Yun Gao,Xiao Fu,Bin Luo,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1109/glocom.2014.7417387

2015-01-01

Abstract:Nowadays Hadoop is popular among businesses and individuals for its low costs, convenience, and fast speed. However, this also makes it the goal of data leakage attacks as sensitive data stored with an HDFS infrastructure grows rapidly. Therefore, it is important to investigate such attacks in Hadoop. Several works have been done on improving the security of Hadoop, but hardly any have been done on data leakage investigation. This paper presents a typical data leakage attack scene in Hadoop and proposes Haddle (Hadoop Data Leakage Explorer), a forensic framework composed of automatic analytical methods and on-demand data collection based on two stages. With the assistance of Haddle, investigators can find the stolen data, find the perpetrator who stole the data, and reconstruct the crime scene. Also, Haddle can help improve the audit mechanism of Hadoop.

Yunliang Jiang,Jiangang Yang,Liang Tang,Yong Liu,Xiaoming Zhao,Xiulan Hao

DOI: https://doi.org/10.1007/978-3-662-48247-6_23

2015-01-01

Abstract:Because of the popularity of mobile phone and the development of mobile network, mobile data is growing explosively. Mobile data mining is more and more of attention. But single node-based data mining platform has been unable to store and analysis the massive data. According to cloud computing technology, we preset a distributed data mining framework based on Hadoop. Then, we present the implementation of this system framework and process mobile internet access log on the Hadoop cluster. Comparative tests will show that this distributed system framework is significantly efficient for processing huge scale dataset.

Xiao Fu,Yun Gao,Bin Luo,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1109/mnet.2017.1500095nm

IF: 10.294

2017-01-01

IEEE Network

Abstract:As one of the most popular platforms for processing Big Data, Hadoop has low costs, convenience, and fast speed. However, it is also a significant target of data leakage attacks, as a growing number of businesses and individuals store and process their private data in it. How to investigate data leakage attacks in Hadoop is an important but long-neglected issue. This article first presents some possible data leakage attacks in Hadoop. Then an investigation framework is proposed and tested based on some simulated cases.

Jiayin Wang,Teng Wang,Zhengyu Yang,Ying Mao,Ningfang Mi,Bo Sheng

DOI: https://doi.org/10.1109/iccnc.2017.7876183

2017-01-01

Abstract:Big data processing frameworks such as Hadoop [1] are now widely adopted, however the security issues in large scale systems have not been well studied yet. Unlike prior work on data privacy and protection, this paper investigates a potential attack from a compromised internal node against the overall system performance. We develop an effective attack launched from the compromised node that can significantly degrade the data processing performance of the cluster without being detected and blacklisted for job execution, also present a mitigation scheme that protects a Hadoop system from such attack. The results of experiments show that this attack greatly slows down the job executions in the native Hadoop system even with some basic defense mechanisms, however, our mitigation schem can keep the whole cluster running efficiently under such attack.

Hao Zhu,Haopeng Chen

DOI: https://doi.org/10.1109/apscc.2011.46

2011-01-01

Abstract:Hadoop has become one popular framework to process massive data sets in a large scale cluster. However, it is observed that the detection of the failed worker is delayed, which may result in a significant increase in the completion time of jobs with different workload. To cope with it, we present two mechanisms: Adaptive interval and Reputation-based Detector that support Hadoop to detect the failed worker in the shortest time. The Adaptive interval is trying to dynamically configure the expiration time which is adaptive to the job size. The Reputation-based Detector is trying to evaluate the reputation of each worker. Once the reputation of a worker is lower than a threshold, then the worker will be considered as a failed worker. In our experiments, we demonstrate that both of these strategies have achieved great improvement in the detection of the failed worker. Specifically, the Adaptive interval has a relatively better performance with small jobs, while the Reputation-based Detector is more suitable for large jobs.

