Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Hao Zhu,Haopeng Chen

DOI: https://doi.org/10.1109/apscc.2011.46

2011-01-01

Abstract:Hadoop has become one popular framework to process massive data sets in a large scale cluster. However, it is observed that the detection of the failed worker is delayed, which may result in a significant increase in the completion time of jobs with different workload. To cope with it, we present two mechanisms: Adaptive interval and Reputation-based Detector that support Hadoop to detect the failed worker in the shortest time. The Adaptive interval is trying to dynamically configure the expiration time which is adaptive to the job size. The Reputation-based Detector is trying to evaluate the reputation of each worker. Once the reputation of a worker is lower than a threshold, then the worker will be considered as a failed worker. In our experiments, we demonstrate that both of these strategies have achieved great improvement in the detection of the failed worker. Specifically, the Adaptive interval has a relatively better performance with small jobs, while the Reputation-based Detector is more suitable for large jobs.

Lu Lv,Wenhai Wang,Zeyin Zhang,Xinggao Liu

DOI: https://doi.org/10.1016/j.knosys.2020.105648

IF: 8.139

2020-01-01

Knowledge-Based Systems

Abstract:Intrusion detection is a challenging technology in the area of cyberspace security for protecting a system from malicious attacks. A novel accurate and effective misuse intrusion detection system that relies on specific attack signatures to distinguish between normal and malicious activities is therefore presented to detect various attacks based on an extreme learning machine with a hybrid kernel function (HKELM). First, the derivation and proof of the proposed hybrid kernel are given. A combination of the gravitational search algorithm (GSA) and differential evolution (DE) algorithm is employed to optimize the parameters of HKELM, which improves its global and local optimization abilities during prediction attacks. In addition, the kernel principal component analysis (KPCA) algorithm is introduced for dimensionality reduction and feature extraction of the intrusion detection data. Then, a novel intrusion detection approach, KPCA-DEGSA-HKELM, is obtained. The proposed approach is eventually applied to the classic benchmark KDD99 dataset, the real modern UNSW-NB15 dataset and the industrial intrusion detection dataset from the Tennessee Eastman process. The numerical results validate both the high accuracy and the time-saving benefit of the proposed approach.

Jiayin Wang,Teng Wang,Zhengyu Yang,Ying Mao,Ningfang Mi,Bo Sheng

DOI: https://doi.org/10.1109/iccnc.2017.7876183

2017-01-01

Abstract:Big data processing frameworks such as Hadoop [1] are now widely adopted, however the security issues in large scale systems have not been well studied yet. Unlike prior work on data privacy and protection, this paper investigates a potential attack from a compromised internal node against the overall system performance. We develop an effective attack launched from the compromised node that can significantly degrade the data processing performance of the cluster without being detected and blacklisted for job execution, also present a mitigation scheme that protects a Hadoop system from such attack. The results of experiments show that this attack greatly slows down the job executions in the native Hadoop system even with some basic defense mechanisms, however, our mitigation schem can keep the whole cluster running efficiently under such attack.

Tang Hongan,Li Ying,Wang Long,Gu Jing,Wu Zhonghai

DOI: https://doi.org/10.1109/compsac.2017.191

2017-01-01

Abstract:As the complex workload scheduling and resource allocating mechanism in big data system, programmers' configuration error is one of the most typical root causes of unsuccessful termination of jobs, which can result in performance deterioration, availability degradation, resource inefficiency and user unsatisfactory. In this paper, we propose an approach called SD-Predictor, to predict misconfiguration-induced unsuccessful executions of jobs combining static job configurations and dynamic runtime system state before scheduling and execution, so as to save computing resource and scheduling overheads in big data system. We implement and incorporate SD-Predictor with a popular scheduling framework YARN to optimize job scheduling so as to avoid negative impacts by misconfigured jobs. Moreover, we explore correlations between configurations and termination status of jobs and provide some recommendations for configuration optimization. The experiment results show that our approach performs at 78% of precision, 52% of recall and 2% of false positive rate in unsuccessful job prediction, with significantly better recall and false positive rate than related works.

