Martin Andreoni Lopez,Diogo M. F. Mattos,Otto Carlos M. B. Duarte,Guy Pujolle

DOI: https://doi.org/10.1002/cpe.5344

2019-05-21

Concurrency and Computation: Practice and Experience

Abstract:<p>The late detection of security threats causes a significant increase in the risk of irreparable damages and restricts any defense attempt. In this paper, we propose a s<b>CA</b>lable <b>TR</b>Affic <b>C</b>lassifier and <b>A</b>nalyzer (CATRACA). CATRACA works as an efficient online Intrusion Detection and Prevention System implemented as a Virtualized Network Function. CATRACA is based on Apache Spark, a Big Data Streaming processing system, and it is deployed over the Open Platform for Network Functions Virtualization (OPNFV), providing an accurate real‐time threat‐detection service. The system presents a friendly graphical interface that provides real‐time visualization of the traffic and the attacks that occur in the network. Our prototype can differentiate normal traffic from denial of service (DoS) attacks and vulnerability probes over 95% accuracy under three different datasets. Moreover, CATRACA handles streaming data under concept drift detection with more than 85% of accuracy.</p>

Zheng YANG,Xiaowu HE,Jiahang WU,Xu WANG,Yi ZHAO

DOI: https://doi.org/10.1360/ssi-2021-0133

2022-01-01

Scientia Sinica Informationis

Abstract:Real-time streaming video analytics is important in applications such as intelligent surveillance, smart city, and autonomous driving. However, large-scale streaming video analytics is impractical on the cloud, due to its high computation demand, large bandwidth consumption and stringent latency requirement.The emerging edge computing paradigm can effectively solve these problems by pushing computation from the cloud to devices and servers at the network edge.To this end, this article conducts a comprehensive survey on edge computing technologies for real-time streaming video analytics.Firstly, it introduces the background of video analytics and edge computing, as well as the typical application of edge-based steaming video analytics.Then, it proposes the performance indicators and challenges faced by the existing systems.Afterwards, the key technologies in this field are introduced in detail from the device level, collaboration level, and edge/cloud server level, including model compression and selection, local caching, frame filtering, task offloading, streaming protocol, privacy protection, query optimization, inference acceleration, and edge caching.Based on the integration of above core technologies, this article proposes an edge-based large-scale video analytics platform, Argus, which provides systematic support for the real-time video stream analytics on video collection, model inference, data mining, and log management.Argus has been successfully deployed in the smart oilfield scenario.Last but not least, this article discusses the open issues on edge-based streaming video analytics, in the hope of inspiring future research ideas.

Hang Zhao,LinBin Yao,ZhiXin Zeng,DongHua Li,JinLiang Xie,WeiLing Zhu,Jie Tang

DOI: https://doi.org/10.1080/09540091.2020.1782840

2020-06-25

Connection Science

Abstract:In recent years, with the rapid development of sensing technology and the Internet of Things (IoT), sensors play increasingly important roles in traffic control, medical monitoring, industrial production and etc. They generated high volume of data in a streaming way that often need to be processed in real time. Therefore, streaming data computing technology plays an indispensable role in the real-time processing of sensor data in high throughput but low latency. However, there are two problems in deploying streaming data process ability in cloud computing data centre. Firstly, massive sensor nodes simultaneously upload data to the remote cloud computing data centre, which requires a large number of bandwidth resources supports. The existing network infrastructure cannot provide enough bandwidth at a reasonable price. Secondly, due to the geographical distribution characteristics of the cloud computing data centre, there will inevitably be large transmission delay during the process of data transmission. Such end-to-end delay is intolerable to mobile applications especially for those latency sensitive tasks. In view of the above problems, this paper proposes an autonomous driving oriented edge streaming data processing framework, which migrates the computing and storage capability from the remote cloud data centre to the edge data centre. It focuses on the change of vehicle flow in a specific geographical area, and uses the computing power sunk to edge node to process the massive streaming data generated by autonomous vehicles nearby. The proposed framework is implemented on top of Spark Streaming, which builds up a gray model based traffic flow monitor, a traffic prediction orientated prediction layer and a fuzzy control based Batch Interval dynamic adjustment layer for Spark Streaming. It could forecast the variation of sensors data arrive rate, make streaming Batch Interval adjustment in advance and implement real-time streaming process by edge. Therefore, it can realise the monitor and prediction of the data flow changes of the autonomous driving vehicle sensor data in geographical coverage of edge computing node area, meanwhile minimise the end-to-end latency but satisfy the application throughput requirements. The experiments show that it can predict short-term traffic with no more than 4% relative error in a whole day. By making batch consuming rate close to data generating rate, it can maintain system stability well even when arrival data rate changes rapidly. The Batch Interval can be converged to a suitable value in two minutes when data arrival rate is doubled. Compared with vanilla version Spark Streaming, where there has serious task accumulation and introduces large delay, it can reduce 35% latency by squeezing Batch Interval when data arrival rate is low; it also can significantly improve system throughput by only at most 25% Batch Interval increase when data arrival rate is high.

