| Nome: | Descrição: | Tamanho: | Formato: | |
|---|---|---|---|---|
| DM_LuisTeixeira_MEI_2020 | 2.02 MB | Adobe PDF |
Autores
Orientador(es)
Resumo(s)
A evoluc¸ ˜ao das infraestruturas de redes inform´ aticas em termos de dimens˜ao e complexidade
torna cada vez mais dif´ıcil de detetar problemas ou intrusos na rede atempadamente. Os equipamentos
e sistemas ligados em rede produzem grande volume de dados relativos ao seu
funcionamento (logs) contendo m´ ultiplos n´ıveis de detalhes referentes a cada evento capturado.
Apesar dos sistemas focados na detec¸ ˜ao de eventos espec´ıficos (SIEM) serem os principais
consumidores destes logs, ´e importante facilitar a visualizac¸ ˜ao dos mesmos e analisar
a evoluc¸ ˜ao e estado da rede inform´ atica, de forma a melhorar ou manter o seu funcionamento.
Nesta dissertac¸ ˜ao apresentamos uma framework com a capacidade de armazenar, visualizar
e processar ficheiros de logs de sistemas e equipamentos da rede atrav´es de uma base de
dados orientada por grafos. Esta visualizac¸ ˜ao avanc¸ada tem por objetivo simplificar a an´ alise
por parte do administrador da rede, dando-lhe uma vis ˜ao interativa, integrada e em tempo real
facultando a identificac¸ ˜ao dos ativos na rede bem como a an´ alise de padr˜oes capaz de detetar
desvios ao comportamento normal/esperado da rede.
The evolution of computer network infrastructures in terms of size and complexity makes it increasingly difficult to detect problems or intruders in the network in a timely manner. The network equipment and devices produce a large volume of data related to their operation (logs) containing multiple levels of details related to each captured event. Systems focused on detecting specific events (SIEM) are the main consumers of these logs, but it still important to facilitate their visualization and analyze the evolution and status of the computer network, in order to improve or maintain its normal operation. In this dissertation we present a framework with the ability to store, view and process log files for systems and network equipment through a graph-oriented database. This advanced visualization aims to simplify the analysis by the network administrator, giving an interactive, integrated and real-time view providing the identification of the assets in the network as well as the analysis by means of pattern analysis to detect potential malfunction scenarios by considering deviations from normal/expected behavior
The evolution of computer network infrastructures in terms of size and complexity makes it increasingly difficult to detect problems or intruders in the network in a timely manner. The network equipment and devices produce a large volume of data related to their operation (logs) containing multiple levels of details related to each captured event. Systems focused on detecting specific events (SIEM) are the main consumers of these logs, but it still important to facilitate their visualization and analyze the evolution and status of the computer network, in order to improve or maintain its normal operation. In this dissertation we present a framework with the ability to store, view and process log files for systems and network equipment through a graph-oriented database. This advanced visualization aims to simplify the analysis by the network administrator, giving an interactive, integrated and real-time view providing the identification of the assets in the network as well as the analysis by means of pattern analysis to detect potential malfunction scenarios by considering deviations from normal/expected behavior
Descrição
Dissertação de Mestrado em Engenharia Informática
Palavras-chave
Common Log Format Logging Process Mining Graph Databases Pattern Analysis
Contexto Educativo
Citação
Editora
Instituto Politécnico do Porto. Escola Superior de Tecnologia e Gestão