Chuntao Dong,Qingni Shen,Wenting Li,Yahui Yang,Zhonghai Wu,Xiang Wan

DOI: https://doi.org/10.1007/978-3-319-29814-6_39

2015-01-01

Abstract:Hadoop has become increasingly popular as it rapidly processes big data in parallel, while security mechanisms have been introduced or studied for Hadoop. In addition, other security issues that should not be neglected still exist. Data leakage is one of the major security challenges. This paper studies the vulnerability of authorization mechanism of services in Hadoop and the threat of information leakage. Some authorization mechanism allow all users to access services by default, an adversary can utilize these services to collect information of other users. We design and implement Eavesdropper, a framework which utilizes k-means clustering to address the nodes that store the processed results. We conduct a comprehensive of experiments, which clearly demonstrate that our detection framework is capable of detecting the nodes that store the results.

Wenting Li,Qingni Shen,Chuntao Dong,Yahui Yang,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-54433-5_9

2017-01-01

Abstract:Hadoop serves as an essential tool in the rise of big data, it has insufficient security model. The internal attacks can bypass current Hadoop security mechanism, and compromised Hadoop components can be used to threaten overall Hadoop. This paper studies the vulnerabilities of Health Check Service in Hadoop/YARN and the threat of denial-of-service to a YARN cluster with multi-tenancy. We use theoretical analysis and numerical simulations to demonstrate the effectiveness of this DDoS attack based on health check service (DDHCS). Our experiments show that DDHCS is capable of causing significant impacts on the performance of a YARN cluster in terms of high attack broadness (averagely 85.6%), high attack strength (more than 80%). In addition, we developed a security enhancement for YARN, named SEYARN. We have implemented the SEYARN model, and demonstrated that SEYARN fixes the above vulnerabilities with extending 95% accuracy and minimal run-time overhead, and effectively resists related attacks.

Santosh Aditham,Nagarajan Ranganathan,Srinivas Katkoori

DOI: https://doi.org/10.48550/arXiv.1611.07392

2016-11-22

Cryptography and Security

Abstract:Big data platforms such as Hadoop and Spark are being widely adopted both by academia and industry. In this paper, we propose a runtime intrusion detection technique that understands and works according to the properties of such distributed compute platforms. The proposed method is based on runtime analysis of system and library calls and memory access patterns of tasks running on the datanodes (slaves). First, the primary datanode of a big data system creates a behavior profile for every task it executes. A behavior profile includes (a) trace of the system & library calls made, and (b) sequence representing the sizes of private and shared memory accesses made during task execution. Then, the process behavior profile is shared with other replica datanodes that are scheduled to execute the same task on their copy of the same data. Next, these replica datanodes verify their local tasks with the help of the information embedded in the received behavior profiles. This is realized in two steps: (i) comparing the system & library calls metadata, and (ii) statistical matching of the memory access patterns. Finally, datanodes share their observations for consensus and report an intrusion to the namenode (master) if they find any discrepancy. The proposed solution was tested on a small hadoop cluster using the default MapReduce examples and the results show that our approach can detect insider attacks that cannot be detected with the traditional analysis metrics.

Ying Zhao,Gang Wu

DOI: https://doi.org/10.1109/sose.2015.20

2015-01-01

Abstract:Apache Hadoop YARN is the next generation MapReduce, which is a data-computation framework consisting of the ResourceManager (RM) and per-node slave, the NodeManager (NM). YARN provides explicit support for programming model diversity, so multiple frameworks such as spark, storm can run as applications on YARN. Applications need to apply to ResourceManager for containers to run tasks. That is, applications should specify the amount of CPU and memory they need for each task. To avoid out-of-memory error, applications often apply more resources than they need. This makes resource utilization ratio low. In order to make better use of hardware resources and improve cluster efficiency, we present an elastic resource management approach, which can dynamically expand or shrink container's size to meet the actual resource needs of tasks. Our experimental results show that the approach can improve the performance of CPU intensive applications significantly by up to 1.5 times for single jobs and 1.3 times for multiple jobs and significantly improve the resource utilization.

