TWI484331B - Base on cross-layer log data trace system and method - Google Patents
Base on cross-layer log data trace system and method Download PDFInfo
- Publication number
- TWI484331B TWI484331B TW102130759A TW102130759A TWI484331B TW I484331 B TWI484331 B TW I484331B TW 102130759 A TW102130759 A TW 102130759A TW 102130759 A TW102130759 A TW 102130759A TW I484331 B TWI484331 B TW I484331B
- Authority
- TW
- Taiwan
- Prior art keywords
- log
- data
- file
- cross
- program
- Prior art date
Links
Landscapes
- Debugging And Monitoring (AREA)
Description
本發明涉及資料軌跡追蹤之技術,特別是一種基於跨層日誌記錄的資料軌跡追蹤系統與方法。The invention relates to a technology for data track tracing, in particular to a data track tracking system and method based on cross-layer log recording.
在科技與網路快速的發展情況下,各式服務與資料日漸增加造成巨量資料(Big Data),為了快速處理巨量資料,雲端運算因而崛起。雲端運算為目前熱門的網路趨勢之一,近幾年迅速發展,已成為熱門研究議題,其想法主要是依照使用者的需求,存取並配置雲端硬體與軟體資源。In the rapid development of technology and the Internet, various services and materials are increasing, resulting in a huge amount of data (Big Data), in order to quickly process huge amounts of data, cloud computing has risen. Cloud computing is one of the hottest Internet trends. It has become a hot research topic in recent years. The idea is to access and configure cloud hardware and software resources according to users' needs.
雲端運算透過虛擬化技術,讓基礎設施與軟體的資源管理得以擴充,比傳統系統建置方式更為彈性,因此,雲端運算資料安全的重要性與日俱增。當用戶利用網路對雲端進行運斷、處理和儲存等行為時,如何保障資料的安全,並提高服務的效能及滿足可用需求,已成為雲端服務提供商的一項重大難題。Cloud computing expands the resource management of infrastructure and software through virtualization technology, which is more flexible than traditional system construction. Therefore, the importance of cloud computing data security is increasing. When users use the network to intercept, process and store the cloud, how to ensure data security, improve service efficiency and meet available requirements has become a major problem for cloud service providers.
在雲端的環境中,資料被誰存取,一直是雲端服務面臨的困境。因為在商業環境中,資料即代表著商機、金錢;特別是在個資法修正通過後,個人識別資料及機敏性的資料傳輸、存取。在雲端環境中進行資料傳輸,即便有相關的加密、虛擬私 人網路(VPN)等資訊安全措施,但仍有突破的可能。In the cloud environment, the access of data is always the dilemma faced by cloud services. Because in the business environment, the information represents business opportunities and money; especially after the passage of the amendments, the personal identification data and the sensitive data transmission and access. Data transfer in the cloud environment, even if there is related encryption, virtual private Information security measures such as human networks (VPNs), but there are still possible breakthroughs.
是以,要如何解決上述習用之問題與缺失,即為本發明之發明人與從事此行業之相關廠商所亟欲研究改善之方向所在者。Therefore, how to solve the above problems and deficiencies in the above-mentioned applications, that is, the inventors of the present invention and those involved in the industry are eager to study the direction of improvement.
故,本發明之發明人有鑑於上述缺失,乃搜集相關資料,經由多方評估及考量,並以從事於此行業累積之多年經驗,經由不斷試作及修改,始設計出此種發明專利者。Therefore, in view of the above-mentioned deficiencies, the inventors of the present invention have collected relevant materials, and have evaluated and considered such patents through continuous evaluation and modification through multi-party evaluation and consideration, and through years of experience in the industry.
本發明之主要目的在於提供一種基於跨層日誌記錄的資料軌跡追蹤系統,運用日誌搜集系統,配合特殊的資料閘道及日誌讀取軟體,結合已有的一般網路設備及程式、作業系統進行日誌搜集功能。The main purpose of the present invention is to provide a data trajectory tracking system based on cross-layer log recording, which uses a log collecting system, a special data gateway and a log reading software, and combines existing general network equipment, programs, and operating systems. Log collection function.
本發明之另一目的在於提供一種基於跨層日誌記錄的資料軌跡追蹤方法,可明確的證明檔案資料被存取的相關軌跡,並進一步掌握資料被存取的情況。Another object of the present invention is to provide a data track tracking method based on cross-layer log recording, which can clearly prove the relevant track of the file data being accessed, and further grasp the case where the data is accessed.
