Jiayin Wang,Teng Wang,Zhengyu Yang,Ying Mao,Ningfang Mi,Bo Sheng

DOI: https://doi.org/10.1109/iccnc.2017.7876183

2017-01-01

Abstract:Big data processing frameworks such as Hadoop [1] are now widely adopted, however the security issues in large scale systems have not been well studied yet. Unlike prior work on data privacy and protection, this paper investigates a potential attack from a compromised internal node against the overall system performance. We develop an effective attack launched from the compromised node that can significantly degrade the data processing performance of the cluster without being detected and blacklisted for job execution, also present a mitigation scheme that protects a Hadoop system from such attack. The results of experiments show that this attack greatly slows down the job executions in the native Hadoop system even with some basic defense mechanisms, however, our mitigation schem can keep the whole cluster running efficiently under such attack.

YANG Xiao-hu,WANG Xin-yu,MAO Ming

DOI: https://doi.org/10.3785/j.issn.1008-973x.2008.04.011

2008-01-01

Abstract:Two classical models in distributed environment,symmetrical cluster and unsymmetrical cluster,were introduced.Aiming at the problems in enterprise applications caused by the two models,a distributed model based on data partition was presented,and a new load balance algorithm based on database access was proposed.Two critical threshold values Dmax and VSRT in the algorithm could be obtained by testing and analysis.The model and the load balance mechanism benefit the system with good performance,high scalability and dynamic load balance.They were applied to a financial system which was reengineered from standalone legacy system into J2EE distributed environment.The system architecture based on data partition was implemented successfully and performed very well.

Chuntao Dong,Qingni Shen,Lijing Cheng,Yahui Yang,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-50011-9_15

2016-01-01

Abstract:In this paper, aiming to the requirement that isolation of user's job and data security, we deeply analyze the mainstream computing framework Hadoop YARN, and start with the core module of YARN - resource scheduler. Using the existing label-based scheduling policy, we design and implement a SECapacity scheduler. Our main work including: First, according to the principle of least privilege, we propose a user-classification based scheduling policy, which divided users to several levels based on their attributes, then restrict which nodes could be used by this user according to the user level. Second, we design and implement a SECapacity scheduler to implement user-classification based scheduling. Third, we verify and analyze the effectiveness and efficiency of SECapacity scheduler, the results shows that SECapacity scheduler can ensure 100% isolation of users at different levels, and the performance overhead is about 6.95%.

Chunming Zhang,Fengji Luo,Mingyang Sun,Gianluca Ranzi

DOI: https://doi.org/10.1109/tnse.2020.3015220

IF: 6.6

2021-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Advanced Metering Infrastructure (AMI) is a critical and fundamental component of smart grids. Cyber security of AMI thus has direct implications to smart grid's secure and reliable operations. This paper establishes analytical models for studying AMI system's robustness with presence of Distributed Denial-of-Service (DDoS) attacks. This paper firstly proposes a state transition model for individual smart meter nodes and data collector nodes in an AMI communication network; based on this, a dynamic differential system is formulated to describe the network's state evolution. We analyze the dynamic differential system's stability under DDoS attacks and propose a defending strategy, which optimally allocate defending resources in the AMI network, aiming at mitigating the DDoS's threaten with minimum defending loss and cost. Extensive simulations are conducted to validate the proposed method under different AMI network topologies.

Lijing Cheng,Qingni Shen,Chuntao Dong

DOI: https://doi.org/10.1109/ICC.2018.8422331

2018-01-01

Abstract:In distributed computing platform, it's possible to occur unexpected job failure. Normally, the system performance will not be affected obviously. But, in Hadoop YARN, we find Invader Job, a kind of inappropriate user-definable parameter caused malicious failure job, may cut down the system performance greatly. In this paper, we find in Hadoop YARN, there are two vulnerabilities that can be used to construct invader job. First, it's easy to cause job failure by modifying the user-definable parameters inappropriately. Second, YARN doesn't check on the job before execution, and also doesn't check the failure reason before re-attempt. So that, invader job could fail as much as possible to occupy the scheduling resource over and over again. Thus, we propose a detection framework called InTect which employs SVM to predict invader jobs. Finally, we verify our findings using the cluster of our lab and Amazon EMR respectively. As a result, the cluster performance degrades 4 times than normal case. Moreover, the recall rate of our detection framework is more than 90%, which means the SVM model has a good discrimination for invader jobs.

