Browse > Article
http://dx.doi.org/10.13089/JKIISC.2013.23.4.667

The Method of Analyzing Firewall Log Data using MapReduce based on NoSQL  

Choi, Bomin (Gachon University)
Kong, Jong-Hwan (Gachon University)
Hong, Sung-Sam (Gachon University)
Han, Myung-Mook (Gachon University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.23, no.4, 2013 , pp. 667-677 More about this Journal
Abstract
As the firewall is a typical network security equipment, it is usually installed at most of internal/external networks and makes many packet data in/out. So analyzing the its logs stored in it can provide important and fundamental data on the network security research. However, along with development of communications technology, the speed of internet network is improved and then the amount of log data is becoming 'Massive Data' or 'BigData'. In this trend, there are limits to analyze log data using the traditional database model RDBMS. In this paper, through our Method of Analyzing Firewall log data using MapReduce based on NoSQL, we have discovered that the introducing NoSQL data base model can more effectively analyze the massive log data than the traditional one. We have demonstrated execellent performance of the NoSQL by comparing the performance of data processing with existing RDBMS. Also the proposed method is evaluated by experiments that detect the three attack patterns and shown that it is highly effective.
Keywords
NoSQL; Firewall; Log Analysis; MapReduce; BigData;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 Wei-Yu Chen and Jazz Wang, "Building a cloud computing Analysis System for Intrusion Detection System," CLOUD SLAM, Apr. 2009.
2 Shaimaa Ezzat Salama, Mohamed I. Marie, Laila M. El-Fangary, Yehia K. and Helmy, "Web Sever Logs Preprocessing for Web Intrusion Detection," Computer and Information Science, vol. 4, no. 4, pp.123-133, July. 2011.
3 방화벽 관리 및 침입 기록 분석방법, NCSCTR050016, 국가사이버안전센터, 2005년.
4 윤성종, 김정호, "방화벽 로그를 이용한 침입탐지기법 연구," Journal of Information Technology Applications & Management, 13(4), pp.141-153, 2006년 12월.   과학기술학회마을
5 김형준, 조준호, 안성화, 김병준, 클라우드 컴퓨팅 구현 기술, 에이콘, 2011년 1월.
6 Kyle Banker, MongoDB in Action, Oreilly & Associates, Aug. 2010.
7 최대수, 문길종, 김용민 ,노봉남, "MapReduce를 이용한 대용량 보안 로그 분석," 한국정보기술학회 논문지, 제9권, 제8호, pp.125-132, 2011년 8월.
8 http://nts_story.blog.me/50116614473
9 Jeffrey Dean and Sanjay Ghemawat, "MapReduce: simplified data processing on large clusters," Communications of the ACM - 50th anniversary issue, vol. 51, no. 1, pp.107-113, Jan. 2008.
10 Wei Xu, Ling Huang, Armando Fox, David Patterson, and Michael I. Jordan, "Detecting Large-Scale System Problems by Mining Console Logs," Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, pp. 117-132, Oct. 2009.
11 천준호, 신동규, 장근원, 전문석, "DDoS 공격에 대한 방화벽 로그 기록 취약점 분석," 한국정보보호학회논문지, vol. 17, no. 6, pp.143-148, 2007 년 12월.   과학기술학회마을
12 Karanjit and Chris Hare, Internet Firewalls and Network Security, Second Ed, New Readers Pub, Dec. 1996.
13 이미영, 최완, "빅데이터 처리 및 저장기술동향 및 전망," 한국정보통신학회지, vol. 13 no. 1, pp.33-39, 2012년 6월.
14 Wei-Yu Chen, Wen-Chieh Kuo, and Yao-Tsung Wang, "Building IDS Log Analysis System on Novel Grid Computing Architecture," WoGTA, 2009.
15 행정자치부, 전자정부전문위원회, "정보시스템 구축 운영 기술 가이드라인 2.0," 2005년 10월.
16 민경식, "네트워크 시대의 사회적 위험과 정보보호," 전자공학회지, 35(12), pp.52-63, 2008년 12월.   과학기술학회마을