為了達到上述發明目的,本發明係採取以下之技術手段予以達成,其中,本發明提供一基於跨層日誌記錄的資料軌跡追蹤方法,包括以下步驟:一使用者於遠端的一客戶端操作一網路程式經由網路進入一雲端系統;雲端系統對網路程式允許其執行至少一應用程式讀取一檔案,雲端系統對檔案產生一檔案指紋碼;網路程式在雲端系統中執行應用程式時,會產生一含有檔 案指紋碼之資料存取日誌;以及待網路程式結束在雲端系統的服務時,應用程式產生一程式日誌,且一日誌讀取程式收集資料存取日誌、程式日誌資料及關聯資料,經過分析與排序時間後,得到客戶端的資料使用軌跡。In order to achieve the above object, the present invention is achieved by the following technical means. The present invention provides a data track tracking method based on cross-layer log recording, which includes the following steps: a user operates a client at a remote end. The network program enters a cloud system via the network; the cloud system allows the network program to execute at least one application to read a file, and the cloud system generates a file fingerprint code for the file; when the network program executes the application in the cloud system Will produce a file The data access log of the fingerprint code; and when the network program ends in the cloud system service, the application generates a program log, and a log reader collects the data access log, the program log data and the associated data, and is analyzed. After sorting time, get the data usage track of the client.
再者,從另一種實施方式中,本發明係採取以下之技術手段予以達成,其中,本發明基於跨層日誌記錄的資料軌跡追蹤系統,包括:至少一資料閘道,其記錄雲端運算環境中檔案或資料被至少一應用程式存取的動作,產生一資料存取日誌以紀錄存取動作,且應用程式於雲端運算環境中必須經過資料閘道存取至少一資料庫之資料或檔案;以及一日誌設備,其由網路連接資料閘道並接收資料存取日誌,日誌設備亦連接雲端運算環境中之至少一伺服器,以接收伺服器上所有之日誌資料,並儲存特定週期的日誌資料內容,運用日誌設備中所儲存的全部日誌資料,進行分析、比對,確認檔案或資料傳輸的行為及傳輸的內容。Furthermore, in another embodiment, the present invention is achieved by the following technical means, wherein the present invention is based on a data trajectory tracking system for cross-layer logging, comprising: at least one data gateway, which records in a cloud computing environment. The act of accessing the file or the data by the at least one application generates a data access log to record the access action, and the application must access the data or file of the at least one database through the data gateway in the cloud computing environment; a log device, which is connected to the data gateway by the network and receives the data access log, and the log device is also connected to at least one server in the cloud computing environment to receive all the log data on the server and store the log data of a specific period. The content, using all the log data stored in the log device, for analysis, comparison, confirmation of the behavior of the file or data transmission and the content of the transmission.
本發明透過不同的日誌記錄標準,可突破單一層級,如應用程式或作業系統,掌握更多的資料,更有效的提供資料存取的軌跡,以利相關追蹤。進而更有效的了解資料傳輸的路徑及相關參與到的系統或使用者的操作或運用方式,以供犯罪追查或鑑識相關佐證之用。Through different logging standards, the present invention can break through a single level, such as an application or an operating system, and acquire more data, and more effectively provide a track of data access for related tracking. In turn, it is more effective to understand the path of data transmission and the related operation or operation of the system or user involved in the crime for criminal tracing or forensic evidence.
為使本發明之上述目的、特徵、和優點能更明顯易懂,下文特舉較佳實施例並配合所附圖式做詳細說明。The above described objects, features, and advantages of the invention will be apparent from the description and appended claims
11‧‧‧日誌設備11‧‧‧Logging equipment
12‧‧‧資料閘道12‧‧‧Information gateway
13‧‧‧應用程式13‧‧‧Application
14‧‧‧作業系統14‧‧‧Operating system
15‧‧‧伺服器15‧‧‧Server
16‧‧‧網路設備16‧‧‧Network equipment
17‧‧‧資料庫17‧‧‧Database
S11~S14‧‧‧方法流程步驟S11~S14‧‧‧ method flow steps
第一圖所示為本發明一實施例之基於跨層日誌記錄的資料軌跡追蹤系統示意圖。The first figure shows a schematic diagram of a data trajectory tracking system based on cross-layer log recording according to an embodiment of the invention.
第二圖所示為本發明一實施例之基於跨層日誌記錄的資料軌跡追蹤方法步驟流程示意圖。The second figure shows a flow chart of the steps of the data track tracking method based on cross-layer log recording according to an embodiment of the present invention.
