Yunliang Jiang,Jiangang Yang,Liang Tang,Yong Liu,Xiaoming Zhao,Xiulan Hao

DOI: https://doi.org/10.1007/978-3-662-48247-6_23

2015-01-01

Abstract:Because of the popularity of mobile phone and the development of mobile network, mobile data is growing explosively. Mobile data mining is more and more of attention. But single node-based data mining platform has been unable to store and analysis the massive data. According to cloud computing technology, we preset a distributed data mining framework based on Hadoop. Then, we present the implementation of this system framework and process mobile internet access log on the Hadoop cluster. Comparative tests will show that this distributed system framework is significantly efficient for processing huge scale dataset.

CHEN Wen-bo,ZHANG Xiu-juan,LI Lin,TANG Jun

DOI: https://doi.org/10.3969/j.issn.1001-7445.2011.z1.067

2011-01-01

Abstract:On the issue of defending Flooding-attack,the paper established a distributed system of log analysis based on Hadoop.By the analysis of the number of each IP requests from access logs,we can get the unusual IP that has frequent requests and detect the source of attacks effectively,providing a realistic basis for solving the problem of flood attacks.Through experiments,we not only have verified that the distributed system has a huge advantage of timeliness compared with the single machine system,but also built two distributed systems whose slaves were made up of virtual machines with the base of different file systems,to which performance was compared in detail.

Tang Jingwen,Chen Weimin,Zhang Min,Peng Kaikang,Lai Chaohao,Fu Kai

DOI: https://doi.org/10.1109/ICDSCA56264.2022.9988620

2022-01-01

Abstract:In view of the low computational efficiency of traditional log data analysis technology in processing large amounts of data, this paper proposes a set of log data analysis solutions based on big data technology. A parallel log analysis tool is designed on the Hadoop open source framework, and the anomaly detection of log data is implemented using the MapReduce model. Through experimental demonstration, when analyzing massive log data, the use of big data technology can significantly improve the execution efficiency of anomaly detection.

S. Suganya,S. Selvamuthukumaran

DOI: https://doi.org/10.3233/jifs-233579

2023-08-05

Abstract:Hadoop is a big data processing system that enables the distributed processing of massive data sets across multiple computers using straightforward programming techniques. Hadoop has been extensively investigated in many attacks as a result of its growing significance in industry. A company may learn about the actions of invaders as well as the weaknesses of the Hadoop cluster by examining a significant quantity of data from the log file. In a Big Data setting, the goal of the paper is to generate an analytical classification for intrusion detection. In this study, Hadoop log files were examined based on assaults that were recorded in the log files. Prior to analysis, the log data is cleaned and improved using a Hadoop preprocessing tool. For feature extraction, the hybrid Improved Sparrow Search Algorithm with Mutual Information Maximization (H-ISSA-MIM). Then the CNN (Convolutional Neural Network) classifier will detect the intrusions. The implementation is performed using the MATLAB 2020a software. The performance metrics like accuracy, precision, F-score, recall, specificity, FPR, FNR are calculated for the proposed methodology and it is compared with the existing techniques like Decision Tree (DT), Principal Components Analysis (PCA)- K means, Long Short Time Memory (LSTM). The maximum value of accuracy finds out in the proposed method 98% .