Ying Zhao,Gang Wu

DOI: https://doi.org/10.1109/sose.2015.20

2015-01-01

Abstract:Apache Hadoop YARN is the next generation MapReduce, which is a data-computation framework consisting of the ResourceManager (RM) and per-node slave, the NodeManager (NM). YARN provides explicit support for programming model diversity, so multiple frameworks such as spark, storm can run as applications on YARN. Applications need to apply to ResourceManager for containers to run tasks. That is, applications should specify the amount of CPU and memory they need for each task. To avoid out-of-memory error, applications often apply more resources than they need. This makes resource utilization ratio low. In order to make better use of hardware resources and improve cluster efficiency, we present an elastic resource management approach, which can dynamically expand or shrink container's size to meet the actual resource needs of tasks. Our experimental results show that the approach can improve the performance of CPU intensive applications significantly by up to 1.5 times for single jobs and 1.3 times for multiple jobs and significantly improve the resource utilization.

Yuxia Cheng,Qing Wu,Wenzhi Chen,Bei Wang

DOI: https://doi.org/10.1016/j.jpdc.2018.07.014

IF: 4.542

2018-01-01

Journal of Parallel and Distributed Computing

Abstract:Transmissible cyber threats have become one of the most serious security issues in cyberspace. Many techniques have been proposed to model, simulate and identify threats’ sources and their propagation in large-scale distributed networks. Most techniques are based on the analysis of real networks dataset that contains sensitive information. Traditional in-memory analysis of these dataset often causes data leakage due to system vulnerabilities. If the dataset itself is compromised by adversaries, this threat cost would be even higher than the threat being analysed. In this paper, we propose a new distributed shielded execution framework (Disef) for cyber threats analysis. The Disef framework enables efficient distributed analysis of network dataset while achieves security guarantees of data confidentiality and integrity. In-memory dataset is protected by using a new encrypted key–value format and could be efficiently transferred into Intel SGX enabled enclaves for shielded execution. Our experimental results showed that the proposed framework supports secure in-memory analysis of large network dataset and has comparable performance with systems that have no confidentiality and integrity guarantees.

Huiyi Li,Ruonan Rao

DOI: https://doi.org/10.1109/ICCSNT.2015.7490748

2015-01-01

Abstract:Large-scale cluster scheduling and management systems are becoming a dominant platform for a variety of applications and services. These complex “cloud” systems often run on clusters of thousands of unreliable commodity machines and mush handle all kinds of failures, schedule and deployment requirements while achieving the maximum resource utilization. We take YARN to a full analysis and argue that YARN currently excels in handling batch jobs without interacting with outside system or clients. In this paper, we propose a solution to the service registration, log management, resource reallocation problem of YARN and accommodate YARN to long-lived services.

Mahsa Ghanavatinasab,Mastaneh Bahmani,Reza Azmi

DOI: https://doi.org/10.48550/arXiv.2008.12586

2020-08-28

Distributed, Parallel, and Cluster Computing

Abstract:Apache introduced YARN as the next generation of the Hadoop framework, providing resource management and a central platform to deliver consistent data governance tools across Hadoop clusters. Hadoop YARN supports multiple frameworks like MapReduce to process different types of data and works with different scheduling policies such as FIFO, Capacity, and Fair schedulers. DRF is the best option that uses short-term, without considering history information, convergence to fairness for multi-type resource allocation. However, DRF performance is still not satisfying due to trade-offs between fairness and performance regarding resource utilization. To address this problem, we propose Simulated Annealing Fair scheduling, SAF, a long-term fair scheme in resource allocation to have fairness and excellent performance in terms of resource utilization and MakeSpan. We introduce a new parameter as entropy, which is an approach to indicates the disorder in the fairness of allocated resources of the whole cluster. We implemented SAF as a pluggable scheduler in Hadoop Yarn Cluster and evaluated it with standard MapReduce benchmarks in Yarn Scheduler Load Simulator (SLS) and CloudSim Plus simulation framework. Finally, the results of both simulation tools are evidence to prove our claim. Compared to DRF, SAF increases resource utilization of YARN clusters significantly and decreases MakeSpan to an appropriate level.