computer science, artificial intelligence, theory & methods

Tong Meng,Xiaoyang Wang,Jidong Zhai,Zhe Zhou,Guangyu Sun,Ping Han

DOI: https://doi.org/10.1109/SEC50012.2020.00009

2020-11-01

Abstract:With the rapid growth of IoT devices, the traditional cloud computing scheme is inefficient for many IoT based applications, mainly due to network data flood, long latency, and privacy issues. To this end, the edge computing scheme is proposed to mitigate these problems. However, in an edge computing system, the application development becomes more complicated as it involves increasing levels of edge nodes. Although some efforts have been introduced, existing edge computing frameworks still have some limitations in various application scenarios. To overcome these limitations, we propose a new programming model called Edge-Stream. It is a simple and programmer-friendly model, which can cover typical scenarios in edge-computing. Besides, we address several new issues, such as data sharing and area awareness, in this model. We also implement a prototype of edge-computing framework based on the Edge-Stream model. A comprehensive evaluation is provided based on the prototype. Experimental results demonstrate the effectiveness of the model.

Computer Science,Engineering

Lili Gao,Xiaopeng Deng,Weimin Yang

DOI: https://doi.org/10.1007/s00521-021-05733-0

2021-01-27

Neural Computing and Applications

Abstract:The most important problems that occur during the extraction of knowledge from data streams are related to the properties characterizing "BigData," namely high speed of information flow (velocity), variety of used forms, variability of data and diversity of information accuracy diagnosis methods (veracity). The use of online or sequential learning methods offers a specialized solution for solving real-time data processing problems. Data are provided without a clear knowledge of their particular inherent characteristics. Conventional approaches focus on applying heuristic or logical analysis rules. They fail to effectively handle new patterns (produced as a function of time) and to consider the dynamic change rate of their characteristics. In most cases, these methods approximate, by creating general rather than clear imprints of knowledge, which is hidden in the flows. Moreover, their function requires significant computational resources. This paper introduces (to the best of our knowledge, for the first time in the literature) the implementation of a specialized online reservoir computing architecture for smart city infrastructure protection which has low requirements in computing resources; it is efficient and suitable for real-time data flow analysis. More specifically, it describes the development of an echo state network, comprised of analog neurons with sparse random connections at the input levels and at the dynamical reservoir. Its training at the output level is performed with the recursive least square method. A complex data set was selected for the testing of the proposed model, which fully simulates the digital attacks that can be faced by the mechatronic equipment used in smart water supply networks located in the front end of the smart cities.

computer science, artificial intelligence

Kok-Leong Ong,Andrzej Goscinski,Yuzhang Han,Peter Brezany,Zahir Tari,Lei Yan

DOI: https://doi.org/10.1504/ijhpcn.2016.076250

2016-01-01

International Journal of High Performance Computing and Networking

Abstract:Stream-oriented applications account for one of the major types of today's computing practices. They deal with high-speed data streams. When it comes to stream-oriented distributed systems, some challenges arise: for one thing, processing capability of a single compute node might become the bottleneck of the entire system. For another, transmitting streams among physically dispersed nodes could incur both communication overhead and instability of a distributed application. In this paper, we discuss the potential of using cloud technology to respond to various challenges faced by stream-oriented distributed systems. We introduce our idea of a special cloud, the scientific streaming cloud (SSC), which supports stream management in distributed environments. We also present our design of a language and an algorithm which are used on the SSC to describe and optimise stream-related tasks, respectively. Furthermore, we demonstrate our prototype implementation and a real-world application of the SSC.

