Browse > Article
http://dx.doi.org/10.13089/JKIISC.2013.23.4.721

On the Design of a Big Data based Real-Time Network Traffic Analysis Platform  

Lee, Donghwan (Agency for Defense Development)
Park, Jeong Chan (Agency for Defense Development)
Yu, Changon (Agency for Defense Development)
Yun, Hosang (Agency for Defense Development)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.23, no.4, 2013 , pp. 721-728 More about this Journal
Abstract
Big data is one of the most spotlighted technological trends in these days, enabling new methods to handle huge volume of complicated data for a broad range of applications. Real-time network traffic analysis essentially deals with big data, which is comprised of different types of log data from various sensors. To tackle this problem, in this paper, we devise a big data based platform, RENTAP, to detect and analyse malicious network traffic. Focused on military network environment such as closed network for C4I systems, leading big data based solutions are evaluated to verify which combination of the solutions is the best design for network traffic analysis platform. Based on the selected solutions, we provide detailed functional design of the suggested platform.
Keywords
Network Traffic Analysis; Malicious Network Traffic; Insider Threat; Big Data;
Citations & Related Records
연도 인용수 순위
  • Reference
1 A, Oliner, A. Ganapathi, and W Xu, "Advances and challenges in log analysis," ACM Queue, vol. 9, no. 12, pp. 30, Dec. 2011.
2 장희진, 이동환, 박찬일, 윤호상, "베이지안 네트워크를 이용한 내부자 사이버 위협 예보 시스템," 한국군사과학기술학회 종합학술대회 논문집, pp. 470-473, 6월, 2012.
3 C. Taylor and J. Alves-Foss, "NATE; Network analysis of anomalous traffic events, a low-cost approach," Proceedings of the 2001 ACM Workshop on New Security Paradigms, pp. 89-96 Sep. 2001.
4 P. Barford, J. Kline, D. Plonka, and A. Ron, "A signal analysis of network traffic anomalies," Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement. pp. 71-82, Nov. 2002.
5 C. Livadas, B. Walsh, D. Lapsely, and W. T. Strayer, "Using machine learning techniques to identify botnet traffic," Proceedings of the 31st IEEE Conference on Local Computer Networks, pp. 967-974, Nov. 2006.
6 A. Rabkin and R. Katz, "Chukwa: A systam for reliable large-scale log collection," Proceedings of the 24th USENIX International Conference on Large Installation System Administration, pp.1-15, Nov. 2010
7 M. S. Rehman, M. Hammoud, and M. F. Sakr, "VOtus: A flexible and scalable monitoring framework for virtualized clusters," (Poster Paper) Proceedings of the 3rd IEEE International Conference on Cloud Computing and Science, Dec. 2011.
8 Introduction to MongoDB, http://www.mongodb.org/about/introduction
9 Apache HBase Architecture Overview, http://hbase.apache.org/book/architecture.html#arch.overview
10 What is Apache Hadoop?, http://hadoop.apache.org/index.html#What+Is+Apache+Hadoop%3F
11 Apache Lucene Core Features, http://lucene.apache.org/core/features.html
12 Apache Solr Features, http://lucene.apache.org/core/features.html