Yunliang Jiang,Jiangang Yang,Liang Tang,Yong Liu,Xiaoming Zhao,Xiulan Hao

DOI: https://doi.org/10.1007/978-3-662-48247-6_23

2015-01-01

Abstract:Because of the popularity of mobile phone and the development of mobile network, mobile data is growing explosively. Mobile data mining is more and more of attention. But single node-based data mining platform has been unable to store and analysis the massive data. According to cloud computing technology, we preset a distributed data mining framework based on Hadoop. Then, we present the implementation of this system framework and process mobile internet access log on the Hadoop cluster. Comparative tests will show that this distributed system framework is significantly efficient for processing huge scale dataset.

魏蔚,董亚波,鲁东明

DOI: https://doi.org/10.3785/j.issn.1008-973x.2010.02.010

2010-01-01

Abstract:Distributed denial of service(DDoS)attack was defended by distributed filtering.Distributed defense was restricted inside autonomous system(AS),which was a suitable bound for defense.Both bandwidth and processing capability of victim were considered.The filtering threshold was dynamically adjusted in AS edge according to the throughput of victim in support vector machine(SVM)-based multi-resource max-min fairness(SMMF)algorithm.Then SMMF achieved multi-resource max-min fairness and was much effective.Simulation results demonstrate that attacking traffic can be depressed in a common scenario and the legitimate throughput can be kept in a normal level when current methods fail.A realiza-tion of filters on PC-based router indicates that only a very small amount of memory is needed and the packet throughput is still normal when thousands of filters are installed.

Yahong Han,Feng Lin,Yi Chai,Kaiming Qie,Shuo Li,Yuanyuan Wang,Cheng Zhang,Minyi Guo

2023-01-01

Abstract:To achieve real-time anomaly detection in system logs, this paper presents a distributed processing method for large scale logs based on spark, flume, kafka, zookeeper and so on. The method utilizes Spark Streaming to enable parallel log parsing. Additionally, a novel anomaly detection model is proposed, which integrates multiple log features for improved detection accuracy. Experimental results on the HDFS (Hadoop Log File System) dataset demonstrate the method’s efficiency and effectiveness in processing massive log data.

Jakrarin Therdphapiyanak,Krerk Piromsopa

DOI: https://doi.org/10.1145/2448556.2448559

2013-01-01

Abstract:In this paper, we apply Hadoop for large-scale log analysis. Our main objective is to efficiently detect an abnormal traffic from high volume data. Due to the high volume of data traffics, the size of traffic logs is usually exceed the capacity of a standalone IDS. Thus, it is practically impossible to perform useful analysis with these data. In most cases, an analysis is usually done when an attack occurred for digital forensics. We proposed applying K-Means algorithm to cluster high volume log data. The resulted clusters are useful in classifying minority as possible intruders. In addition, we proposed IP address summarization method to capture the characteristic of each cluster. Our implementation allows high volume data traffics to be analyzed with a distributed analysis system using K-Means algorithm and data mining. The eventual result is to reduce a chance of being attacked. The prominent points of our implementation are anomaly detection with large file sizes and the distributed processing. However, this paper is just a preliminary study. There exist several opportunities for optimization. Nonetheless, our implementation can point out anomaly. The K-Means Algorithm can provide a new knowledge useful for enhancing security of the system.

Tang Jingwen,Chen Weimin,Zhang Min,Peng Kaikang,Lai Chaohao,Fu Kai

DOI: https://doi.org/10.1109/ICDSCA56264.2022.9988620

2022-01-01

Abstract:In view of the low computational efficiency of traditional log data analysis technology in processing large amounts of data, this paper proposes a set of log data analysis solutions based on big data technology. A parallel log analysis tool is designed on the Hadoop open source framework, and the anomaly detection of log data is implemented using the MapReduce model. Through experimental demonstration, when analyzing massive log data, the use of big data technology can significantly improve the execution efficiency of anomaly detection.

