Identifying and Analyzing Unauthorized Users from Security Log Files Using MySQL and NoSQL

Cyber security is becoming more prevalent in our society. As we continue to improve our systems, unfortunately, cyberattacks become more sophisticated and dangerous. We may have security measures put in place, however that is not enough to protect our IT systems. In this research, more than 6 months of daily log files from multiple Linux servers that require an SSH login feature were collected. We analyzed more than 300 log files and focused on unauthorized login entries that contain “Failed password” and “Invalid user”. Then, the fields (date, time, attempt login, IP address, protocol, ports) were automatically processed and extracted by programs to store in the database. Data models were designed using MySQL and NoSQL to manage the data and their relationship. Several analytics charts will be developed and results displayed on the web system that shows the attacks geo-location, frequency, summary, etc information. People can click the “LIKE” icon on the charts. This will help us to identify which charts people pay more attention to and consider more useful.