Research On Denial Of Service Attack Detection Based On Hadoop And Flume

Journal of Information Security Research ›› 2018, Vol. 4 ›› Issue (9): 799-805.

Previous Articles Next Articles

Research On Denial Of Service Attack Detection Based On Hadoop And Flume

Received:2018-09-17 Online:2018-09-15 Published:2018-09-17

基于Hadoop与Flume的拒绝服务攻击检测研究

马晓亮

西南大学

通讯作者: 马晓亮
作者简介:马晓亮 1981年,硕士,主要研究方向为网络通讯与信息安全，云计算和机器学习。

Abstract

Abstract: Aiming at the bottleneck problem of denial of service attack detection algorithm and processing speed, using denial of service attack log feature and improved variance algorithm in the paper，building a denial of service attack detection system on Hadoop and Flume，and use the distributed web log collection system of flume collect logs to HDFS，through research the distribution of abnormal behavior from statistical analysis of connection data and find characteristic of it, a Hadoop based statistical analysis model for denial of service attack detection is established, this paper puts forward the idea of improved variance to detect denial of service attack, making full use of distributed parallel computing ability of Hadoop, and it effectively improves the speed of detection and reduces the computation time.

Key words: Denial Of Service, Hadoop, Flume, Improved Variance, Flow statistics, MapReduce

摘要： 针对拒绝服务攻击检测算法和处理速度面临的瓶颈问题，基于利用拒绝服务攻击日志特征和改进方差算法，在Hadoop与Flume上构建拒绝服务攻击检测系统，运用Flume的分布式WEB日志采集系统收集日志至HDFS中，从连接数据的统计分析中寻找异常行为的分布规律，通过建立基于Hadoop的统计分析拒绝服务攻击检测模型，提出使用改进方差的思想来检测拒绝服务攻击，充分发挥Hadoop的分布式并行计算能力，有效提高了检测运算速度和减少了运算时间。

关键词: 拒绝服务攻击, Hadoop, Flume, 改进方差, 流量统计, MapReduce

马晓亮. 基于Hadoop与Flume的拒绝服务攻击检测研究[J]. 信息安全研究, 2018, 4(9): 799-805.

References

[1] 中国电信云堤,绿盟科技.2017DDoS与Web应用攻击态势报告[R][2018-04-11].http://www.nsfocus.com.cn/content/details_62_2727.html [2] Arbornetwork. INSIGHT INTO THE Global Threat Landscape -NETSCOUT Arbor's 13th Annual Worldwide Infrastructure Security Report [R][2018].https://www.netscout.com/report/ [3] Hetal.N.Joshi,Pryanka Sharma, A Prevention of DDoS Attack in Cloud Computing[J].International Journal of Advanced Research in Computer Engineering & Technology (IJARCET),2017,3(2):1836-1842 [4] 张新有, 曾华燊, 贾磊. 入侵检测数据集KDD CUP99研究[J]. 计算机工程与设计, 2010, 31(22):4809-4812 [5] Silky Kalra,Anil Lamba, DETECTION OF FLOODING BASED DOS ATTACK ON HADOOP DATANODE[J].International Journal of Advanced Research in Computer Engineering & Technology (IJARCET),2014,3(6):2071-2075 [6] 韦玮. 英国BAE公司预测2015年网络安全五大发展趋势[J]. 防务视点, 2015(3) [7] Ghazi M R, Gangodkar D. Hadoop, MapReduce and HDFS: A Developers Perspective[J]. Procedia Computer Science, 2015, 48:45-50 [8] 陆嘉恒. Hadoop实战[M]. 2011: 机械工业出版社 [9] Liu H, Sun Y, Min S K. Fine-Grained DDoS Detection Scheme Based on Bidirectional Count Sketch[C]// Proceedings of, International Conference on Computer Communications and Networks. IEEE, 2011:1-6 [10] 王进, 阳小龙, 隆克平. 基于大偏差统计模型的Http-Flood DDoS检测机制及性能分析[J]. 软件学报, 2012, 34(5):1272-1280 [11] Lee Y, Lee Y. Detecting DDoS attacks with Hadoop[C]// ACM CONEXT Student Workshop. ACM, 2011:7 [12] 李洋, 吕家恪. 基于Hadoop与Storm的日志实时处理系统研究[J]. 西南师范大学学报(自然科学版), 2017, 42(4):119-126 [13] Feinstein L, Schnackenberg D, Balupari R, et al. Statistical approaches to DDoS attack detection and response[C]// DARPA Information Survivability Conference and Exposition, 2003. Proceedings. IEEE, 2003:303-314 vol.1 [14] 鲍旭华, 洪海, 曹志华. 破坏之王:DDoS攻击与防范深度剖析[M]. 机械工业出版社, 2014 [15] Dean J, Ghemawat S. MapReduce: simplified data processing on large clusters[M]. ACM, 2008 [16] Ghemawat S, Gobioff H, Leung S T. The Google file system[C]// Nineteenth Acm Symposium on Operating Systems Principles. ACM, 2003:29-43 [17] Gao Y, Feng Y, Kawamoto J, et al. A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation[C]// Information Security. IEEE, 2016:80-86 [18] Lee Y, Kang W, Lee Y. A Hadoop-Based Packet Trace Processing Tool[C]// International Conference on Traffic Monitoring and Analysis. Springer-Verlag, 2011:51-63 [19] Jain H K. System and method for software defined behavioral DDoS attack mitigation[J]. 2017

Research On Denial Of Service Attack Detection Based On Hadoop And Flume

基于Hadoop与Flume的拒绝服务攻击检测研究

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 6

Recommended Articles

Metrics

[1]	. Security Enhancement Scheme of Hadoop KMS Based on SGX [J]. Journal of Information Security Research, 2019, 5(6): 514-520.
[2]	. Overview of Big Data Forensics Technology [J]. Journal of Information Security Research, 2017, 3(9): 795-802.
[3]	. An Overview of Hadoop Security Framework [J]. Journal of Information Security Research, 2016, 2(8): 684-698.
[4]	. Research and Implementation of Access Control Method for Big Data Platform [J]. Journal of Information Security Research, 2016, 2(10): 913-919.
[5]	. Research and Implementation of Access Control Method for Big Data Platform [J]. Journal of Information Security Research, 2016, 2(10): 926-930.
[6]	. DDoS Detection Framework based on Hadoop [J]. Journal of Information Security Research, 2015, 1(3): 261-266.