Chuntao Dong,Qingni Shen,Wenting Li,Yahui Yang,Zhonghai Wu,Xiang Wan

DOI: https://doi.org/10.1007/978-3-319-29814-6_39

2015-01-01

Abstract:Hadoop has become increasingly popular as it rapidly processes big data in parallel, while security mechanisms have been introduced or studied for Hadoop. In addition, other security issues that should not be neglected still exist. Data leakage is one of the major security challenges. This paper studies the vulnerability of authorization mechanism of services in Hadoop and the threat of information leakage. Some authorization mechanism allow all users to access services by default, an adversary can utilize these services to collect information of other users. We design and implement Eavesdropper, a framework which utilizes k-means clustering to address the nodes that store the processed results. We conduct a comprehensive of experiments, which clearly demonstrate that our detection framework is capable of detecting the nodes that store the results.

Chuntao Dong,Wenting Li,Qingni Shen,Zhonghai Wu

2015-01-01

Abstract:Hadoop 2.0 proposes a new resource management system, named as YARN, which can support a variety of big data computing frameworks(such as MapReduce, Storm, Spark, etc.). YARN has become the current mainstream computing framework to deploy large data platform for many internet corporations(e.g. Alibaba Group, Tencent, etc.). Therefore, this paper analyzes the basic structure and the working lfow of the YARN framework, then focuses on its resource scheduling mechanisms used in the ResourceManager, including its resource management model, management mechanisms and vulnerabilities, and the implemented resource schedulers, the Capacity Scheduler and Fair Scheduler. Final y it also discusses the next generation of Omega scheduler.

Wu Xin,Qingni Shen,Yahui Yang,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-73697-6_17

2017-01-01

Abstract:In order to ensure data security and monitor data behavior, eBay has developed Eagle, which can detect anomalous user behavior based on user profiles and can intelligently protect data security of Hadoop ecosystem in real-time. By analyzing the kernel density estimation (KDE) algorithm and source code implemented in Eagle, we recognize that there are two security risks: One is that user profiles are models of operations, but the objects of operations are not analyzed; The other is that the owner of HDFS audit log files is not authenticated. Consequently, the attacker can bypass Eagle and form attack of APT combined with default permissions of Hadoop. In this paper, we analyze the two risks of Eagle, propose two kinds of attack methods that can bypass anomaly detection of Eagle: co-frequency operation attack and log injection attack, and establish threat model of which feasibility is verified experimentally. Finally, we present SeEagle, a semantic-enhanced anomaly detection for securing Eagle, including user authentication and file tagging modules. Our preliminary experimental evaluation shows that SeEagle works well and extra overhead is acceptable.

Zhengyu Yang,Janki Bhimani,Yi Yao,Cho-Hsien Lin,Jiayin Wang,Ningfang Mi,Bo Sheng

DOI: https://doi.org/10.12694/scpe.v19i1.1393

2018-01-01

Scalable Computing Practice and Experience

Abstract:Hadoop YARN is an Apache Software Foundation open project that provides a resource management framework for large scale parallel data processing, such as MapReduce jobs. Fair scheduler is a dispatcher which has been widely used in YARN to assign resources fairly and equally to applications. However, there exists a problem of the Fair scheduler when the resource requisition of applications is beyond the amount that the cluster can provide. In such a case, the YARN system will be halted if all resources are occupied by ApplicationMasters, a special task of each job that negotiates resources for processing tasks and coordinates job execution. To solve this problem, we propose an automatic and dynamic admission control mechanism to prevent the ceasing situation happened when the requested amount of resources exceeds the cluster resource capacity, and dynamically reserve resources for processing tasks in order to obtain good performance, e.g., reducing makespans of MapReduce jobs. After collecting resource usage information of each work node, our mechanism dynamically predicts the amount of reserved resources for processing tasks and automatically controls running jobs based on the prediction. We implement the new mechanism in Hadoop YARN and evaluate it with representative MapReduce benchmarks. The experimental results show the effectiveness and robustness of this mechanism under both homogeneous and heterogeneous workloads.