下面結合圖示和具體操作之實施例對本發明作進一步說明。The invention will now be further described with reference to the drawings and specific embodiments of the invention.
請參閱第一圖所示為本發明一實施例之基於跨層日誌記錄的資料軌跡追蹤系統。本實施例可在雲端運算環境中追蹤至少一檔案或資料被程式執行之軌跡,包括:資料閘道12記錄雲端運算環境中檔案或資料被應用程式13存取的動作,產生一資料存取日誌以紀錄該項存取動作,且應用程式13於雲端運算環境中必須經過資料閘道12存取資料庫17之資料或檔案;以及日誌設備11由網路連接資料閘道12並接收資料存取日誌,日誌設備11亦連接雲端運算環境中之伺服器15,以接收伺服器15上所有之日誌資料,並儲存特定週期的日誌資料內容,運用日誌設備11中所儲存的全部日誌資料,進行分析、比對,確認檔案或資料傳輸的行為及傳輸的內容。Please refer to the first figure for a data trajectory tracking system based on cross-layer log recording according to an embodiment of the present invention. In this embodiment, the track of at least one file or data executed by the program may be tracked in the cloud computing environment, including: the data gateway 12 records the action of the file or the data accessed by the application 13 in the cloud computing environment, and generates a data access log. In order to record the access action, the application 13 must access the data or file of the database 17 through the data gateway 12 in the cloud computing environment; and the log device 11 connects to the data gateway 12 by the network and receives the data access. The log device 11 is also connected to the server 15 in the cloud computing environment to receive all the log data on the server 15 and store the log data content of a specific period, and use all the log data stored in the log device 11 for analysis. , compare, confirm the behavior of the file or data transmission and the content of the transmission.
另外,網路設備16可經由網路回傳網路日誌至日誌設備11,使日誌設備11儲存網路各層通訊協定的日誌資料。網路 設備16亦可視為一種伺服器。In addition, the network device 16 can return the network log to the log device 11 via the network, so that the log device 11 stores the log data of each layer of the network protocol. network Device 16 can also be considered a type of server.
應用程式13為伺服器15之作業系統14上所執行之日誌讀取軟體,於作業系統14開始執行一應用軟體時,即持續讀取作業系統14內之系統日誌以及伺服器之服務日誌。應用程式13為一應用軟體所附加之功能,於應用軟體開始執行時,即持續讀取應用軟體之程式日誌。The application program 13 is a log reading software executed on the operating system 14 of the server 15. When the operating system 14 starts executing an application software, it continuously reads the system log in the operating system 14 and the service log of the server. The application 13 is a function attached to an application software, and when the application software starts executing, the program log of the application software is continuously read.
上述之日誌讀取軟體執行後,於雲端運算之平台即服務(Platform as a Service,PaaS)記錄相關的連線請求資訊至系統日誌,且於雲端運算之基礎設施即服務(Infrastructure as a Service,IaaS)記錄相關的連線請求資訊至網路日誌。After the above-mentioned log reading software is executed, the platform as a service (PaaS) in the cloud computing records the relevant connection request information to the system log, and the infrastructure as a service in the cloud computing (Infrastructure as a Service, IaaS) Records related connection request information to the web log.
於本實施例中,應用軟體執行檔案時,會經過資料閘道12讀取儲存在資料庫17之檔案,並產生一檔案指紋(檔案指紋為辯證該檔案之識別碼),其在檔案被任何一使用者操作時,都會產生一關聯資料儲存至資料存取日誌中,關聯資料至少包含檔案指紋、程式之名稱、發生時間以及檔案所經過之檔案路徑或檔案夾。In this embodiment, when the application software executes the file, the file stored in the database 17 is read through the data gateway 12, and an file fingerprint is generated (the file fingerprint is the identification code of the file), and the file is any When a user operates, an associated data is generated and stored in the data access log. The associated data includes at least the file fingerprint, the name of the program, the time of occurrence, and the file path or folder through which the file passes.
根據上述,本發明運用日誌搜集系統,配合特殊的資料閘道12及日誌讀取軟體,結合已有的一般網路設備16及伺服器15進行日誌搜集功能。According to the above, the present invention uses the log collecting system, cooperates with the special data gateway 12 and the log reading software, and combines the existing general network device 16 and the server 15 to perform the log collecting function.
