Detecting and Analyzing the Malicious Linux Events using Filebeat and ELK Stack
J Bhuvanesh Babu1, Srinivas Prasad2, Gudapati Syam Prasad3
1J Bhuvanesh Babu, Department of CSE, Koneru Lakshmaiah Education Foundation, Vaddeswaram (A.P), India.
2Dr Srinivas Prasad, Department of CSE, Koneru Lakshmaiah Education Foundation, Vaddeswaram (A.P), India.
3Dr Gudapati Syam Prasad, Department of CSE, Koneru Lakshmaiah Education Foundation, Vaddeswaram (A.P), India.
Manuscript received on 18 April 2019 | Revised Manuscript received on 25 April 2019 | Manuscript published on 30 April 2019 | PP: 1845-1849 | Volume-8 Issue-4, April 2019 | Retrieval Number: D7003048419/19©BEIESP
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: If we look at the current day scenario almost every individual and businesses “are moving their ways of data storage from traditional ways (i.e., paper and files) to digital ways (i.e., cloud storages), which provides a platform to store and maintain data in an accurate, reliable and secure way. But, if the system is not configured securely it leads to data breaches and results in confidential data of an individual or a business being landed in the hands of bad guys, which results in huge financial and reputation loss and may even lead to life loss in some major cases. 0Although Linux is considered as the most secured operating system compared to other competition, but in recent times attackers started exploiting the vulnerabilities present in the Linux operating system and is becoming the next big target for the cyber criminals”“Now, the major provocation for any business or IT companies is to train its internal employees and maintain log analysis and monitoring domain, which is time consuming and requires expensive resources and knowledge. We have multiple log analysis commercial tools available in market which are expensive for small scale businesses and start-ups. So, in this paper I am going to propose a profitable way of implementing log monitoring and analysis infrastructure using open source tools like ELK stack and Moloch.”ELK Stack is an open-source tool which is a combination of three open source tools Elasticsearch “Logstash and Kibana which is used for monitoring and analyzing logs, here we are using ELK stack and Filebeat, Auditbeat which is light weight data shipper used to push Linux events to remote server, to build a profitable log monitoring and analysis infrastructure which can also be used for establishing a small scale Security Operations Center (SOC) services.”
Keywords: ELK Stack, Filebeat, Auditbeat Moloch, Wireshark, Log Monitoring, Malware Analysis
Scope of the Article: Performance Analysis