Abstract Log files are a very useful source of information to diagnose system security and to detect problems that occur in the system, and are often very large and can have complex structure. In this paper, we provide a methodology of security analysis that aims to apply Big Data techniques, such as MapReduce, over several system log files in order to locate and extract data probably related to attacks made by malicious users whose intends to compromise a system. These data will lead, through a process of learning, to identify, predict attacks or detect intrusions. We have clarified this approach with a concrete case study on exploiting access log files of web apache servers to predict and detect SQLI and DDOS attacks. The obtained results are promising, we are able to extract malicious indicators and events that characterize the intrusions, which help us to make an accurate diagnosis of the security and supervise state of the system, and subsequently in the learning process.
[1]
S. Selvakumar,et al.
Threshold Based Kernel Level HTTP Filter (TBHF) for DDoS Mitigation
,
2012
.
[2]
Mohamed I. Marie,et al.
Web Server Logs Preprocessing for Web Intrusion Detection
,
2011,
Comput. Inf. Sci..
[3]
Jeban Chandir Moses,et al.
A Survey on Defense Mechanism against DDOS Attacks
,
2014
.
[4]
Raja Chiky,et al.
How can sliding HyperLogLog and EWMA detect port scan attacks in IP traffic?
,
2014,
EURASIP J. Inf. Secur..
[5]
S. Saravanan,et al.
Analyzing Large Web Log Files in a Hadoop Distributed Cluster Environment
,
2014
.