Wenzhao Zhang,Cheng Guo,Yi Gao,Wei Dong

2023-10-11

Abstract:Structural Health Monitoring (SHM) is crucial for the safety and maintenance of various infrastructures. Due to the large amount of data generated by numerous sensors and the high real-time requirements of many applications, SHM poses significant challenges. Although the cloud-centric stream computing paradigm opens new opportunities for real-time data processing, it consumes too much network bandwidth. In this paper, we propose ECStream, an Edge Cloud collaborative fine-grained stream operator scheduling framework for SHM. We collectively consider atomic and composite operators together with their iterative computability to model and formalize the problem of minimizing bandwidth usage and end-to-end operator processing latency. Preliminary evaluation results show that ECStream can effectively balance bandwidth usage and end-to-end operator computation latency, reducing bandwidth usage by 73.01% and latency by 34.08% on average compared to the cloud-centric approach.

Networking and Internet Architecture,Signal Processing

Guanxiong Liu,Hang Shi,Abbas Kiani,Abdallah Khreishah,Joyoung Lee,Nirwan Ansari,Chengjun Liu,Mustafa Mohammad Yousef

DOI: https://doi.org/10.1109/tits.2021.3109481

IF: 8.5

2021-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Traffic management systems capture tremendous video data and leverage advances in video processing to detect and monitor traffic incidents. The collected data are traditionally forwarded to the traffic management center (TMC) for in-depth analysis and may thus exacerbate the network paths to the TMC. To alleviate such bottlenecks, we propose to utilize edge computing by equipping edge nodes that are close to cameras with computing resources (e.g., cloudlets). A cloudlet, with limited computing resources as compared to TMC, provides limited video processing capabilities. In this paper, we focus on two common traffic monitoring tasks, congestion detection, and speed detection, and propose a two-tier edge computing based model that takes into account of both the limited computing capability in cloudlets and the unstable network condition to the TMC. Our solution utilizes two algorithms for each task, one implemented at the edge and the other one at the TMC, which are designed with the consideration of different computing resources. While the TMC provides strong computation power, the video quality it receives depends on the underlying network conditions. On the other hand, the edge processes very high-quality video but with limited computing resources. Our model captures this trade-off. We evaluate the performance of the proposed two-tier model as well as the traffic monitoring algorithms via test-bed experiments under different weather as well as network conditions and show that our proposed hybrid edge-cloud solution outperforms both the cloud-only and edge-only solutions.

engineering, electrical & electronic,transportation science & technology, civil

Schuartz, Fábio César

DOI: https://doi.org/10.1007/s12243-024-01046-0

2024-06-09

Annals of Telecommunications

Abstract:With the growth of computer networks worldwide, there has been a greater need to protect local networks from malicious data that travel over the network. The increase in volume, speed, and variety of data requires a more robust, accurate intrusion detection system capable of analyzing a huge amount of data. This work proposes the creation of an intrusion detection system using stream classifiers and three classification layers—with and without a reduction in the number of features of the records and three classifiers in parallel with a voting system. The results obtained by the proposed system are compared against other models proposed in the literature, using two datasets to validate the proposed system. In all cases, gains in accuracy of up to 18.52% and 3.55% were obtained, using the datasets NSL-KDD and CICIDS2017, respectively. Reductions in classification time up to 35.51% and 94.90% were also obtained using the NSL-KDD and CICIDS2017 datasets, respectively.

telecommunications

Mikhail Zolotukhin,Timo Hämäläinen

DOI: https://doi.org/10.1007/978-3-319-75307-2_8

2018-01-01

Abstract:Application-layer distributed denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed using legitimate requests from legitimately connected network machines that make these attacks undetectable by signature-based intrusion detection systems. Moreover, the attacks may utilize protocols that encrypt the data of network connections in the application layer, making it even harder to detect an attacker’s activity without decrypting users’ network traffic, and therefore violating their privacy. In this paper, we present a method that allows us to detect various application-layer denial-of-service attacks against a computer network in a timely fashion. We focus on detection of the attacks that utilize encrypted protocols by applying an anomaly-detection-based approach to statistics extracted from network packets. Since network traffic decryption can violate ethical norms and regulations on privacy, the detection method proposed analyzes network traffic without its decryption. The method involves construction of a model of normal user behavior by analyzing conversations between a web server and its clients. The construction algorithm is self-adaptive and allows one to update the model every time a new portion of network traffic data becomes available for analysis. Once the model has been built, it can be applied to detect various application-layer types of denial-of-service attacks, including slow attacks, computational attacks, and more advanced attacks imitating normal web user behavior. The proposed technique is evaluated with realistic end user network traffic generated in our virtual network environment. Evaluation results show that these attacks can be properly detected, while the number of false alarms remains very low.