Khloud Al Jallad,Mohamad Aljnidi,Mohammad Said Desouki

DOI: https://doi.org/10.48550/arXiv.2209.13961

2022-09-28

Cryptography and Security

Abstract:With the growing use of information technology in all life domains, hacking has become more negatively effective than ever before. Also with developing technologies, attacks numbers are growing exponentially every few months and become more sophisticated so that traditional IDS becomes inefficient detecting them. This paper proposes a solution to detect not only new threats with higher detection rate and lower false positive than already used IDS, but also it could detect collective and contextual security attacks. We achieve those results by using Networking Chatbot, a deep recurrent neural network: Long Short Term Memory (LSTM) on top of Apache Spark Framework that has an input of flow traffic and traffic aggregation and the output is a language of two words, normal or abnormal. We propose merging the concepts of language processing, contextual analysis, distributed deep learning, big data, anomaly detection of flow analysis. We propose a model that describes the network abstract normal behavior from a sequence of millions of packets within their context and analyzes them in near real-time to detect point, collective and contextual anomalies. Experiments are done on MAWI dataset, and it shows better detection rate not only than signature IDS, but also better than traditional anomaly IDS. The experiment shows lower false positive, higher detection rate and better point anomalies detection. As for prove of contextual and collective anomalies detection, we discuss our claim and the reason behind our hypothesis. But the experiment is done on random small subsets of the dataset because of hardware limitations, so we share experiment and our future vision thoughts as we wish that full prove will be done in future by other interested researchers who have better hardware infrastructure than ours.

Yahong Han,Feng Lin,Yi Chai,Kaiming Qie,Shuo Li,Yuanyuan Wang,Cheng Zhang,Minyi Guo

2023-01-01

Abstract:To achieve real-time anomaly detection in system logs, this paper presents a distributed processing method for large scale logs based on spark, flume, kafka, zookeeper and so on. The method utilizes Spark Streaming to enable parallel log parsing. Additionally, a novel anomaly detection model is proposed, which integrates multiple log features for improved detection accuracy. Experimental results on the HDFS (Hadoop Log File System) dataset demonstrate the method’s efficiency and effectiveness in processing massive log data.

Zhaoli Liu,Tao Qin,Xiaohong Guan,Hezhi Jiang,Chenxu Wang

DOI: https://doi.org/10.1109/ACCESS.2018.2843336

IF: 3.9

2018-01-01

IEEE Access

Abstract:Logs are generated by systems to record the detailed runtime information about system operations, and log analysis plays an important role in anomaly detection at the host or network level. Most existing detection methods require a priori knowledge, which cannot be used to detect the new or unknown anomalies. Moreover, the growing volume of logs poses new challenges to anomaly detection. In this paper, we propose an integrated method using K-prototype clustering and k-NN classification algorithms, which uses a novel clustering-filtering-refinement framework to perform anomaly detection from massive logs. First, we analyze the characteristics of system logs and extract 10 features based on the session information to characterize user behaviors effectively. Second, based on these extracted features, the K-prototype clustering algorithm is applied to partition the data set into different clusters. Then, the obvious normal events which usually present as highly coherent clusters are filtered out, and the others are regarded as anomaly candidates for further analysis. Finally, we design two new distance-based features to measure the local and global anomaly degrees for these anomaly candidates. Based on these two new features, we apply the k-NN classifier to generate accurate detection results. To verify the integrated method, we constructed a log collection and anomaly detection platform in the campus network center of Xi'an Jiaotong University. The experimental results based on the data sets collected from the platform show our method has high detection accuracy and low computational complexity.

Jiuyuan Huo,Jian Weng,Hong Qu

DOI: https://doi.org/10.1145/3318265.3318281

2019-03-08

Abstract:Log analysis is an important method to reflect the running status and user behavior of the network system, and is also an important way to ensure network security. In view of the fact that the storage or calculation of log data by a single host can not meet the requirements of large-scale data analysis, this paper proposes a clustering method of big data based on Map/Reduce distributed computing framework for Web logs. The experiments are taken on the Hadoop platform. The relations and rules that exist in the logs are examined and analyzed to obtain the potential information. This method can enable efficient storage, management, and mining analysis for the large-scale Web logs.