Kejiang Ye,Xiaohong Jiang,Yanzhang He,Xiang Li,Haiming Yan,Peng Huang

DOI: https://doi.org/10.1109/clusterw.2012.32

2012-01-01

Abstract:Big data processing is currently becoming increasingly important in modern era due to the continuous growth of the amount of data generated by various fields such as particle physics, human genomics, earth observation, etc. However, the efficiency of processing large-scale data on modern virtual infrastructure, especially on the virtualized cloud computing infrastructure, is not clear. This paper focuses on the performance of hadoop virtual cluster and proposes a scalable hadoop virtual cluster platform vHadoop for the large-scale MapReduce-based parallel data processing. We first describe the design and implementation of vHadoop platform. Then we perform a series of experiments to investigate both the static and dynamic performance of vHadoop platform, such as the performance characterization of cross-domain hadoop virtual cluster and live migraiton of hadoop virtual cluster. After that, we use the vHadoop platform to process 6 typical parallel clustering algorithms, such as Canopy, Dirichlet, Fuzzy k-Means, k-Means, Mean Shift, MinHash, etc, on two typical datasets. Experimental results verify the efficiency of vHadoop platform to process the MapReduce-based parallel machine learning applications.

Jiaqi Zhao,Lizhe Wang,Jie Tao,Jinjun Chen,Weiye Sun,Rajiv Ranjan,Joanna Kołodziej,Achim Streit,Dimitrios Georgakopoulos

DOI: https://doi.org/10.1016/j.jcss.2014.02.006

IF: 1.043

2014-08-01

Journal of Computer and System Sciences

Abstract:MapReduce is regarded as an adequate programming model for large-scale data-intensive applications. The Hadoop framework is a well-known MapReduce implementation that runs the MapReduce tasks on a cluster system. G-Hadoop is an extension of the Hadoop MapReduce framework with the functionality of allowing the MapReduce tasks to run on multiple clusters. However, G-Hadoop simply reuses the user authentication and job submission mechanism of Hadoop, which is designed for a single cluster. This work proposes a new security model for G-Hadoop. The security model is based on several security solutions such as public key cryptography and the SSL protocol, and is dedicatedly designed for distributed environments. This security framework simplifies the users authentication and job submission process of the current G-Hadoop implementation with a single-sign-on approach. In addition, the designed security framework provides a number of different security mechanisms to protect the G-Hadoop system from traditional attacks.

computer science, theory & methods, hardware & architecture

Lijing Cheng,Qingni Shen,Chuntao Dong

DOI: https://doi.org/10.1109/ICC.2018.8422331

2018-01-01

Abstract:In distributed computing platform, it's possible to occur unexpected job failure. Normally, the system performance will not be affected obviously. But, in Hadoop YARN, we find Invader Job, a kind of inappropriate user-definable parameter caused malicious failure job, may cut down the system performance greatly. In this paper, we find in Hadoop YARN, there are two vulnerabilities that can be used to construct invader job. First, it's easy to cause job failure by modifying the user-definable parameters inappropriately. Second, YARN doesn't check on the job before execution, and also doesn't check the failure reason before re-attempt. So that, invader job could fail as much as possible to occupy the scheduling resource over and over again. Thus, we propose a detection framework called InTect which employs SVM to predict invader jobs. Finally, we verify our findings using the cluster of our lab and Amazon EMR respectively. As a result, the cluster performance degrades 4 times than normal case. Moreover, the recall rate of our detection framework is more than 90%, which means the SVM model has a good discrimination for invader jobs.

XIE Tian-yu,CAO Qi-ying

2012-01-01

Abstract:A Distributed Intrusion Detection System based on hadoop cluster is presented.The System is implemented with distributed data collecting,distributed data storage and distributed data analysis.It can overcome the problem of single point invalidation and the limitation of data processing capability.