Amr M Sauber,Ahmed Awad,Amr F Shawish,Passent M El-Kafrawy

DOI: https://doi.org/10.1155/2021/5753948

2021-07-08

Abstract:With the daily increase of data production and collection, Hadoop is a platform for processing big data on a distributed system. A master node globally manages running jobs, whereas worker nodes process partitions of the data locally. Hadoop uses MapReduce as an effective computing model. However, Hadoop experiences a high level of security vulnerability over hybrid and public clouds. Specially, several workers can fake results without actually processing their portions of the data. Several redundancy-based approaches have been proposed to counteract this risk. A replication mechanism is used to duplicate all or some of the tasks over multiple workers (nodes). A drawback of such approaches is that they generate a high overhead over the cluster. Additionally, malicious workers can behave well for a long period of time and attack later. This paper presents a novel model to enhance the security of the cloud environment against untrusted workers. A new component called malicious workers' trap (MWT) is developed to run on the master node to detect malicious (noncollusive and collusive) workers as they convert and attack the system. An implementation to test the proposed model and to analyze the performance of the system shows that the proposed model can accurately detect malicious workers with minor processing overhead compared to vanilla MapReduce and Verifiable MapReduce (V-MR) model [1]. In addition, MWT maintains a balance between the security and usability of the Hadoop cluster.

Yu-Sheng Yang,Shih-Hsiung Lee,Wei-Che Chen,Chu-Sing Yang,Yuen-Min Huang,Ting-Wei Hou

DOI: https://doi.org/10.3390/app12010530

2022-01-05

Applied Sciences

Abstract:The advanced connection requirements of industrial automation and control systems have sparked a new revolution in the Industrial Internet of Things (IIoT), and the Supervisory Control and Data Acquisition (SCADA) network has evolved into an open and highly interconnected network. In addition, the equipment of industrial electronic devices has experienced complete systemic integration by connecting with the SCADA network, and due to the control and monitoring advantages of SCADA, the interconnectivity and working efficiency among systems have been tremendously improved. However, it is inevitable that the SCADA system cannot be separated from the public network, which indicates that there are concerns over cyber-attacks and cyber-threats, as well as information security breaches, in the SCADA network system. According to this context, this paper proposes a module based on the token authentication service to deter attackers from performing distributed denial-of-service (DDoS) attacks. Moreover, a simulated experiment has been conducted in an energy management system in the actual field, and the experimental results have suggested that the security defense architecture proposed by this paper can effectively improve security and is compatible with real field systems.

Zhang Long,Wang Jinsong

DOI: https://doi.org/10.1016/j.cose.2022.102604

2022-04-01

Abstract:Software-defined networking (SDN) is a new network architecture that offers considerable management convenience and efficiency relative to conventional networks. However, the centralized control employed in SDN incurs a high risk of single point failure that is susceptible to distributed denial of service (DDoS) attacks. The present work addresses this issue by proposing a hybrid approach for detecting DDoS attacks using an initial detection module based on information entropy to quickly identify anomalous traffic and a second detection module based on machine learning with a stacked sparse autoencoder (SSAE)–support vector machine (SVM) architecture to confirm the suspected anomalous traffic. If DDoS traffic is detected, a defense module is implemented to restore normal network communication in a timely manner via an issued flow table. The effectiveness and efficiency of the proposed approach for DDoS detection is experimentally evaluated using both real-time and benchmark datasets in comparison with state-of-the-art methods. The results demonstrate that the proposed approach provides superior detection performance and identifies greater than 98% of existing DDoS traffic with greatly reduced training time and computational burden.

computer science, information systems

Shuang Wei,Yijing Ding,Xinhui Han

DOI: https://doi.org/10.1109/dsn-w.2017.11

2017-01-01

Abstract:Distributed Denial-of-Service(DDoS) attack continues to be one of the most serious problems in the Internet. Without advance warning, DDoS attack can knock down the targeted server in a short period of time by exhausting the computing and communicating resources of the victim. In this paper, we propose a two-stage DDoS detection and defense system called TDSC. In the first stage, we divide the input flows into 4 parts and use the cluster size distribution analysis to detect the attack. Since we use cluster analysis as the basic detection algorithm, TDSC can separate the DDoS attacks from the legitimate flash crowd easily. In the first stage, we also extract traffic features of the attack from the cluster containing most of the DDoS traffic. With the DDoS attack features output by the first stage, TDSC can filter the attack traffic out in the second stage. We test the effectiveness of TDSC on the MIT Lincoln Laboratory 2000 LLS DDOS 1.0 Dataset(a.k.a. MIT LLS DDOS 1.0 Dataset). Results show that TDSC can detect the DDoS attack in 6 seconds and extract the features which can describe the attack traffic accurately. And with the traffic features calculated by the first stage, TDSC can filter out 99.89% of the attack traffic in the second stage.