Galip Aydin,Ibrahim Riza Hallac

DOI: https://doi.org/10.48550/arXiv.1802.03589

2018-02-10

Distributed, Parallel, and Cluster Computing

Abstract:In this paper we describe our work on designing a web based, distributed data analysis system based on the popular MapReduce framework deployed on a small cloud; developed specifically for analyzing web server logs. The log analysis system consists of several cluster nodes, it splits the large log files on a distributed file system and quickly processes them using MapReduce programming model. The cluster is created using an open source cloud infrastructure, which allows us to easily expand the computational power by adding new nodes. This gives us the ability to automatically resize the cluster according to the data analysis requirements. We implemented MapReduce programs for basic log analysis needs like frequency analysis, error detection, busy hour detection etc. as well as more complex analyses which require running several jobs. The system can automatically identify and analyze several web server log types such as Apache, IIS, Squid etc. We use open source projects for creating the cloud infrastructure and running MapReduce jobs.

Shivi Sharma,Ashish Sharma,Hemraj Saini

DOI: https://doi.org/10.35940/ijitee.j9369.0881019

2019-08-10

VOLUME 8 ISSUE 10, AUGUST 2019, REGULAR ISSUE

Abstract:Big Data has caught the attention of research, science, and business world due to the advancement in digitalization. With the evolution of the Internet of Things (IoT), data is increasing by massive amounts every day. In the big data environment, securing a large amount of data has become a challenging issue in both security and research industry. In this paper, a framework has been proposed to inspect malignant information and suspicious activities traveling over the networks by utilizing Hive Queries. This framework’s procedure loads activity information into Hadoop Distributed File System (HDFS) through a Hive database thus examining the information. This information is sorted as IP Wise, Port Wise, and Protocol Wise. Hive queries will help to achieve these three goals:- 1) Traffic classification 2) Interrupt Identification 3) analyzing of network traffic. Using this framework provides users’ a benefit of being able to investigate Big Data and helps them to detect attacks. Therefore, this framework will allow prevention of network attacks and enable real-time detection in a Big Data environment.

Kai Peng,Victor C. M. Leung,Qingjia Huang

DOI: https://doi.org/10.1109/ACCESS.2018.2810267

IF: 3.9

2018-01-01

IEEE Access

Abstract:Intrusion detection system (IDS) provides an important basis for the network defense. Due to the development of the cloud computing and social network, massive amounts of data are generated, which inevitably brings much pressure to IDS. And therefore, it becomes crucial to efficiently divide the data into different classes over big data according to data features. Moreover, we can further determine whether one is normal behavior or not based on the classes information. Although the clustering approach based on K-means for IDS has been well studied, unfortunately directly using it in big data environment may suffer from inappropriateness. On the one hand, the efficiency of data clustering needs to be improved. On the other hand, differ from the classification, there is no unified evaluation indicator for clustering issue, and thus, it is necessary to study which indicator is more suitable for evaluating the clustering results of IDS. In this paper, we propose a clustering method for IDS based on Mini Batch K-means combined with principal component analysis. First, a preprocessing method is proposed to digitize the strings and then the data set is normalized so as to improve the clustering efficiency. Second, the principal component analysis method is used to reduce the dimension of the processed data set aiming to further improve the clustering efficiency, and then mini batch K-means method is used for data clustering. More specifically, we use K-means++ to initialize the centers of cluster in order to avoid the algorithm getting into the local optimum, in addition, we choose the Calsski Harabasz indicator so that the clustering result is more easily determined. Compared with the other methods, the experimental results and the time complexity analysis show that our proposed method is effective and efficient. Above all, our proposed clustering method can be used for IDS over big data environment.

牛建强,曹元大

DOI: https://doi.org/10.3969/j.issn.1001-3695.2003.09.027

2003-01-01

Abstract:Obviously the analysis to log data is an important and valuable link in the whole security model.In the paper,we apply the approach of data mining to log analysis system of IDS,and especially solve the problem of intrusion model's drawing and classifier's constructing in the system,which also does solve the automatic process of log analyses.

