Big data analysis architecture for multi IDS sensors using memory based processor

The massive internet usage is followed by the rise of cyber-related crime such as information stealing, denial-of-service (DoS) attack, trojan and malware. To cope with the threats, one of most popular choice is using Intrusion Detection System (IDS). The logs produced by IDS in a day is huge and the limitation of computing power is the main problem to process that logs files. In this paper, we propose a big data analysis architecture of multi IDS sensors using in-memory data processing. Deployed IDS sensors are taking an extra role as computation slave to build scalable data analysis platform for network security analysis. So, adding more sensors means expanding computational resources. Adding to three sensors are helping data computation of clustering algorithm faster up to 27% comparing to the computation by using only one sensor. This research also introduces the use of memory-based processor, this system provides 7,9 times faster data processing than conservative MapReduce operation. And moreover, we also have performed botnets classification over Spark RDD that give high accuracy result to 99%.

[1]  Rui Guo,et al.  Research on the Detection of Distributed Denial of Service Attacks Based on the Characteristics of IP Flow , 2008, NPC.

[2]  Sharath Chandra Guntuku,et al.  Big Data Analytics framework for Peer-to-Peer Botnet detection using Random Forests , 2014, Inf. Sci..

[3]  Manish Kumar,et al.  Scalable intrusion detection systems log analysis using cloud computing infrastructure , 2013, 2013 IEEE International Conference on Computational Intelligence and Computing Research.

[4]  Taghi M. Khoshgoftaar,et al.  Intrusion detection and Big Heterogeneous Data: a Survey , 2015, Journal of Big Data.

[5]  Christos Doulkeridis,et al.  A survey of large-scale analytical query processing in MapReduce , 2013, The VLDB Journal.

[6]  Xiangjian He,et al.  Enhancing Big Data Security with Collaborative Intrusion Detection , 2014, IEEE Cloud Computing.

[7]  Bhavani M. Thuraisingham,et al.  Spark-based anomaly detection over multi-source VMware performance data in real-time , 2014, 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[8]  Ali A. Ghorbani,et al.  Towards effective feature selection in machine learning-based botnet detection approaches , 2014, 2014 IEEE Conference on Communications and Network Security.

[9]  Govind P. Gupta,et al.  Performance analysis of network intrusion detection schemes using Apache Spark , 2016, 2016 International Conference on Communication and Signal Processing (ICCSP).

[10]  Vandana Pursnani Janeja,et al.  B-dids: Mining anomalies in a Big-distributed Intrusion Detection System , 2014, 2014 IEEE International Conference on Big Data (Big Data).

[11]  Radu State,et al.  A Big Data Architecture for Large Scale Security Monitoring , 2014, 2014 IEEE International Congress on Big Data.