Yuxia Cheng,Qing Wu,Wenzhi Chen,Bei Wang

DOI: https://doi.org/10.1016/j.jpdc.2018.07.014

IF: 4.542

2018-01-01

Journal of Parallel and Distributed Computing

Abstract:Transmissible cyber threats have become one of the most serious security issues in cyberspace. Many techniques have been proposed to model, simulate and identify threats’ sources and their propagation in large-scale distributed networks. Most techniques are based on the analysis of real networks dataset that contains sensitive information. Traditional in-memory analysis of these dataset often causes data leakage due to system vulnerabilities. If the dataset itself is compromised by adversaries, this threat cost would be even higher than the threat being analysed. In this paper, we propose a new distributed shielded execution framework (Disef) for cyber threats analysis. The Disef framework enables efficient distributed analysis of network dataset while achieves security guarantees of data confidentiality and integrity. In-memory dataset is protected by using a new encrypted key–value format and could be efficiently transferred into Intel SGX enabled enclaves for shielded execution. Our experimental results showed that the proposed framework supports secure in-memory analysis of large network dataset and has comparable performance with systems that have no confidentiality and integrity guarantees.

Amr M Sauber,Ahmed Awad,Amr F Shawish,Passent M El-Kafrawy

DOI: https://doi.org/10.1155/2021/5753948

2021-07-08

Abstract:With the daily increase of data production and collection, Hadoop is a platform for processing big data on a distributed system. A master node globally manages running jobs, whereas worker nodes process partitions of the data locally. Hadoop uses MapReduce as an effective computing model. However, Hadoop experiences a high level of security vulnerability over hybrid and public clouds. Specially, several workers can fake results without actually processing their portions of the data. Several redundancy-based approaches have been proposed to counteract this risk. A replication mechanism is used to duplicate all or some of the tasks over multiple workers (nodes). A drawback of such approaches is that they generate a high overhead over the cluster. Additionally, malicious workers can behave well for a long period of time and attack later. This paper presents a novel model to enhance the security of the cloud environment against untrusted workers. A new component called malicious workers' trap (MWT) is developed to run on the master node to detect malicious (noncollusive and collusive) workers as they convert and attack the system. An implementation to test the proposed model and to analyze the performance of the system shows that the proposed model can accurately detect malicious workers with minor processing overhead compared to vanilla MapReduce and Verifiable MapReduce (V-MR) model [1]. In addition, MWT maintains a balance between the security and usability of the Hadoop cluster.

Hongsong Chen,Zhongchuan Fu

DOI: https://doi.org/10.1155/2015/852173

2015-01-01

Mobile Information Systems

Abstract:Human health information from healthcare system can provide important diagnosis data and reference to doctors. However, continuous monitoring and security storage of human health data are challenging personal privacy and big data storage. To build secure and efficient healthcare application, Hadoop-based healthcare security communication system is proposed. In wireless biosensor network, authentication and key transfer should be lightweight. An ECC (Elliptic Curve Cryptography) based lightweight digital signature and key transmission method are proposed to provide wireless secure communication in healthcare information system. Sunspot wireless sensor nodes are used to build healthcare secure communication network; wireless nodes and base station are assigned different tasks to achieve secure communication goal in healthcare information system. Mysql database is used to store Sunspot security entity table and measure entity table. Hadoop is used to backup and audit the Sunspot security entity table. Sqoop tool is used to import/export data between Mysql database and HDFS (Hadoop distributed file system). Ganglia is used to monitor and measure the performance of Hadoop cluster. Simulation results show that the Hadoop-based healthcare architecture and wireless security communication method are highly effective to build a wireless healthcare information system.

computer science, information systems,telecommunications

Tong Hui,Yahui Yang,Qingni Shen,Zhonghai Wu

DOI: https://doi.org/10.1109/ICC.2018.8422440

2018-01-01

Abstract:In order to better serve users, several location-based services rely on the real-time spatio-temporal information. Existing location privacy-preserving methods traverse the whole dataset to anonymize k locations together, and do not utilize parallel computing technology. The anonymization for big volume of location data may result in huge computing cost. We propose a new method called Never Wait for Long (NW4L), which protects the privacy of big-volume location data in parallel and real-time. Instead of linear structure, a k-d tree structure is adopted for the nearest location search to speed up computation. To further improve efficiency, locations are pre-classified in several groups, so that each group can be anonymized in parallel with support from the distributed stream computation framework. In this paper, we implemented NW4L based on Spark and used real-world dataset for performance evaluation. Experimental results show that 100,000 location samples can be processed in 2 minutes, which is feasible for real-time computation.

