Architecture of an integrated java application for log analysis to detect computer attacks in information systems by responding to various security anomalies

Objective. When integrating the ELK stack into an information system, it is necessary to have a duplicate Java application in a closed circuit for hidden anomaly processing. It is necessary to develop the architecture of a Java application for hidden integration with the information system.

Method. The research used methods of analyzing information in information system logs, static analysis methods, programming for application development, and data processing algorithms.

Result. An example of implementing the Elasticsearch stack for processing and storing logs is presented. An implementation of anomaly analysis using the official Elasticsearch library is proposed. Options for using Elasticsearch for anomaly analysis are considered, an implementation of anomaly analysis using the official Elasticsearch library is proposed. The architecture of a Java application integrated into an information system for automated log analysis in order to detect computer attacks or signals of their onset by searching for anomalies is proposed. Variants of anomalies in information system logs are considered and actions for their detection are described. A generalized map of the Java application workflow is demonstrated.

Conclusion. The architecture of a Java application implementing the analysis of logs of an information system for key anomalies has been developed.

1. Zamani M., Movahedi M. Machine learning techniques for intrusion detection. arXiv preprint arXiv:1312.2177. – 2013.

2. Kononenko O. et al. Mining modern repositories with elasticsearch. Proceedings of the 11th working conference on mining software repositories. 2014:328-331.

3. Salo F. et al. Data mining techniques in intrusion detection systems: A systematic literature review. IEEE Access. 2018; 6: 56046-56058.

4. Son S. J., Kwon Y. Performance of ELK stack and commercial system in security log analysis. 2017 IEEE 13th Malaysia international conference on communications (MICC). IEEE, 2017;187-190.

5. Orlov, G.A. Application of Big Data in the Analysis of Big Data in Computer Networks / G.A. Orlov, A.V. Krasov, A M. Gelfand. High-tech in space exploration of the Earth. 2020;12(4):76-84. - DOI 10.36724/2409-5419-2020-12-4-76-84. - EDN RQQTOQ. (In Russ)

6. Kotenko I.V., Kuleshov A.A., Ushakov I.A. System for collecting, storing and processing information and security events based on Elastic Stack., Proceedings of SPIIRAS. 2017;5 (54):5-34. - DOI 10.15622/sp.54.1. - EDN ZMREVZ. (In Russ)

7. Shah N., Willick D., Mago V. A framework for social media data analytics using Elasticsearch and Kibana. Wireless networks. 2022; 28:3:1179-1187.

8. Bhattacharjee S. D. et al. Context-aware graph-based analysis for detecting anomalous activities. 2017 IEEE International Conference on Multimedia and Expo (ICME). IEEE, 2017:1021-1026.

9. Cheng L., Liu F., Yao D. Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery. 2017;7:5:1211.

10. Bashmakov, N.M. System for detecting anomalies in logs of monitoring the state of a protected object / N.M. Bashmakov, V.V. Urazaev, A.M. Wulfin. Collection of selected articles of the scientific session of TUSUR. 2023;1-3:36-41. - EDN LUQUGC. (In Russ)

11. Sharikov, P.I., Krasov A.V. Study of the vulnerability of serialization and deserialization of data in Java // Regional informatics and information security: collection of scientific papers, St. Petersburg, November 01-03, 2017 / St. Petersburg Society for Informatics, Computer Engineering, Communications and Control Systems. Volume Issue 3. - St. Petersburg: St. Petersburg Society for Informatics, Computer Engineering, Communications and Control Systems, 2017: 333-336. - EDN YNAETH. (In Russ)

12. Sheloukhin O.I., Ryabinin V.S. Detection of anomalies in big data of unstructured system logs . Cybersecurity Issues. 2019; 2 (30):36-41. - DOI 10.21681/2311-3456-2019-2-36-41. - EDN IGKKGG. (In Russ)

13. Krasov, A.V. Design of an Intrusion Detection System for an Information Network Using Big Data / A.V. Krasov, D.V. Sakharov, A.A. Tasyuk. High Technologies in Space Research of the Earth. 2020;12(1):. 70-76. - DOI 10.36724/2409-5419-2020-12-1-70-76. - EDN UJEKZY. (In Russ)

14. Minyaev A.A., Krasov A.V., Sakharov D.V. Method for Assessing the Effectiveness of an Information Security System for Geographically Distributed Personal Data Information Systems. Bulletin of the St. Petersburg State University of Technology and Design. Series 1: Natural and Technical Sciences. 2020;1:29-33. – DOI 10.46418/2079-8199_2020_1_5. – EDN ULHTJK. (In Russ)

15. Minyaev, A.A. Methodology for assessing the effectiveness of the information security system of geographically distributed information systems / A.A. Minyaev, A.V. Krasov. Bulletin of the St. Petersburg State University of Technology and Design. Series 1: Natural and technical sciences. 2020; 3: 26-32. - DOI 10.46418/2079-8199_2020_3_4. - EDN YNHOEI. (In Russ)

16. Technical aspects of management using the Internet: Monograph / A.A. Aleinikov, K.Z. Bilyatdinov, A.V. Krasov [et al.]. – Saint Petersburg: Center for Scientific and Information Technologies "Asterion", 2016: 305 ISBN 978-5-00045-408-4. – EDN XGTJLL. (In Russ)

17. Mayorov, A.V. Architecture and software implementation of a system for detecting computer attacks in corporate and government information systems based on intelligent analysis methods / A.V. Mayorov. Bulletin of the St. Petersburg State University of Technology and Design. Series 1: Natural and technical sciences. 2023; 2: 40-46. – DOI 10.46418/2079-8199_2023_2_8. – EDN HEPDFF. (In Russ)

18. Sharikov P.I., Tsvetkov A.Yu., Sigacheva V.V., Sirotina L.K. Research and algorithm for preventing exploitation of vulnerabilities of the Log4j logging library in Java application information systems. Bulletin of the St. Petersburg State University of Technology and Design. Series 1: Natural and Technical Sciences. 2023; 4:100-106. – DOI 10.46418/2079-8199_2023_4_19. – EDN BULSOH. (In Russ)

19. Sharikov P.I. Methodology for obfuscation of Java application bytecode in order to protect it from decompilation attacks. Bulletin of the St. Petersburg State University of Technology and Design. Series 1: Natural and Technical Sciences. 2022;1:64-72. DOI 10.46418/2079-8199_2022_1_10. – EDN AUOFNA. (In Russ)

20. Sharikov P.I. Methodology for creating and hidden embedding a digital watermark in the bytecode of a class file based on undeclared capabilities of the Java virtual machine. Modern science: current problems of theory and practice. Series: Natural and technical sciences. 2023;7-2:165-174. – DOI 10.37882/2223-2982.2023.7-2.37. – EDN YBEWYQ. (In Russ)