在另一實施例中,本發明應用於分散式多重傳輸協定之跨層日誌搜集機制中,可在已搜集的相關日誌下,結合資料特徵值的運用,提出以日誌資料為基礎的事後資料存取、傳輸的 資料軌跡追蹤機制。In another embodiment, the present invention is applied to a cross-layer log collection mechanism of a distributed multi-transport protocol, and can be used to store post-mortem data based on log data in conjunction with the use of data eigenvalues in the collected related logs. Take and transmit Data trajectory tracking mechanism.
根據上述,本發明透過分散式多重傳輸協定之跨層日誌搜集機制在結合不同記錄的標準如SNMP、Windows Event與Syslog等不同設備、系統的日誌記錄來源下,針對各種的資料存取行為,如新增、異動、刪除及修改等,額外運用單向雜湊演算法計算檔案或資料之特徵值,再加以記錄。一方面在日誌系統中,沒有額外記錄真實資料內容的疑慮,另一方面受益於單向雜湊演算法計算的運用,其所產生的資料特徵值具有唯一性,故可於事後證明所傳輸、存取的資料內容是否與樣本相符。以此掌握資料傳輸的管道及相關系統或使用者運用資料的情形。有別於傳統資料外洩的防護方案,以事先定義比對為主。本發明可更明確的證明資料被存取的相關軌跡,並進一步掌握資料被存取的情況。According to the above, the cross-layer log collection mechanism of the distributed multi-transport protocol is used for various data access behaviors in combination with different recording standards such as SNMP, Windows Event and Syslog, and different device and system log recording sources, such as Add, change, delete, and modify, and use the one-way hash algorithm to calculate the feature values of files or data, and record them. On the one hand, in the log system, there is no doubt about the actual content of the real data. On the other hand, it benefits from the use of the one-way hash algorithm calculation. The data feature value generated is unique, so it can be proved and transmitted afterwards. Whether the content of the data is consistent with the sample. In this way, the data transmission pipeline and related systems or users use the data. Protection schemes that are different from traditional data leakage are based on prior definitions. The invention can more clearly prove the relevant trajectory of the data being accessed, and further grasp the case where the data is accessed.
請參閱第二圖所示為本發明一實施例之基於跨層日誌記錄的資料軌跡追蹤方法步驟流程示意圖。步驟S11:進入雲端系統;使用者於遠端的一客戶端操作一網路程式經由網路進入雲端系統。在另一實施例中,客戶端為一網路設備並具有網路日誌。Please refer to the second figure for a flow chart of the steps of the data track tracing method based on cross-layer log recording according to an embodiment of the present invention. Step S11: Entering the cloud system; the user operates a network program at a remote end to enter the cloud system via the network. In another embodiment, the client is a network device and has a web log.
步驟S12:執行應用程式讀取檔案,產生檔案指紋碼;雲端系統對網路程式允許其執行至少一應用程式讀取一檔案,雲端系統對檔案產生一檔案指紋碼。其中,檔案指紋碼係由一演算法根據檔案內容產生一可識別檔案之數位碼。Step S12: executing the application to read the file and generating the file fingerprint code; the cloud system allows the network program to execute at least one application to read a file, and the cloud system generates an file fingerprint code for the file. The file fingerprint code is generated by an algorithm to generate a digital code of the identifiable file according to the file content.
步驟S13:產生資料存取日誌;網路程式在雲端系統中執行應用程式時,會產生一含有檔案指紋碼之資料存取日誌。Step S13: generating a data access log; when the network program executes the application in the cloud system, a data access log containing the file fingerprint code is generated.
步驟S14:收集並分析所有日誌資料;待網路程式結束在雲端系統的服務時,應用程式產生一程式日誌,且一日誌讀取程式收集資料存取日誌、程式日誌資料、系統日誌、網路日誌及關聯資料,經過分析與排序時間後,得到客戶端的資料使用軌跡。日誌讀取程式安裝在雲端系統的每一伺服器上之作業系統中,可讀取作業系統之系統日誌。其中,關聯資料至少包含檔案指紋碼、程式之名稱、發生時間以及檔案所經過之檔案路徑或檔案夾。Step S14: collecting and analyzing all the log data; when the network program ends in the service of the cloud system, the application generates a program log, and a log reading program collects the data access log, the program log data, the system log, and the network. After the log and related data are analyzed and sorted, the data usage track of the client is obtained. The log reading program is installed in the operating system on each server of the cloud system, and can read the system log of the operating system. The related data includes at least the file fingerprint code, the name of the program, the time of occurrence, and the file path or folder through which the file passes.