Kaihe Xu,Hao Yue,Linke Guo,Yuanxiong Guo,Yuguang Fang

DOI: https://doi.org/10.1109/icdcs.2015.40

2015-06-01

Abstract:Machine learning has played an increasing important role in big data systems due to its capability of efficiently discovering valuable knowledge and hidden information. Often times big data such as healthcare systems or financial systems may involve with multiple organizations who may have different privacy policy, and may not explicitly share their data publicly while joint data processing may be a must. Thus, how to share big data among distributed data processing entities while mitigating privacy concerns becomes a challenging problem. Traditional methods rely on cryptographic tools and/or randomization to preserve privacy. Unfortunately, this alone may be inadequate for the emerging big data systems because they are mainly designed for traditional small-scale data sets. In this paper, we propose a novel framework to achieve privacy-preserving machine learning where the training data are distributed and each shared data portion is of large volume. Specifically, we utilize the data locality property of Apache Hadoop architecture and only a limited number of cryptographic operations at the Reduce() procedures to achieve privacy-preservation. We show that the proposed scheme is secure in the semi-honest model and use extensive simulations to demonstrate its scalability and correctness.

Shisong Wu,Zhaojie Dong

DOI: https://doi.org/10.1155/2022/5165718

2022-01-19

Scientific Programming

Abstract:Aiming at the problems of low security, high occupancy rate, and long response time in the current power intelligent customer service assistant decision-making system, a power intelligent customer service assistant decision-making system based on the Hadoop big data framework is designed. By analyzing the Hadoop big data framework, according to the characteristics and core elements of the HDFS distributed file system, the MapReduce programming model, and the data mining algorithm, the basic process of power intelligent customer service assistance decision-making is established. We analyze the overall and functional requirements of the system, design the overall architecture and application architecture of the system, design the E-R diagram and table structure of the database according to the database design principle, and realize the design of power intelligent customer service auxiliary decision-making system based on Hadoop big data framework. The test results show that the proposed method has high system security and low system occupancy and can effectively shorten the system response time. The systems run more flawlessly as compared to the existing methods and give impressing results with lesser CPU utilization. The response time was recorded to be about 12.2 seconds for 1000 power intelligent customer servers, which is much lower than that of the competitors.

computer science, software engineering

Mansaf Alam,Shuchi Sethi

DOI: https://doi.org/10.48550/arXiv.1504.03539

2015-04-14

Distributed, Parallel, and Cluster Computing

Abstract:Recent research shows that colluded malware in different VMs sharing a single physical host may use a resource as a channel to leak critical information. Covert channels employ time or storage characteristics to transmit confidential information to attackers leaving no trail.These channels were not meant for communication and hence control mechanisms do not exist. This means these remain undetected by traditional security measures employed in firewalls etc in a network. The comprehensive survey to address the issue highlights that accurate methods for fast detection in cloud are very expensive in terms of storage and processing. The proposed framework builds signature by extracting features which accurately classify the regular from covert traffic in cloud and estimates difference in distribution of data under analysis by means of scores. It then adds context to the signature and finally using machine learning (Support Vector Machines),a model is built and trained for deploying in cloud. The results show that the framework proposed is high in accuracy while being low cost and robust as it is tested after adding noise which is likely to exist in public cloud environments.