Li Zhao,Zhang Chuang,Xu Ke-fu

DOI: https://doi.org/10.1109/PCCC.2015.7410267

2015-01-01

Abstract:SpeedStream is a universal distributed platform that can handle with massive data flows with the features of low coupling, high availability, low latency and high scalability. Focusing on the core technologies of real-time stream computing platform in cloud environment, this paper conducts a series of researches and implementation of the system. First of all, aiming at the availability of real-time streaming computing platform, we design a high availability framework based on Zookeeper. It ensures fault detection and recovery of process level and node level timely by monitoring heartbreak of each modules and strategy of fault migration. Secondly, in order to increase the application types of the platform, by means of directed cycle detection and iteration protection, we design a real-time streaming computing model that based on directed graph with sources and sinks, which can not only satisfy the needs of common DAG computing services, but also support iteration computing services including directed cycle, bidirectional arcs and annular arcs. In addition, the platform can realize personalized task scheduling strategy for users by establishing task allocation matrix and optimize task allocation model. Finally, in order to solve the many-to-many dynamic load-balancing between tasks, we apply scheduler with status and distributed session table. It overcomes the difficulty of maintaining consistency of session without global session table. We also testified the convergence of this method. The experiment indicates that the throughput and data processing delay of SpeedStream are superior to other alternatives in dealing with the businesses of iteration applications, high traffic fluctuation applications, and high demand of load-balancing applications. This platform provides reliable, universal, and real-time solutions to process massive data flows, such as to process the real-time trading data in e-commerce, to analyze sensing flow in internet of things, and monitor traffics of the Internet.

Len Wirz,Asipan Ketphet,Rinrada Tanthanathewin,S. Fugkeaw

DOI: https://doi.org/10.1109/jcsse54890.2022.9836264

2022-06-22

Abstract:Owing to the efficient resource management, accessibility, and high service availability, cloud computing has been leveraged by several intensive-data processing applications such as big data analytics, social media applications. These applications are typically based on the development of web service and web application. Even though web-based technology offers effective communication and implementation, it has been susceptible to various kinds of attack. In this paper, we investigate possible attacks on REST which is a commonly used protocol for the web service implementation. In REST, HTTP requests are mapped to GET, POST, PUT, and DELETE that have been proven to be prone to common attacks including Automated Brute Forcing on web-based login, HTTP flood attacks, SQL injections (SQLi), and Cross-Site Scripting (XSS). To this end, we propose a design and implementation of the cloud-based IDS to detect such attacks by employing Apache Kafka and Spark streaming to classify and process the high volume of user inputs in REST HTTP communication. To detect the anomalous inputs, we apply the signature-based approach to construct an IDS engine based on a set of known attack patterns that will be leveraged by the Spark Streaming. Specifically, we introduce a new string comparison collection that improves the False Positive (FP) rate in SQL injection detection, which has been a major issue in most proposed IDS currently available. In our experiment, the system is able to determine malicious patterns with high performance as well as to generate SMS alerts and log the event in a Google Cloud Storage Bucket in an efficient manner.

Engineering,Computer Science

Wei-Fa Liao,Hung-Min Sun,Wei Wu

DOI: https://doi.org/10.1109/dasc-picom-datacom-cyberscitec.2016.159

2016-01-01

Abstract:In recent years, Cloud computing has become increasingly popular. Many companies have replaced traditional hosting to cloud hosting. Cloud providers are responsible for tenant isolation, if a tenant (virtual machine) is infected, other tenants will be affected. Because the virtual network environment is very complex, the traditional intrusion detection systems can only detect attacks from external networks, but can not effectively detect the internal traffic (virtual network). In order to full defend from a threat, we need to redesign the architecture of the intrusion detection system. In this thesis, we propose a flexible distributed architecture for intrusion detection, and uses software-defined networking technology for defensive purposes. In addition, our system collects alerts from different nodes, and analyzes their correlation to generate security rules to achieve the effect of a joint defense. To make the administrator more effective in management purposes, we also provide a web-based management center to reduce the burden on administrators. Finally, we analyze the performance of the proposed system with an original system. The results show that our system adds slightly overhead, and it can effectively block the malicious flow.