本發明運用結合單向雜湊演算法,於發生各種檔案資料存取行為,如新增、異動、刪除及修改等操作時,產生當時檔案或資料內容的資料特徵值,以於事後追蹤、稽核的證據需求,就如在該檔案被執行時產生如指紋般的痕跡,留下執行的證據。The invention combines the one-way hash algorithm to generate data feature values of the current file or data content when various file data access behaviors occur, such as adding, changing, deleting and modifying, for post-tracking and auditing. The need for evidence is as if a fingerprint-like trace is produced when the file is executed, leaving evidence of execution.
本發明運用日誌搜集系統,配合特殊的網路設備及程式,結合已有的一般網路設備及程式、作業系統進行資料軌跡追蹤,特點分述如下:The invention utilizes a log collecting system, cooperates with special network devices and programs, and combines existing general network devices, programs and operating systems to track data tracks. The features are as follows:
1.由雲端運算環境中所佈署的應用軟體,加入相關功能或運用其原有日誌記錄功能,在相關操作時,紀錄請求者的應用程式識別資料,如用戶帳號、請求時間,請求項目及回傳項目等。1. Application software deployed in the cloud computing environment, adding related functions or using its original logging function, during the relevant operation, recording the requester's application identification data, such as user account, request time, request item and Return items, etc.
2.於平台即服務(PaaS)層中,紀錄相關的連線請求資訊(網路層、傳送層、會談層、表現層、應用層)資料,輔以基礎架構即服務(IaaS)層內紀錄相關如 MAC、IP位址等(實體層、資料鏈結層、網路層)資料。2. In the Platform as a Service (PaaS) layer, record related connection request information (network layer, transport layer, talk layer, presentation layer, application layer) data, supplemented by infrastructure as a service (IaaS) layer record Related MAC, IP address, etc. (physical layer, data link layer, network layer) data.
3.系統中資料對外傳輸的管道,有特定的資料閘道,其需經由特定的設備,以追蹤其所傳輸資料的行為及內容。3. The pipeline for the external transmission of data in the system has a specific data gateway, which needs to be tracked through specific equipment to track the behavior and content of the data transmitted.
4.於日誌系統中,結合上述資料,提供相關比對功能,以識別出潛在的違反規範行為。4. In the log system, combined with the above information, provide relevant comparison functions to identify potential violations of the specification.
綜合上述,本發明透過不同的日誌記錄標準,可突破單一層級,如應用程式或作業系統,掌握更多的資料,更有效的提供資料存取的軌跡,以利相關追蹤。進而更有效的了解資料傳輸的路徑及相關參與到的系統或使用者的操作或運用方式,以供犯罪追查或鑑識相關佐證之用。In summary, the present invention can break through a single level, such as an application or an operating system, to acquire more data and more effectively provide a track of data access for related tracking. In turn, it is more effective to understand the path of data transmission and the related operation or operation of the system or user involved in the crime for criminal tracing or forensic evidence.
透過上述之詳細說明,即可充分顯示本發明之目的及功效上均具有實施之進步性,極具產業之利用性價值,且為目前市面上前所未見之新發明,完全符合發明專利要件,爰依法提出申請。唯以上所述著僅為本發明之較佳實施例而已,當不能用以限定本發明所實施之範圍。即凡依本發明專利範圍所作之均等變化與修飾,皆應屬於本發明專利涵蓋之範圍內,謹請 貴審查委員明鑑,並祈惠准,是所至禱。Through the above detailed description, it can fully demonstrate that the object and effect of the present invention are both progressive in implementation, highly industrially usable, and are new inventions not previously seen on the market, and fully comply with the invention patent requirements. , 提出 apply in accordance with the law. The above is only the preferred embodiment of the present invention, and is not intended to limit the scope of the invention. All changes and modifications made in accordance with the scope of the invention shall fall within the scope covered by the patent of the invention. I would like to ask your review committee to give a clear explanation and pray for it.
