ISSN 0021-3454 (print version)
ISSN 2500-0381 (online version)
Menu

8
Issue
vol 63 / August, 2020
Article

DOI 10.17586/0021-3454-2018-61-11-1005-1011

UDC 004.056

COMBINING HADOOP AND SNORT TECHNOLOGIES FOR DETECTION OF NETWORK ATTACKS

N. A. Komashinsky
St. Petersburg Institute for Informatics and Automation of the RAS, Laboratory of Cyber-Security Problems; Junior Scientist; Post-Graduate Student


Read the full article 

Abstract. A method of information processing on the base of Big Data technologies aimed at computer at-tacks detection is studied. The need to create specialized approaches and design methods that will im-prove the efficiency of processing the received information is justified. The possibilities and effectiveness assessments of parallel data processing with the purpose of computer influences detection using a functional approach, as well as the key principles of working with Big Data, are considered. The mathematical model by means of which the technique of intrusion detection is developed is presented. The principle of implementation of the tasks of information processing and anomaly detection based on integration of Hadoop, Snort platforms is described. Main results of the experimental evaluation of the method used to detect computer attacks are presented
Keywords: Big Data, Hadoop, information system, information security, computer attack, Snort, anomaly, data processing

References:
  1. Kotenko I.V., Ushakov I.A. Zaŝita informacii. Inside, 2017, no. 3, pp. 23–33. (in Russ.)
  2. Kotenko I.V. Trudy Instituta sistemnogo analiza rossiyskoy akademii nauk (Proceeding of the Institute for Systems Analysis of the Russian Academy of Science), 2009, no. 41, pp. 74–103. (in Russ.)
  3. Kotenko I., Stepashkin M. Proc. of the Intern. Conf. on Security and Cryptography (SECRYPT 2006), Setubal, Portuga, 2006, рр. 339–344.
  4. Novikova E., Kotenko I. Proc. of the 21st Euromicro Intern. Conf. on Parallel, Distributed, and Network-Based Processing, 2013, рр. 519–525.
  5. Veeramachaneni K., Arnaldo I. et al. AI2: Training a big data machine to defend, 2016, people.csail.mit.edu.
  6. Jeong Jin Cheon, D Tae-Young Choe. Intern. Journal of Engineering and Technology, 2013.
  7. Muller A. Event correlation engine, Master`s Thesis, Swiss Federal Institute of Technology, Zurich, 2009, 165 p.
  8. Guerer D.W., Khan I., Ogler R., Keffer R. An Artificial Intelligence Approach to Network Fault Management, SRI International, CA USA, 1996, 10 p.
  9. Tiffany M. A survey of event correlation techniques and related topics, http://www.tiffman.com/netman/netman.html.
  10. Elshoush H.T., Osman I.M. Applied Soft Computing, 2011, рр. 4349–4365.
  11. Jianguo Chen, Kenli Li et al. IEEE Transact. on Parallel and Distributed Systems, 2016, рр. 919–933.
  12. Marchal S., Xiuyan Jiang et al. Proc. of the 3rd IEEE Intern. Congress of Big Data, 2014, рp. 56–63.
  13. Klimov S.M., Sychуоv M.P., Astrakhov A.V. Protivodeystviye komp’yuternym atakam. Metodicheskiye osnovy (Counteraction to the Computer Attacks. Methodical Bases), Moscow, 2013, 108 р. (in Russ.)
  14. Faure A. Perception et recon naissance des formes, Paris, Editests, 1985, 286 p.
  15. Mazin A.V., Klochko O.S. Naukoyemkiye tekhnologii v priboro- i mashinostroyenii i razvitiye innovatsionnoy deyatel’nosti v vuze (Science-Intensive Technologies in Instrument Engineering and Development of Innovative Activities in the University), Materials of the All-Russian Scientific and Technical Conference, 2014, vol. 3, pp. 71–75. (in Russ.)
  16. Kotenko I.V., Polubelova O.V., Sayenko I.B., Chechulin A.A. Highly available systems, 2012, no. 2(8), pp. 100–108. (in Russ.)