ZHANG Yi-fan,DONG Xiao-ju

DOI: https://doi.org/10.11959/j.issn.2096-109x.2017.00135

2017-01-01

Abstract:Firstly, the IP address of the Web log were visualized, and an integral system was presented by using proper visualization methods. Secondly, the whole system was related to the IP address, containing source IP address, target IP address and their relationship respectively. It provided users with different views of data, which could show more details and undetected relations among massive data. Besides, some interactions were added into the system, which made it more effective and useful. Finally, it ended up with the comparison of the systems when loading data with the DDoS attack and without it. It made much sense in the application field.

XIE Tian-yu,CAO Qi-ying

2012-01-01

Abstract:A Distributed Intrusion Detection System based on hadoop cluster is presented.The System is implemented with distributed data collecting,distributed data storage and distributed data analysis.It can overcome the problem of single point invalidation and the limitation of data processing capability.

Dunhong Yao,Yu Chen

DOI: https://doi.org/10.32604/JIHPP.2020.010223

2020-01-01

Abstract:With the rapid development of the Internet, many enterprises have launched their network platforms. When users browse, search, and click the products of these platforms, most platforms will keep records of these network behaviors, these records are often heterogeneous, and it is called log data. To effectively to analyze and manage these heterogeneous log data, so that enterprises can grasp the behavior characteristics of their platform users in time, to realize targeted recommendation of users, increase the sales volume of enterprises’ products, and accelerate the development of enterprises. Firstly, we follow the process of big data collection, storage, analysis, and visualization to design the system, then, we adopt HDFS storage technology, Yarn resource management technology, and gink load balancing technology to build a Hadoop cluster to process the log data, and adopt MapReduce processing technology and data warehouse hive technology analyze the log data to obtain the results. Finally, the obtained results are displayed visually, and a log data analysis system is successfully constructed. It has been proved by practice that the system effectively realizes the collection, analysis and visualization of log data, and can accurately realize the recommendation of products by enterprises. The system is stable and effective.

Xiuqin Lin,Peng Wang,Bin Wu

DOI: https://doi.org/10.1109/icbnmt.2013.6823956

2013-11-01

Abstract:Log is the main source of the system operation status, user behavior analysis etc. Log analysis system needs not only the massive and stable data processing ability but also the adaptation to a variety of scenarios under the requirement of efficiency, which can't be achieved from standalone analysis tools or even single cloud computing framework. We present a unified cloud platform for batch log data analysis with the combination of Hadoop and Spark. Hadoop provides a distributed file system and off-line batch computing framework, while the computing pattern in Spark is based on distributed memory. The joint of Hadoop, Spark and the data warehouse and analysis tools of Hive and Shark makes it possible to provide a unified cloud platform with batch analysis and in-memory computing capacity in order to process log in a high available, stable and efficient way.

Xia Xie,Jinpeng Li,Xiaoyang Hu,Hai Jin,Hanhua Chen,Xiaojing Ma,Hong Huang

DOI: https://doi.org/10.1007/978-3-030-30709-7_11

2019-01-01

Abstract:Nowadays, web servers often face the threat of distributed denial of service attacks and their intrusion prevention systems cannot detect those attacks effectively. Many existing intrusion prevention systems detect attacks by the state of per-flow and current processing speed cannot fulfill the requirements of real-time detection due to the high speed traffic. In this paper, we propose a powerful system TreeSketchShield which can improve sketch data structure and detect attacks quickly. First, we discuss a novel structure TreeSketch to obtain statistics of network flow, which utilizes the stepped structure of binary tree to map the distribution and reduces the complexity of the statistic calculation. Second, we present a two-level detection scheme that could make a compromise between the detection speed and detection accuracy. Experimental results show that our method can process more than 100,000 records per second. The false alarm rate can achieve 2% to 25% performance improvement.

Jiuyuan Huo,Jian Weng,Hong Qu

DOI: https://doi.org/10.1145/3318265.3318281

2019-03-08

Abstract:Log analysis is an important method to reflect the running status and user behavior of the network system, and is also an important way to ensure network security. In view of the fact that the storage or calculation of log data by a single host can not meet the requirements of large-scale data analysis, this paper proposes a clustering method of big data based on Map/Reduce distributed computing framework for Web logs. The experiments are taken on the Hadoop platform. The relations and rules that exist in the logs are examined and analyzed to obtain the potential information. This method can enable efficient storage, management, and mining analysis for the large-scale Web logs.