Kejiang Ye,Xiaohong Jiang,Yanzhang He,Xiang Li,Haiming Yan,Peng Huang

DOI: https://doi.org/10.1109/clusterw.2012.32

2012-01-01

Abstract:Big data processing is currently becoming increasingly important in modern era due to the continuous growth of the amount of data generated by various fields such as particle physics, human genomics, earth observation, etc. However, the efficiency of processing large-scale data on modern virtual infrastructure, especially on the virtualized cloud computing infrastructure, is not clear. This paper focuses on the performance of hadoop virtual cluster and proposes a scalable hadoop virtual cluster platform vHadoop for the large-scale MapReduce-based parallel data processing. We first describe the design and implementation of vHadoop platform. Then we perform a series of experiments to investigate both the static and dynamic performance of vHadoop platform, such as the performance characterization of cross-domain hadoop virtual cluster and live migraiton of hadoop virtual cluster. After that, we use the vHadoop platform to process 6 typical parallel clustering algorithms, such as Canopy, Dirichlet, Fuzzy k-Means, k-Means, Mean Shift, MinHash, etc, on two typical datasets. Experimental results verify the efficiency of vHadoop platform to process the MapReduce-based parallel machine learning applications.

Amr M Sauber,Ahmed Awad,Amr F Shawish,Passent M El-Kafrawy

DOI: https://doi.org/10.1155/2021/5753948

2021-07-08

Abstract:With the daily increase of data production and collection, Hadoop is a platform for processing big data on a distributed system. A master node globally manages running jobs, whereas worker nodes process partitions of the data locally. Hadoop uses MapReduce as an effective computing model. However, Hadoop experiences a high level of security vulnerability over hybrid and public clouds. Specially, several workers can fake results without actually processing their portions of the data. Several redundancy-based approaches have been proposed to counteract this risk. A replication mechanism is used to duplicate all or some of the tasks over multiple workers (nodes). A drawback of such approaches is that they generate a high overhead over the cluster. Additionally, malicious workers can behave well for a long period of time and attack later. This paper presents a novel model to enhance the security of the cloud environment against untrusted workers. A new component called malicious workers' trap (MWT) is developed to run on the master node to detect malicious (noncollusive and collusive) workers as they convert and attack the system. An implementation to test the proposed model and to analyze the performance of the system shows that the proposed model can accurately detect malicious workers with minor processing overhead compared to vanilla MapReduce and Verifiable MapReduce (V-MR) model [1]. In addition, MWT maintains a balance between the security and usability of the Hadoop cluster.

Chuntao Dong,Wenting Li,Qingni Shen,Zhonghai Wu

2015-01-01

Abstract:Hadoop 2.0 proposes a new resource management system, named as YARN, which can support a variety of big data computing frameworks(such as MapReduce, Storm, Spark, etc.). YARN has become the current mainstream computing framework to deploy large data platform for many internet corporations(e.g. Alibaba Group, Tencent, etc.). Therefore, this paper analyzes the basic structure and the working lfow of the YARN framework, then focuses on its resource scheduling mechanisms used in the ResourceManager, including its resource management model, management mechanisms and vulnerabilities, and the implemented resource schedulers, the Capacity Scheduler and Fair Scheduler. Final y it also discusses the next generation of Omega scheduler.

Tang Hongyan,Li Ying,Jia Tong,Wu Zhonghai

DOI: https://doi.org/10.1109/qrs.2016.11

2016-01-01

Abstract:Motivated by frequent failures in cloud computing systems, we analyze failure frequency and failure continuity of tasks from the Google cloud cluster, and find what we call killer tasks that suffer from frequent failures and repeated rescheduling. Killer tasks cause unnecessary resource wasting and significant increase of scheduling workloads, which can be a big concern in cloud systems. We aim to recognize killer tasks at the very early stage of their occurrence so that they can be addressed proactively instead of being rescheduled repeatedly, so as to promote reliability and save resources. To recognize killer tasks from a large amount of tasks in real time is really challenging. In this paper, we first investigate characteristics and behavior patterns of killer tasks and then develop two machine learning based methods, K-HUNTER and C-HUNTER, for online recognition of killer tasks. The empirical results show that our approach performs at 97% of precision in recognizing killer tasks with an 89% timing advance and 88% of resource saving for the cloud system on average.

