponível em: [link]. Acesso em: 22 mar. 2021.
He, S., He, P., Chen, Z., Yang, T., Su, Y., and Lyu, M. R. (2021). A survey on automated log analysis for reliability engineering. ACM computing surveys (CSUR), 54(6):1–37.
Heinrich, T., Will, N. C., Obelheiro, R. R., and Maziero, C. A. (2022). Um estudo de correlaçao de ataques drdos com fatores externos visando dados de honeypots. In Anais do XXII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 358–371. SBC.
Khayam, S. A., Mirza, F., et al. (2009). A survey of anomaley-based intrusion detection systems. School of Electrical Engineering and Computer Science (SEECS), National University of Sciences & Technology (NUST).
Koroniotis, N., Moustafa, N., Sitnikova, E., and Turnbull, B. (2019). Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Future Generation Computer Systems, 100:779–796.
Kumar, A., Bandyopadhyay, A., Bhoomika, H., Singhania, I., and Shah, K. (2018). Analysis of network traffic and security through log aggregation. International Journal of Computer Science and Information Security (IJCSIS), 16(6).
Muhammad, A. R., Sukarno, P., and Wardana, A. A. (2023). Integrated security information and event management (siem) with intrusion detection system (ids) for live analysis based on machine learning. Procedia Computer Science, 217:1406–1415.
Peter, C. S., Oliveira, T., Monks, E. M., Motta, F. P., Barbosa, J. L., and Yamin, A. C. (2021). iota: An approach to secure over-the-air updates on the internet of things scenario. In Proceedings of the Brazilian Symposium on Multimedia and the Web, pages 173–176.
Praneeth, J. and Sreedevi, M. (2019). Detecting and analyzing the malicious windows events using winlogbeat and elk stack. Int J Recent Technol Eng, pages 156–160.
Santanna, J. J., van Rijswijk-Deij, R., Hofstede, R., Sperotto, A., Wierbosch, M., Granville, L. Z., and Pras, A. (2015). Booters—an analysis of ddos-as-a-service attacks. In 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pages 243–251. IEEE.
Stoleriu, R., Puncioiu, A., and Bica, I. (2021). Cyber attacks detection using open source elk stack. In 2021 13th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), pages 1–6. IEEE.
Verma, J., Bhandari, A., and Singh, G. (2022). inids: Swot analysis and tows inferences of state-of-the-art nids solutions for the development of intelligent network intrusion detection system. Computer Communications, 195:227–247.
(2021). Elastic stack. Disponível em: [link]. Acesso em: 22 mar. 2021.
He, S., He, P., Chen, Z., Yang, T., Su, Y., and Lyu, M. R. (2021). A survey on automated log analysis for reliability engineering. ACM computing surveys (CSUR), 54(6):1–37.
Heinrich, T., Will, N. C., Obelheiro, R. R., and Maziero, C. A. (2022). Um estudo de correlaçao de ataques drdos com fatores externos visando dados de honeypots. In Anais do XXII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 358–371. SBC.
Khayam, S. A., Mirza, F., et al. (2009). A survey of anomaley-based intrusion detection systems. School of Electrical Engineering and Computer Science (SEECS), National University of Sciences & Technology (NUST).
Koroniotis, N., Moustafa, N., Sitnikova, E., and Turnbull, B. (2019). Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Future Generation Computer Systems, 100:779–796.
Kumar, A., Bandyopadhyay, A., Bhoomika, H., Singhania, I., and Shah, K. (2018). Analysis of network traffic and security through log aggregation. International Journal of Computer Science and Information Security (IJCSIS), 16(6).
Muhammad, A. R., Sukarno, P., and Wardana, A. A. (2023). Integrated security information and event management (siem) with intrusion detection system (ids) for live analysis based on machine learning. Procedia Computer Science, 217:1406–1415.
Peter, C. S., Oliveira, T., Monks, E. M., Motta, F. P., Barbosa, J. L., and Yamin, A. C. (2021). iota: An approach to secure over-the-air updates on the internet of things scenario. In Proceedings of the Brazilian Symposium on Multimedia and the Web, pages 173–176.
Praneeth, J. and Sreedevi, M. (2019). Detecting and analyzing the malicious windows events using winlogbeat and elk stack. Int J Recent Technol Eng, pages 156–160.
Santanna, J. J., van Rijswijk-Deij, R., Hofstede, R., Sperotto, A., Wierbosch, M., Granville, L. Z., and Pras, A. (2015). Booters—an analysis of ddos-as-a-service attacks. In 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pages 243–251. IEEE.
Stoleriu, R., Puncioiu, A., and Bica, I. (2021). Cyber attacks detection using open source elk stack. In 2021 13th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), pages 1–6. IEEE.
Verma, J., Bhandari, A., and Singh, G. (2022). inids: Swot analysis and tows inferences of state-of-the-art nids solutions for the development of intelligent network intrusion detection system. Computer Communications, 195:227–247.
Published
2024-09-16
How to Cite
ALVES, Camilla; MONTEIRO, André.
An ELK Stack-Based Framework for Post-Intrusion Analysis of DDoS Attacks. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 864-870.
DOI: https://doi.org/10.5753/sbseg.2024.241518.