Santosh Aditham,Nagarajan Ranganathan,Srinivas Katkoori

DOI: https://doi.org/10.48550/arXiv.1611.07392

2016-11-22

Cryptography and Security

Abstract:Big data platforms such as Hadoop and Spark are being widely adopted both by academia and industry. In this paper, we propose a runtime intrusion detection technique that understands and works according to the properties of such distributed compute platforms. The proposed method is based on runtime analysis of system and library calls and memory access patterns of tasks running on the datanodes (slaves). First, the primary datanode of a big data system creates a behavior profile for every task it executes. A behavior profile includes (a) trace of the system & library calls made, and (b) sequence representing the sizes of private and shared memory accesses made during task execution. Then, the process behavior profile is shared with other replica datanodes that are scheduled to execute the same task on their copy of the same data. Next, these replica datanodes verify their local tasks with the help of the information embedded in the received behavior profiles. This is realized in two steps: (i) comparing the system & library calls metadata, and (ii) statistical matching of the memory access patterns. Finally, datanodes share their observations for consensus and report an intrusion to the namenode (master) if they find any discrepancy. The proposed solution was tested on a small hadoop cluster using the default MapReduce examples and the results show that our approach can detect insider attacks that cannot be detected with the traditional analysis metrics.

Wei Xu,Ling Huang,Armando Fox,David Patterson,Michael Jordan

DOI: https://doi.org/10.1109/icdm.2009.19

2009-01-01

Abstract:We describe a novel application of using data mining and statistical learning methods to automatically monitor and detect abnormal execution traces from console logs in an online setting. Different from existing solutions, we use a two stage detection system. The first stage uses frequent pattern mining and distribution estimation techniques to capture the dominant patterns (both frequent sequences and time duration). The second stage use principal component analysis based anomaly detection technique to identify actual problems. Using real system data from a 203-node Hadoop [1] cluster, we show that we can not only achieve highly accurate and fast problem detection, but also help operators better understand execution patterns in their system.

Wu Xin,Qingni Shen,Yahui Yang,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-73697-6_17

2017-01-01

Abstract:In order to ensure data security and monitor data behavior, eBay has developed Eagle, which can detect anomalous user behavior based on user profiles and can intelligently protect data security of Hadoop ecosystem in real-time. By analyzing the kernel density estimation (KDE) algorithm and source code implemented in Eagle, we recognize that there are two security risks: One is that user profiles are models of operations, but the objects of operations are not analyzed; The other is that the owner of HDFS audit log files is not authenticated. Consequently, the attacker can bypass Eagle and form attack of APT combined with default permissions of Hadoop. In this paper, we analyze the two risks of Eagle, propose two kinds of attack methods that can bypass anomaly detection of Eagle: co-frequency operation attack and log injection attack, and establish threat model of which feasibility is verified experimentally. Finally, we present SeEagle, a semantic-enhanced anomaly detection for securing Eagle, including user authentication and file tagging modules. Our preliminary experimental evaluation shows that SeEagle works well and extra overhead is acceptable.

Wenting Li,Qingni Shen,Chuntao Dong,Yahui Yang,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-54433-5_9

2017-01-01

Abstract:Hadoop serves as an essential tool in the rise of big data, it has insufficient security model. The internal attacks can bypass current Hadoop security mechanism, and compromised Hadoop components can be used to threaten overall Hadoop. This paper studies the vulnerabilities of Health Check Service in Hadoop/YARN and the threat of denial-of-service to a YARN cluster with multi-tenancy. We use theoretical analysis and numerical simulations to demonstrate the effectiveness of this DDoS attack based on health check service (DDHCS). Our experiments show that DDHCS is capable of causing significant impacts on the performance of a YARN cluster in terms of high attack broadness (averagely 85.6%), high attack strength (more than 80%). In addition, we developed a security enhancement for YARN, named SEYARN. We have implemented the SEYARN model, and demonstrated that SEYARN fixes the above vulnerabilities with extending 95% accuracy and minimal run-time overhead, and effectively resists related attacks.