Xue Ouyang,Changjian Wang,Renyu Yang,Guogui Yang,Paul Townend,Jie Xu

DOI: https://doi.org/10.1109/icpads.2017.00021

2017-01-01

Abstract:Current Cloud clusters often consist of heterogeneous machine nodes, which can trigger performance challenges such as the task straggler problem, whereby a small subset of parallel tasks running abnormally slower than the other sibling ones. The straggler problem leads to extended job response and deteriorates system throughput. Poor performance nodes are more likely to engender stragglers, and can undermine straggler mitigation effectiveness. For example, as the dominant mechanism for straggler alleviation, speculative execution functions by creating redundant task replicas on other machine nodes as soon as a straggler is detected. When speculative copies are assigned onto the poor performance nodes, it is hard for them to catch up with the stragglers compared to replicas run on fast nodes. And due to the fact that the performance heterogeneity is caused not only by static attribute variations such as physical capacity, but also dynamic characteristic uctuations such as contention level, analyzing node performance is important yet challenging. In this paper we develop ML-NA, a Machine Learning based Node performance Analyzer. By leveraging historical parallel tasks execution log data, ML-NA classies cluster nodes into different categories and predicts their performance in the near future as a scheduling guide to improve speculation effectiveness and minimize task straggler generation. We consider MapReduce as a representative framework to perform our analysis, and use the published OpenCloud trace as a case study to train and to evaluate our model. Results show that ML-NA can predict node performance categories with an average accuracy up to 92.86%.

Hongyan Tang,Ying Li,Tong Jia,Xiaoyong Yuan,Zhonghai Wu

DOI: https://doi.org/10.4018/IJDST.2018010102

2018-01-01

Abstract:AbstractTo better understand task failures in cloud computing systems, the authors analyze failure frequency of tasks based on Google cluster dataset, and find some frequently failing tasks that suffer from long-term failures and repeated rescheduling, which are called killer tasks as they can be a big concern of cloud systems. Hence there is a need to analyze killer tasks thoroughly and recognize them precisely. In this article, the authors first investigate resource usage pattern of killer tasks and analyze rescheduling strategies of killer tasks in Google cluster to find that repeated rescheduling causes large amount of resource wasting. Based on the above observations, they then propose an online killer task recognition service to recognize killer tasks at the very early stage of their occurrence so as to avoid unnecessary resource wasting. The experiment results show that the proposed service performs a 93.6% accuracy in recognizing killer tasks with an 87% timing advance and 86.6% resource saving for the cloud system averagely.

Francesco Antici,Andrea Borghesi,Zeynep Kiziltan

DOI: https://doi.org/10.48550/arXiv.2308.15481

2023-06-30

Abstract:Modern High Performance Computing (HPC) systems are complex machines, with major impacts on economy and society. Along with their computational capability, their energy consumption is also steadily raising, representing a critical issue given the ongoing environmental and energetic crisis. Therefore, developing strategies to optimize HPC system management has paramount importance, both to guarantee top-tier performance and to improve energy efficiency. One strategy is to act at the workload level and highlight the jobs that are most likely to fail, prior to their execution on the system. Jobs failing during their execution unnecessarily occupy resources which could delay other jobs, adversely affecting the system performance and energy consumption. In this paper, we study job failure prediction at submit-time using classical machine learning algorithms. Our novelty lies in (i) the combination of these algorithms with Natural Language Processing (NLP) tools to represent jobs and (ii) the design of the approach to work in an online fashion in a real system. The study is based on a dataset extracted from a production machine hosted at the HPC centre CINECA in Italy. Experimental results show that our approach is promising.