Hongsong Chen,Zhongchuan Fu

DOI: https://doi.org/10.1155/2015/852173

2015-01-01

Mobile Information Systems

Abstract:Human health information from healthcare system can provide important diagnosis data and reference to doctors. However, continuous monitoring and security storage of human health data are challenging personal privacy and big data storage. To build secure and efficient healthcare application, Hadoop-based healthcare security communication system is proposed. In wireless biosensor network, authentication and key transfer should be lightweight. An ECC (Elliptic Curve Cryptography) based lightweight digital signature and key transmission method are proposed to provide wireless secure communication in healthcare information system. Sunspot wireless sensor nodes are used to build healthcare secure communication network; wireless nodes and base station are assigned different tasks to achieve secure communication goal in healthcare information system. Mysql database is used to store Sunspot security entity table and measure entity table. Hadoop is used to backup and audit the Sunspot security entity table. Sqoop tool is used to import/export data between Mysql database and HDFS (Hadoop distributed file system). Ganglia is used to monitor and measure the performance of Hadoop cluster. Simulation results show that the Hadoop-based healthcare architecture and wireless security communication method are highly effective to build a wireless healthcare information system.

computer science, information systems,telecommunications

Shin-Jer Yang,Hsiao-Ling Huang

DOI: https://doi.org/10.1109/icis46139.2019.8940313

2019-06-01

Abstract:Cloud computing is integrated lots of computing resources which are provided to users over the Internet on a Pay-As-You-Go mode. While multi-tenants and resources sharing are its advantages under the cloud computing environment, it also brings new risks in information security. One of the more difficult consequences of an attack is a flooding attack. This attack is to exhaust the network bandwidth and the computing resources of the server, causing the server to fail to provide services due to heavy workload and may affect the normal service. Other servers in the same infrastructure cause unpredictable losses. Based on the existing DDoS detection technology, this paper proposes a prevention mechanism based on feature selection and random forest classification models to detect hybrid flooding attacks, called HFADS. The HFADS scheme is mainly divided into three modules: (1) Resource Monitor Module (2) Data Features Selection Module (3) Machine Learning Evaluation Module. Based on the above three modules, we perform some simulations for HFADS to be compared with Mouhammd Alkasassbeh et al.'s method to detect flooding attacks of DDoS in terms of three KPIs including recall rate, accuracy rate and average processing time. The final experimental results indicate that HFADS can achieve 99.99% for UDP, 99.95% for ICMP and 99.99% for HTTP in recall rate, 99.98% in accuracy rate and 65.34 seconds in average processing time. Consequently, the proposed HFADS is more effective and efficient than Mouhammd Alkasassbeh et al.'s method for the identification of hybrid flooding attacks.

Yannan Ma,Yu Zhou,Yao Yu,Chenglei Peng,Ziqiang Wang,Sidan Du

DOI: https://doi.org/10.1016/j.procs.2015.05.062

2015-01-01

Procedia Computer Science

Abstract:Distributed file system for the storage of massive files have obvious advantages compared with the conventional file system. For instance, Hadoop Distributed File System (HDFS) implemented with commodity hardware has the advantages of low cost, high fault tolerance, scalability, etc. However, HDFS has the potential safety hazard due to the unencrypted data stored in Datanode, which may cause data leakage during the manipulation. In this paper, we purpose a new architecture based on HDFS, combined with network coding and multi-node reading, to improve the security and storage efficiency of the distributed file system. Experiments have shown that the method proposed in this paper greatly improves the safety of files transfer and storage, while the speed of files reading has increased threefold compared to the original HDFS model.

English Else