Jiangjiang Zhang,Bei Gong,Qian Wang,Yong Wu,Guiping Zheng

DOI: https://doi.org/10.1109/jiot.2023.3286185

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Edge intelligence is a critical enabler of intelligent application services in the Internet of Things (IoT). However, due to complex environmental factors, edge devices are subject to constant dynamic changes, which can result in security threats and sensitive information leakage. Therefore, it is essential to investigate data stream online analysis and detection strategies and implement an online releasing mechanism to ensure sensitive information is not leaked. Existing work rarely addresses these issues simultaneously or has poor performance, which poses a challenge. To address this challenge, we propose an intelligent edge dual-structure ensemble method (IEDSEM), consisting of three key components: data preprocessing, drift detection data analytics (IEDSEM-DDDA), and privacy-preserving data releasing (IEDSEM-PPDR). Data preprocessing is used primarily to enhance the quality of data streams to improve the performance of model learning. IEDSEM-DDDA involves three sequential operations: dynamic feature selection, model learning and selection, and online model ensemble deployment to achieve anomaly detection of online data streams. Meanwhile, IEDSEM-PPDR uses differential privacy and online optimization operations to achieve intelligent hierarchical protection of edge data. To validate the performance of our proposed IEDSEM method, we conducted two comprehensive simulation experiments on real data machines, verifying the accuracy of the concept drift component detection and the privacy optimization performance of the privacy-preserving component, respectively. Simulation results show that compared with several other advanced high-performance algorithms, our algorithm has over 99% accuracy in data stream analysis detection and more outstanding privacy-preserving ability.

computer science, information systems,telecommunications,engineering, electrical & electronic

Lilian Hernandez,Hung Cao,Monica Wachowicz

DOI: https://doi.org/10.48550/arXiv.1708.00352

2017-09-28

Abstract:The Internet of Moving Things (IoMT) requires support for a data life cycle process ranging from sorting, cleaning and monitoring data streams to more complex tasks such as querying, aggregation, and analytics. Current solutions for stream data management in IoMT have been focused on partial aspects of a data life cycle process, with special emphasis on sensor networks. This paper aims to address this problem by developing streaming data life cycle process that incorporates an edge/fog/cloud architecture that is needed for handling heterogeneous, streaming and geographically-dispersed IoMT devices. We propose a 3-tier architecture to support an instant intra-layer communication that establishes a stream data flow in real-time to respond to immediate data life cycle tasks in the system. Communication and process are thus the defining factors in the design of our stream data management solution for IoMT. We describe and evaluate our prototype implementation using real-time transit data feeds. Preliminary results are showing the advantages of running data life cycle tasks for reducing the volume of data streams that are redundant and should not be transported to the cloud.

Distributed, Parallel, and Cluster Computing,Computers and Society,Networking and Internet Architecture

Haolong Xiang,Xuyun Zhang

DOI: https://doi.org/10.1007/s11280-022-01052-z

2022-05-13

World Wide Web

Abstract:Anomaly detection plays a crucial role in many Internet of Things (IoT) applications such as traffic anomaly detection for smart transportation and medical diagnosis for smart healthcare. With the explosion of IoT data, anomaly detection on data streams raises higher requirements for real-time response and strong robustness on large-scale data arriving at the same time and various application fields. However, existing methods are either slow or application-specific. Inspired by the edge computing and generic anomaly detection technique, we propose an isolation forest based framework with dynamic Insertion and Deletion schemes (IDForest), which can incrementally update the forest to detect anomalies on data streams. Besides, IDForest is deployed on edge servers in parallel through packing each tree into a subtask, which facilitates the fast anomaly detection on data streams. Extensive experiments on both synthetic and real-life datasets demonstrate the efficiency and robustness of our framework for anomaly detection.

Yaxiao Liu,Weidong Liu,Jiaxing Song,Huan He

DOI: https://doi.org/10.1016/j.adhoc.2015.07.009

IF: 4.816

2015-01-01

Ad Hoc Networks

Abstract:Stream computing systems are designed for high frequency data. Such systems can deal with billions of transactions per day in real cases. Cloud technology can support distributed stream computing systems by its elastic and fault tolerant capabilities. In a real deployment environment, such as the pre-treatment system in Chinese top banks, the reliability based on user experience is key metrics for performance. Although many significant works have been proposed in the literature, they have some limitations such as less of architectural focus or difficult to implement in complex projects. This paper describes the reliability issue which is caused by the service downgrade in cloud. We use novel reliability analysis techniques, queuing theory, and software rejuvenation management techniques to build a framework for supporting stream data with low latency and fault tolerance. A real streaming system from a top bank is studied to provide the supporting data. Operational parameters such as rejuvenation window and time-out parameter are identified as key parameters for the design of a distributed stream processing system. An algorithm for reliability optimization, monitoring and forecast is also introduced. The paper also compares the improved result with original issues, which saved millions of money and reputations. (C) 2015 Elsevier B.V. All rights reserved.