ZHANG Si-yu,JIANG Kai-da,WEI Jian-wen,LUO Xuan,WANG Hai-yang

DOI: https://doi.org/10.3969/j.issn.1000-436x.2014.z1.004

2014-01-01

Abstract:With the rapid expansion of network bandwidth, devices and applications, log management is facing the chal-lenge of exploding data volumes. Log analysis platform built on SQL-on-Hadoop is capable of storing and querying hun-dreds of billions of log entries effectively. Columnar and compressed data formats for Hadoop are benchmarked with real-world multi-TB dataset. Conditional and statistical querying efficiency of Hive and Impala is tested. With gzipped parquet format, log data can be compressed by 80%, and querying with impala is 5 times faster. On this platform, six se-curity incident analysis and detection applications are already deployed.

Jia Zhanpei,Shen Chao,Yi Xiao,Chen Yufei,Yu Tianwen,Guan Xiaohong

DOI: https://doi.org/10.1109/coase.2017.8256257

2017-01-01

CASE

Abstract:Log data are important audit basis to record routine events occurring on computer or network system, which are also critical data source for detecting system anomalies. By analyzing the data from multi-source logs, it is helpful to detect abnormal system behaviors and discover intruder attacks in real time. In this paper, a Spark-based log data security platform is designed and built to analyze the large-scale log data and detect abnormal network behaviors. By integrating data mining, machine learning, and statistical analysis technologies, our proposed framework can quickly analyze large-scale multi-source log data and accurately discriminate the abnormal behaviors. Furthermore, the association analysis is applied to detect abnormal behaviors or potential threats in the system. Under a real-world network environment, extensive experiments are conducted to evaluate the system performance, which can achieve a fast and accurate detection for abnormal network behaviors, and significantly improve the accuracies under various types of network attack scenarios.

Yinan Jing,Jingtao Li,Xueping Wang,Xiaochun Xiao,Gendu Zhang

DOI: https://doi.org/10.1109/aina.2006.22

2006-01-01

Abstract:Distributed denial-of-service attacks have become the major threat to Internet today. IP traceback is one of the most effective techniques to defeat these attacks by identifying attack sources even in the presence of IP spoofing. Because of low marking packet utilization, the convergence time of traditional probabilistic packet marking (PPM) schemes is still too long. In order to shorten the convergence time, a distributedlog- based IP traceback scheme is proposed. Theoretical analysis and simulation results show that this scheme not only can converge more quickly than previous PPM schemes, but also has much less log overhead than other log-based schemes.

Kai Bu,Zhixin Sun

DOI: https://doi.org/10.1109/ICYCS.2008.324

2008-01-01

Abstract:The emergence of Distributed Denial of Service (DDoS) attack increases the destructive force of Denial of Service (DoS) attack drastically. Besides bringing more terrible threats, the attack from far and near and the employment of internet protocol (IP) spoofing make the abnormal traffic detection harder and harder. This paper proposes a mechanism defined as AMHI (Address Matching and Hash Inspection) and a method based on it for DDoS attacks detection and defense. Through the simulation experiment, the Address Matching and backup Hash Inspection operations to the suspicious traffic implemented on router interface for local subnet can detect and defend DDoS attacks effectively even when using IP Spoofing. In addition, this method can also decrease a mass of statistical work for the routers, and to some extent ease the pressure of heavy traffic caused by attacks.

Galip Aydin,Ibrahim Riza Hallac

DOI: https://doi.org/10.48550/arXiv.1802.03589

2018-02-10

Distributed, Parallel, and Cluster Computing

Abstract:In this paper we describe our work on designing a web based, distributed data analysis system based on the popular MapReduce framework deployed on a small cloud; developed specifically for analyzing web server logs. The log analysis system consists of several cluster nodes, it splits the large log files on a distributed file system and quickly processes them using MapReduce programming model. The cluster is created using an open source cloud infrastructure, which allows us to easily expand the computational power by adding new nodes. This gives us the ability to automatically resize the cluster according to the data analysis requirements. We implemented MapReduce programs for basic log analysis needs like frequency analysis, error detection, busy hour detection etc. as well as more complex analyses which require running several jobs. The system can automatically identify and analyze several web server log types such as Apache, IIS, Squid etc. We use open source projects for creating the cloud infrastructure and running MapReduce jobs.

