A Small-time Scale Netflow-based Anomaly Traffic Detecting Method Using MapReduce

Anomaly traffic detecting using Netflow data is one of important problems in the field of network security. In this paper, we proposed an approach using MapReduce model, which was realized by means of the entropy observation and DFN (Distinct feature number) distribution deviations of traffic features under anomalies at small time scales. The MapReduce was used to deal with huge amounts of data with the aid of computer cluster processing. Experimental results show the effectiveness of the proposed approach.

[1]  Hongrang He,et al.  Study of entropy flow characteristics during the evolution of Typhoon Morakot , 2011, Proceedings of 2011 International Conference on Electronics and Optoelectronics.

[2]  Aiko Pras,et al.  The Network Data Handling War: MySQL vs. NfDump , 2010, EUNICE.

[3]  Gaizhen Yang The Application of MapReduce in the Cloud Computing , 2011, 2011 2nd International Symposium on Intelligence Information Processing and Trusted Computing.

[4]  Maozhen Li,et al.  MRSim: A discrete event based MapReduce simulator , 2010, 2010 Seventh International Conference on Fuzzy Systems and Knowledge Discovery.

[5]  Alistair A. Young,et al.  Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) , 2017, MICCAI 2017.

[6]  Sajjad Haider,et al.  Security threats in cloud computing , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[7]  Tom White,et al.  Hadoop: The Definitive Guide , 2009 .

[8]  Ye Xiaowei NetFlow-Based Anomaly Traffic Analyzer , 2007 .

[9]  Frank Dabek,et al.  Large-scale Incremental Processing Using Distributed Transactions and Notifications , 2010, OSDI.