Alexey N. Nazarov

DOI: https://doi.org/10.32362/2500-316x-2019-7-6-56-67

2020-01-10

Russian Technological Journal

Abstract:The creation of monitoring clusters based on cloud computing technologies is a promising direction for the development of systems for continuous monitoring of objects for various purposes in the web space. Hadoop web-programming environment is the technological basis for the development of algorithmic and software solutions for the synthesis of monitoring clusters, including information security and information counteraction systems. The International Telecommunication Union’ (ITU) recommendations Y. 3510 present the requirements for cloud infrastructure that require monitoring the performance of deployed applications based on the collection of real-world statistics. Often, computing resources of monitoring clusters of cloud data centers are allocated for continuous parallel processing of high-speed streaming data, which imposes new requirements to monitoring technologies, necessitating the creation and research of new models of parallel computing. The need to use service monitoring plays an important role in the cloud computing industry, especially for SLA/QoS assessment, as the application or service may experience problems even if the virtual machines on which the work is taking place appear to be operational. This requires to study the methodological possibilities of organization to study of parallel processing high-speed streaming services with the processing of huge amounts of bit data, and, simultaneously, to estimate the necessary computational resource. In the conditions of high dynamics of changes in the bit rate of information generation from the source, a model of the bit rate of Discretized Stream (DStream) formation is proposed, which has a common application. Based on the poly-burst nature of the bit rate model, a model of group content traffic of any sources of different services processed in the cloud cluster was created. The obtained results made it possible to develop mathematical models of parallel DStreams from sources processed in a cloud cluster via Hadoop technology using the micro-batch architecture of the Spark Streaming module. These models take into account the flow of requests for maintenance from sources of different services, on the one hand, and, on the other hand, the needs of services in bit rate, taking into account the multichannel traffic of sources of various services. At the same time, analytical relations are obtained to calculate the required performance of the Hadoop cluster at a given value of the probability of batch loss.

Muhammad Ali,Ashiq Anjum,Omer Rana,Ali Reza Zamani,Daniel Balouek-Thomert,Manish Parashar

DOI: https://doi.org/10.1109/tcc.2020.2991748

IF: 5.697

2020-01-01

IEEE Transactions on Cloud Computing

Abstract:With increasing availability and use of Internet of Things (IoT) devices such as sensors and video cameras, large amounts of streaming data is now being produced at high velocity. Applications which require low latency response such as video surveillance, augmented reality and autonomous vehicles demand a swift and efficient analysis of this data. Existing approaches employ cloud infrastructure to store and perform machine learning-based analytics on this data. This centralized approach has limited ability to support real-time analysis of large-scale streaming data due to network bandwidth and latency constraints between data source and cloud. We propose RealEdgeStream (RES) an edge enhanced stream analytics system for large-scale, high performance data analytics. The proposed approach investigates the problem of video stream analytics by proposing (i) filtration and (ii) identification phases. The filtration phase reduces the amount of data by filtering low-value stream objects using configurable rules. The identification phase uses deep learning inference to perform analytics on the streams of interest. The phases consist of stages which are mapped onto available in-transit and cloud resources using a placement algorithm to satisfy the Quality of Service (QoS) constraints identified by a user. We demonstrate that for a 10K element data streams, with a frame rate of 15–100 per second, the job completion in the proposed system takes 49 percent less time and saves 99 percent bandwidth compared to a centralized cloud-only based approach.

FuCheng Pan,DeZhi Han,Yuping Hu

DOI: https://doi.org/10.1504/IJES.2019.102428

2019-11-25

International Journal of Embedded Systems

Abstract:In order to realise the rapid analysis and identification of abnormal traffic in real-time networks, a distributed real-time network abnormal traffic detection system (DRNATDS) was designed, which could effectively analyse abnormal network traffic. DRNATDS provided effective real-time big data analysis platform and guaranteed network security. The paper proposes K-means algorithm based on relative density and distance, integrated with Spark Streaming and Kafka. It could effectively detect various network attacks under real-time data stream. The experimental results show that DRNATDS has good high availability and stability. Compared to other algorithms, K-means algorithm based on relative density and distance could more effectively identify abnormal network traffic and improve the recognition rate.

English Else