情報処理学会 第81回全国大会講演要旨

Computer security has been getting more attentions because a computer security incident may cause great damage on an organization. A quick response against an incident is then important in order to to avoid information compromise and a second infection of a malware. It is then important to quickly identify a suspicious host that may be compromised. When ones identify a suspicious host, ones may check to see communication logs. Amount of communication logs tend to be huge, and their search delays tend to be long and the delay should be minimized. To this end, this paper proposes a fast logging system that considers a fact that a communication log is in time series while a traditional logging system on top of RDBMS is not dedicated for the time series logs. The proposed system also minimize a size of logging storage by indexing logging messages as much as possible. This paper then demonstrates that proposed system can reduce a delay and a storage size of communication logs of a firewall in an actual campus network in comparison with a traditional logging system.