论文信息 - Haddle: A Framework for Investigating Data Leakage Attacks in Hadoop

Haddle: A Framework for Investigating Data Leakage Attacks in Hadoop

Nowadays Hadoop is popular among businesses and individuals for its low costs, convenience, and fast speed. However, this also makes it the goal of data leakage attacks as sensitive data stored with an HDFS infrastructure grows rapidly. Therefore, it is important to investigate such attacks in Hadoop. Several works have been done on improving the security of Hadoop, but hardly any have been done on data leakage investigation. This paper presents a typical data leakage attack scene in Hadoop and proposes Haddle (Hadoop Data Leakage Explorer), a forensic framework composed of automatic analytical methods and on-demand data collection based on two stages. With the assistance of Haddle, investigators can find the stolen data, find the perpetrator who stole the data, and reconstruct the crime scene. Also, Haddle can help improve the audit mechanism of Hadoop.

Mohsen Guizani | Xiaojiang Du | Yun Gao | Xiao Fu | Bin Luo

[1] Youngseok Lee,et al. Secure Hadoop with Encrypted HDFS , 2013, GPC.

[2] Golden G. Richard,et al. A Cloud Computing Platform for Large-Scale Forensic Computing , 2009, IFIP Int. Conf. Digital Forensics.

[3] Ryan K. L. Ko,et al. Progger: An Efficient, Tamper-Evident Kernel-Space Logger for Cloud Data Provenance Tracking , 2014, 2014 IEEE 7th International Conference on Cloud Computing.

[4] Jooyoung Lee,et al. Pervasive Forensic Analysis Based on Mobile Cloud Computing , 2011, 2011 Third International Conference on Multimedia Information Networking and Security.

[5] Krerk Piromsopa,et al. Applying Hadoop for log analysis toward distributed IDS , 2013, ICUIMC '13.

[6] Jason Cohen,et al. Towards a More Secure Apache Hadoop HDFS Infrastructure - Anatomy of a Targeted Advanced Persistent Threat against HDFS and Analysis of Trusted Computing Based Countermeasures , 2013, NSS.