期刊名称:International Journal of Computer and Information Technology
印刷版ISSN:2279-0764
出版年度:2017
卷号:6
期号:2
页码:96-102
出版社:International Journal of Computer and Information Technology
摘要:One way to perpetrate a Denial of Service (DoS)
attack is to flood the network infrastructure with too much
unnecessary data such as Internet worms. Internet worms can
spread very fast and cause losses both in terms of lost business
opportunities as well as human resources required to alleviate the
caused damages. Ways of protecting against the Internet worms
include the anomaly based and signature based systems.
Signature based systems uses security signatures (patterns) that
match particular known attacks while anomaly based systems
rely on detecting anomalies with the background idea that
abnormal activity is malicious. With the increasing internet
speeds and growing amount and complexity of data across it, it is
necessary to have correspondingly fast ways of analyzing
network traffic in order to evaluate security scenarios in time.
Also the existence zero-day attacks (attacks whose characteristics
are still unknown) make relying on preconfigured signatures
unreliable. This study sought to find how to develop an accurate,
robust near real time machine driven Internet worm signature
detection, generation and collection system using big data
technologies. We set up Hadoop Ecosystem and analyze network
traffic content using Hadoop Map Reduce programming Model.
We were able to generate documented worm signatures. We also
realize that adding the number of nodes to the Hadoop cluster
first reduces the processing speeds due to overheads of load
distribution up to some optimal point beyond which adding more
nodes actually increases the overall speed of processing. The
robustness of the processing facility is also improved due to the
fact that HDFS replicates the files to be processed thus improving
availability.