Jia Zhanpei,Shen Chao,Yi Xiao,Chen Yufei,Yu Tianwen,Guan Xiaohong

DOI: https://doi.org/10.1109/coase.2017.8256257

2017-01-01

CASE

Abstract:Log data are important audit basis to record routine events occurring on computer or network system, which are also critical data source for detecting system anomalies. By analyzing the data from multi-source logs, it is helpful to detect abnormal system behaviors and discover intruder attacks in real time. In this paper, a Spark-based log data security platform is designed and built to analyze the large-scale log data and detect abnormal network behaviors. By integrating data mining, machine learning, and statistical analysis technologies, our proposed framework can quickly analyze large-scale multi-source log data and accurately discriminate the abnormal behaviors. Furthermore, the association analysis is applied to detect abnormal behaviors or potential threats in the system. Under a real-world network environment, extensive experiments are conducted to evaluate the system performance, which can achieve a fast and accurate detection for abnormal network behaviors, and significantly improve the accuracies under various types of network attack scenarios.

ZHANG Si-yu,JIANG Kai-da,WEI Jian-wen,LUO Xuan,WANG Hai-yang

DOI: https://doi.org/10.3969/j.issn.1000-436x.2014.z1.004

2014-01-01

Abstract:With the rapid expansion of network bandwidth, devices and applications, log management is facing the chal-lenge of exploding data volumes. Log analysis platform built on SQL-on-Hadoop is capable of storing and querying hun-dreds of billions of log entries effectively. Columnar and compressed data formats for Hadoop are benchmarked with real-world multi-TB dataset. Conditional and statistical querying efficiency of Hive and Impala is tested. With gzipped parquet format, log data can be compressed by 80%, and querying with impala is 5 times faster. On this platform, six se-curity incident analysis and detection applications are already deployed.

Markus Wurzenberger,Florian Skopik,Roman Fiedler,Wolfgang Kastner

DOI: https://doi.org/10.48550/arXiv.2101.07113

2021-01-18

Cryptography and Security

Abstract:Most of today's security solutions, such as security information and event management (SIEM) and signature based IDS, require the operator to evaluate potential attack vectors and update detection signatures and rules in a timely manner. However, today's sophisticated and tailored advanced persistent threats (APT), malware, ransomware and rootkits, can be so complex and diverse, and often use zero day exploits, that a pure signature-based blacklisting approach would not be sufficient to detect them. Therefore, we could observe a major paradigm shift towards anomaly-based detection mechanisms, which try to establish a system behavior baseline -- either based on netflow data or system logging data -- and report any deviations from this baseline. While these approaches look promising, they usually suffer from scalability issues. As the amount of log data generated during IT operations is exponentially growing, high-performance analysis methods are required that can handle this huge amount of data in real-time. In this paper, we demonstrate how high-performance bioinformatics tools can be applied to tackle this issue. We investigate their application to log data for outlier detection to timely reveal anomalous system behavior that points to cyber attacks. Finally, we assess the detection capability and run-time performance of the proposed approach.

Dunhong Yao,Yu Chen

DOI: https://doi.org/10.32604/JIHPP.2020.010223

2020-01-01

Abstract:With the rapid development of the Internet, many enterprises have launched their network platforms. When users browse, search, and click the products of these platforms, most platforms will keep records of these network behaviors, these records are often heterogeneous, and it is called log data. To effectively to analyze and manage these heterogeneous log data, so that enterprises can grasp the behavior characteristics of their platform users in time, to realize targeted recommendation of users, increase the sales volume of enterprises’ products, and accelerate the development of enterprises. Firstly, we follow the process of big data collection, storage, analysis, and visualization to design the system, then, we adopt HDFS storage technology, Yarn resource management technology, and gink load balancing technology to build a Hadoop cluster to process the log data, and adopt MapReduce processing technology and data warehouse hive technology analyze the log data to obtain the results. Finally, the obtained results are displayed visually, and a log data analysis system is successfully constructed. It has been proved by practice that the system effectively realizes the collection, analysis and visualization of log data, and can accurately realize the recommendation of products by enterprises. The system is stable and effective.