Xi Ling,Jiongchi Yu,Ziming Zhao,Zhihao Zhou,Haitao Xu,Binbin Chen,Fan Zhang

DOI: https://doi.org/10.1007/978-3-031-54773-7_12

2024-01-01

Abstract:With the proliferation of Internet development, Distributed Denial of Service (DDoS) attacks are on the rise. As rule-based traffic analysis frameworks and Deep Packet Inspection (DPI) defense measures can effectively thwart many DDoS attacks, attackers keep exploring various attack surfaces and traffic amplification strategies to nullify the defense. In this paper, we propose DDoSMiner, an automated framework for DDoS attack characterization and vulnerability mining. DDoSMiner analyzes system call patterns of the TCP-based DDoS attack family, then generates Attack Call Flow Graph (ACFG) by discerning the differences between DDoS attack traffic and benign traffic. Furthermore, DDoSMiner identifies and extracts drop nodes and pivotal TCP states from the distinctive characteristics of attack traffic, then passes to the symbolic execution framework for exploring variants of the DDoS attack. We collectively analyze six types of TCP-based DDoS attacks, construct the corresponding ACFG, and identify a set of attack traffic variants. The attack traffic variants are evaluated on the widely used Network Intrusion Detection System (NIDS) Snort with three popular rule sets. The result shows that DDoSMiner indeed discovers the new DDoS attack trace, and the corresponding attack traffic can bypass all three defense toolkits.

Baojun Zhou,Jie Li,Jinsong Wu,Song Guo,Yu Gu,Zhetao Li

DOI: https://doi.org/10.1109/icc.2018.8422327

2018-01-01

Abstract:In order to cope with the increasing number of cyber attacks, network operators must monitor the whole network situations in real time. Traditional network monitoring method that usually works on a single machine, however, is no longer suitable for the huge traffic data nowadays due to its poor processing ability. In this paper, we propose a machine-learning based online Internet traffic monitoring system using Spark Streaming, a stream- processing-based big data framework, to detect DDoS attacks in real time. The system consists of three parts, collector, messaging system and stream processor. We use a correlation-based feature selection method and choose 4 most necessary network features in our machine- learning-based DDoS detection algorithm. We verify the result of feature selection method by a comparative experiment and compare the detection accuracy of 3 machine learning methods - Naïve Bayes, Logistic Regression and Decision Tree. Finally, we conduct experiments in a cluster with the standalone mode, showing that our system can detect 3 typical DDoS attacks - TCP flooding, UDP flooding and ICMP flooding at the accuracy of more than 99.3%. It also shows the system performs well even for large Internet traffic.

仇李寅,邱卫东,苏芊,廖凌

DOI: https://doi.org/10.3969/j.issn.1009-8054.2011.11.028

2011-01-01

Abstract:The development of the Internet makes computing-intensive tasks gradually move toward distributed and cloud computing. This paper discusses the Hadoop project,including MapReduce and HDFS,and with HDFS as the underlying distributed file system and MapReduce as the programming framework Hash algorithm is implemented. By analyzing the test results of the tasks running in Hadoop cluster,Hash function tasks running in Hadoop cluster is finally achieved,thus realizing computing load-sharing and total time-consuming reduction. Hadoop-based cloud computing platform is of good reliability and scalability. The implementation and test of hash algorithm on Hadoop could provide an excellent foundation for the future research of distributed password recovery system.

Li Yurong,Yang Shuqiang,Jia Yan,Zhou Bin,Fan Yu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.07.036

2006-01-01

Abstract:After analyzing the requirements of large-scale system on log service,this paper presents a method to design and implement a distributed log service based on distributed object technology.On the base of analyzing the characteristics of distributed system,this paper points out several key technology of distributed log service,including:design of architecture,file buffering and transferring,clock synchronization,distributed debugging and log alarming,etc.This method can greatly simplify the development,maintenance and debugging of distributed systems,can give an insight about the status of system by analyzing these logs,and can be widely applied to distributed system.