Journal Title : International Journal of Modern Trends in Engineering and Science
Paper Title : SECURITY MONITORING ARCHITECTURE FOR BIG DATA: A SURVEY PAPER
Volume 03 Issue 11 2016
ISSN no: 2348-3121
Page no: 4-7
Abstract – Dissimilar network data sources are sources for security monitoring. For such growing volume of data to treat as complexity, analysis of network data sources is difficult. For security monitoring, we propose a solution for the huge amount of data to analyze. Introducing architecture for security monitoring of local enterprise networks. The application area of such a system is mostly network intrusion detection and prevention, also used as for forensic analysis. The proposed architecture combines two systems, one dedicated to scalable distributed data storage and management and the other dedicated to data utilization. Different sources of data, such as DNS data, NetFlow records, and HTTP traffic also honeypot data which will mean and correlated in a distributed system that leverages state of the art big data solution. Data association schemes are proposed. Its performance is evaluated against more than few well-known big data frameworks using Hadoop.
Keywords— Big Data, Honeypot Data, Intrusion, Forensic Analysis
- M. Roesch., November 7–12, 1999, “Snort – lightweight intrusion detection for networks,” in Proceedings of the 13th USENIX conference on System administration, ser. LISA’99, pp. 229–238.
- “Suricata, open source ids/ips/nsm engine.” Online Available at: http://www.suricata-ids.org
- V. Paxson, 1998, “Bro: a system for detecting network intruders in real-time,” in Proceedings of the 7th conference on USENIX Security Symposium –Vol. 7, ser. SSYM’98.
- L. Bilge, E. Kirda, C. Kruegel, and M. Balduzzi, 2011, “Exposure: Finding malicious domains using passive DNS analysis,” in Proceedings ofNDSS.
- M. A. Jamshed, J. Lee, S. Moon, I. Yun, D. Kim, S. Lee, Y. Yi, and K. Park., 2012, “Kargus: A highly-scalable software-based intrusion detection system,” in Proceedings of the 2012 ACM Conference on Computer andCommunications Security, ser. CCS’12. New York, NY, USA: ACM, pp. 317–328.
- L. Ricciulli., 2010, “A service model for network security applications,” in Proceedings of the Sixth Annual Workshop on Cyber Security andInformation Intelligence Research, ser. CSIIRW’10.
- H. Jiang, G. et.al., 2013,“Scalable high-performance parallel design for network intrusion detection systems on many-core processors,” in Ninth ACM/IEEE Symposiumon Architectures for Networking and Communications Systems, ser. ANCS’13. Piscataway, NJ, USA: IEEE Press, pp. 137–146.
- M. Antonakakis, R. Perdisci, D. Dagon, W. Lee, and N. Feamster, 2010, “Building a dynamic reputation system for DNS,” in Proceedings ofthe 19th Usenix Security Symposium.
- S. Marchal, J. Franc¸ois, C. Wagner, R. State, A. Dulaunoy, T. Engel, and O. Festor., 2012, “DNSSM: A large scale passive DNS security monitoring framework,” ser. NOMS’12.
- Wei Lu and Issa Traore., “A New Unsupervised Anomaly Detection Framework For Detecting Network Attacks in Real time”, (wlu_ itraoreg)@ece_uvic_ca.CANS 2005: 96-109.