yutaka koshiba,wuhui chen,yuichi yamada,takazumi tanaka,incheon paik

DOI: https://doi.org/10.1109/ICAwST.2015.7314042

2015-01-01

Abstract:Understanding characteristics of network traffic in a Hadoop cluster is a key to check existing problems in order to improve them for better performance of MapReduce operations. However, current works is focusing on analyzing MapReduce performance within one single data center, but network traffic in a geo-distributed data centers environment has not been well-studied yet. In this paper, we study the network traffic characteristics in geo-distributed data centers and identify some interesting results. We first construct geo-distributed data centers by adding latency among data center clusters with 18 data nodes. Then we collect traffic log data by running MapReduce applications on the geo-distributed data centers. Finally, by analyzing the log data, we found some interesting results for our future research.

PP Anjali,A Binu

DOI: https://doi.org/10.48550/arXiv.1312.5469

2013-12-19

Distributed, Parallel, and Cluster Computing

Abstract:Big data analysis has become much popular in the present day scenario and the manipulation of big data has gained the keen attention of researchers in the field of data analytics. Analysis of big data is currently considered as an integral part of many computational and statistical departments. As a result, novel approaches in data analysis are evolving on a daily basis. Thousands of transaction requests are handled and processed everyday by different websites associated with e-commerce, e-banking, e-shopping carts etc. The network traffic and weblog analysis comes to play a crucial role in such situations where Hadoop can be suggested as an efficient solution for processing the Netflow data collected from switches as well as website access-logs during fixed intervals.

Minh Hieu Nguyen,Viet Hung Nguyen,Huu Phong Pham,Ngoc Anh Tran

DOI: https://doi.org/10.1145/3628797.3628943

2023-12-07

Abstract:System logs play a vital role in upholding information security by capturing events to address potential risks. Numerous research initiatives have harnessed log data to create machine learning models geared towards spotting unusual activities within systems. In this pragmatic study, we introduce an innovative approach to detecting anomalies in log data, employing a three-step process encompassing preprocessing, advanced natural language processing (NLP) utilizing BERT, and a custom 1D-CNN classification model. During the preprocessing phase, we tokenize the data and eliminate non-essential elements, while BERT enriches log message representations. Our Sliding Window and Overlapping Mechanism ensures consistent input dimensions. The 1D-CNN model extracts temporal features for robust anomaly detection. Empirical findings on HFDS, BGL, Spirit, and Thunderbird datasets illustrate that our method outperforms prior approaches in identifying network attacks.

Computer Science

Md Tahmid Rahman Laskar,Jimmy Huang,Vladan Smetana,Chris Stewart,Kees Pouw,Aijun An,Stephen Chan,Lei Liu

DOI: https://doi.org/10.48550/arXiv.2104.13190

2021-04-27

Cryptography and Security

Abstract:Industrial Information Technology (IT) infrastructures are often vulnerable to cyberattacks. To ensure security to the computer systems in an industrial environment, it is required to build effective intrusion detection systems to monitor the cyber-physical systems (e.g., computer networks) in the industry for malicious activities. This paper aims to build such intrusion detection systems to protect the computer networks from cyberattacks. More specifically, we propose a novel unsupervised machine learning approach that combines the K-Means algorithm with the Isolation Forest for anomaly detection in industrial big data scenarios. Since our objective is to build the intrusion detection system for the big data scenario in the industrial domain, we utilize the Apache Spark framework to implement our proposed model which was trained in large network traffic data (about 123 million instances of network traffic) stored in Elasticsearch. Moreover, we evaluate our proposed model on the live streaming data and find that our proposed system can be used for real-time anomaly detection in the industrial setup. In addition, we address different challenges that we face while training our model on large datasets and explicitly describe how these issues were resolved. Based on our empirical evaluation in different use-cases for anomaly detection in real-world network traffic data, we observe that our proposed system is effective to detect anomalies in big data scenarios. Finally, we evaluate our proposed model on several academic datasets to compare with other models and find that it provides comparable performance with other state-of-the-art approaches.