Distributed, Parallel, and Cluster Computing,Artificial Intelligence,Machine Learning

S. Suganya,S. Selvamuthukumaran

DOI: https://doi.org/10.3233/jifs-233579

2023-08-05

Abstract:Hadoop is a big data processing system that enables the distributed processing of massive data sets across multiple computers using straightforward programming techniques. Hadoop has been extensively investigated in many attacks as a result of its growing significance in industry. A company may learn about the actions of invaders as well as the weaknesses of the Hadoop cluster by examining a significant quantity of data from the log file. In a Big Data setting, the goal of the paper is to generate an analytical classification for intrusion detection. In this study, Hadoop log files were examined based on assaults that were recorded in the log files. Prior to analysis, the log data is cleaned and improved using a Hadoop preprocessing tool. For feature extraction, the hybrid Improved Sparrow Search Algorithm with Mutual Information Maximization (H-ISSA-MIM). Then the CNN (Convolutional Neural Network) classifier will detect the intrusions. The implementation is performed using the MATLAB 2020a software. The performance metrics like accuracy, precision, F-score, recall, specificity, FPR, FNR are calculated for the proposed methodology and it is compared with the existing techniques like Decision Tree (DT), Principal Components Analysis (PCA)- K means, Long Short Time Memory (LSTM). The maximum value of accuracy finds out in the proposed method 98% .

W Yurcik,C Liu

DOI: https://doi.org/10.1109/CCGRID.2005.1558542

2005-01-01

Abstract:Recent attacks enabled by stolen authentication passwords and keys have allowed intruders to masquerade as legitimate users on high performance computing clusters. With the motivation of detecting masqueraders on clusters, this work seeks to discriminate different types of users based on their command behavior - in particular user command behavior on a multi-user public machine versus user command behavior on a high performance computing cluster Our intuition is that these users act differently and the unique high performance cluster environment is constrained such that command behavior discrimination is enhanced versus enterprise environments.We formalize this into a classification problem to be solved by a Support Vector Machine with TF-IDF feature construction techniques from the field of Information Retrieval. We present results showing the effectiveness of this approach exhibiting high precision depending on the length of monitoring in both time and number of commands. In particular we show that as few as 10 commands may be enough to recognize a masquerading attacker on a high performance computing cluster

Christopher Harrison,Christine R. Kirkpatrick,Inês Dutra

DOI: https://doi.org/10.48550/arXiv.1812.09537

2018-12-22

Abstract:Motivation: Traditional computational cluster schedulers are based on user inputs and run time needs request for memory and CPU, not IO. Heavily IO bound task run times, like ones seen in many big data and bioinformatics problems, are dependent on the IO subsystems scheduling and are problematic for cluster resource scheduling. The problematic rescheduling of IO intensive and errant tasks is a lost resource. Understanding the conditions in both successful and failed tasks and differentiating them could provide knowledge to enhancing cluster scheduling and intelligent resource optimization. Results: We analyze a production computational cluster contributing 6.7 thousand CPU hours to research over two years. Through this analysis we develop a machine learning task profiling agent for clusters that attempts to predict failures between identically provision requested tasks.

Distributed, Parallel, and Cluster Computing,Systems and Control

Tang Hongyan,Li Ying,Jia Tong,Yuan Xiaoyong,Wu Zhonghai

DOI: https://doi.org/10.1109/sose.2016.23

2016-01-01

Abstract:To better understand task failures in cloud computing systems, we analyze failure frequency of tasks based on Google cluster dataset, and find what we call as killer tasks that suffer from long-term failures and repeated rescheduling. Killer task can be a big concern of cloud systems as it causes unnecessary resource wasting and significant increase of scheduling workloads. Hence there is a need to provide a service for cloud system operators to recognize killer tasks in time. In this paper, we propose an online killer task recognition service based on the resource usage time series which can recognize killer tasks at the very early stage of their occurrence so that they can be handled appropriately instead of being rescheduled. The experiment results show that the proposed service performs a 93.6% accuracy in recognizing killer tasks with an 87% timing advance and 86.6% resource saving for the cloud system averagely.