11‧‧‧日誌設備11‧‧‧Logging equipment
12‧‧‧資料閘道12‧‧‧Information gateway
13‧‧‧應用程式13‧‧‧Application
14‧‧‧作業系統14‧‧‧Operating system
15‧‧‧伺服器15‧‧‧Server
16‧‧‧網路設備16‧‧‧Network equipment
17‧‧‧資料庫17‧‧‧Database
Claims (15)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW102130759A TWI484331B (en) | 2013-08-28 | 2013-08-28 | Base on cross-layer log data trace system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW102130759A TWI484331B (en) | 2013-08-28 | 2013-08-28 | Base on cross-layer log data trace system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201508479A TW201508479A (en) | 2015-03-01 |
| TWI484331B true TWI484331B (en) | 2015-05-11 |
Family
ID=53186216
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW102130759A TWI484331B (en) | 2013-08-28 | 2013-08-28 | Base on cross-layer log data trace system and method |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI484331B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW201715398A (en) * | 2015-10-20 | 2017-05-01 | Insyde Software Corp | Method and system for filtering system information in an operating system for enhancing the efficiency in searching for a system log in the operation system |
| US10192278B2 (en) * | 2016-03-16 | 2019-01-29 | Institute For Information Industry | Traceable data audit apparatus, method, and non-transitory computer readable storage medium thereof |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200534128A (en) * | 2004-04-02 | 2005-10-16 | Hon Hai Prec Ind Co Ltd | System and method for logging event of telecommunications devices |
| TW200924428A (en) * | 2007-11-30 | 2009-06-01 | Inventec Corp | An inside tracing method of the network attacking detection |
| US20100212013A1 (en) * | 2007-07-20 | 2010-08-19 | Electronics And Telecommunications Research Instit | Log-based traceback system and method using centroid decomposition technique |
| US8176553B1 (en) * | 2001-06-29 | 2012-05-08 | Mcafee, Inc. | Secure gateway with firewall and intrusion detection capabilities |
-
2013
- 2013-08-28 TW TW102130759A patent/TWI484331B/en not_active IP Right Cessation
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8176553B1 (en) * | 2001-06-29 | 2012-05-08 | Mcafee, Inc. | Secure gateway with firewall and intrusion detection capabilities |
| TW200534128A (en) * | 2004-04-02 | 2005-10-16 | Hon Hai Prec Ind Co Ltd | System and method for logging event of telecommunications devices |
| US20100212013A1 (en) * | 2007-07-20 | 2010-08-19 | Electronics And Telecommunications Research Instit | Log-based traceback system and method using centroid decomposition technique |
| TW200924428A (en) * | 2007-11-30 | 2009-06-01 | Inventec Corp | An inside tracing method of the network attacking detection |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201508479A (en) | 2015-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11798028B2 (en) | Systems and methods for monitoring malicious software engaging in online advertising fraud or other form of deceit | |
| JP7369501B2 (en) | Detecting inappropriate activity in the presence of unauthenticated API requests using artificial intelligence | |
| Pichan et al. | Towards a practical cloud forensics logging framework | |
| Imran et al. | Web data amalgamation for security engineering: Digital forensic investigation of open source cloud. | |
| Thorpe et al. | Towards a forensic-based service oriented architecture framework for auditing of cloud logs | |
| De Marco et al. | Cloud forensic readiness: Foundations | |
| Simou et al. | Cloud forensics solutions: A review | |
| Di Martino et al. | Realistically fingerprinting social media webpages in https traffic | |
| Alam et al. | In-cloud malware analysis and detection: State of the art | |
| Viegas et al. | Enhancing service maintainability by monitoring and auditing SLA in cloud computing | |
| TWI484331B (en) | Base on cross-layer log data trace system and method | |
| Schlepphorst et al. | Digital forensic approaches for cloud service models: A survey | |
| Simioni et al. | Monitoring an anonymity network: Toward the deanonymization of hidden services | |
| Odebade et al. | Mitigating anti-forensics in the cloud via resource-based privacy preserving activity attribution | |
| Wu et al. | Cloud Evidence tracing system: an integrated forensics investigation system for large-scale public cloud platform | |
| Rochmadi et al. | Forensic analysis in cloud storage with live forensics in windows (adrive case study) | |
| Liu et al. | A research and analysis method of open source threat intelligence data | |
| Jeyaraman et al. | An empirical study of automatic event reconstruction systems | |
| Lee et al. | A proposal for automating investigations in live forensics | |
| Latib et al. | Analysing log files for web intrusion investigation using hadoop | |
| Chen et al. | Cloud forensics: model, challenges, and approaches | |
| Bhatia et al. | CFRF: cloud forensic readiness framework–A dependable framework for forensic readiness in cloud computing environment | |
| Cheng et al. | MUI-defender: CNN-Driven, network flow-based information theft detection for mobile users | |
| Prasad et al. | A Methodology for WebLog Data analysis using HadoopMapReduce and PIG | |
| Sai Charan | Abnormal user pattern detection Using semi-structured server log file analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |