Browse > Article
http://dx.doi.org/10.3745/KTCCS.2019.8.12.287

Evaluation of Distributed Intrusion Detection System Based on MongoDB  

Han, HyoJoon (동국대학교 정보통신공학과)
Kim, HyukHo (삼성전자 종합기술원)
Kim, Yangwoo (동국대학교 정보통신공학과)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.8, no.12, 2019 , pp. 287-296 More about this Journal
Abstract
Due to the development and increased usage of Internet services such as IoT and cloud computing, a large number of packets are being generated on the Internet. In order to create a safe Internet environment, malicious data that may exist among these packets must be processed and detected quickly. In this paper, we apply MongoDB, which is specialized for unstructured data analysis and big data processing, to intrusion detection system for rapid processing of big data security events. In addition, building the intrusion detection system(IDS) using some of the private cloud resources which is the target of protection, elastic and dynamic reconfiguration of the IDS is made possible as the number of security events increase or decrease. In order to evaluate the performance of MongoDB - based IDS proposed in this paper, we constructed prototype systems of IDS based on MongoDB as well as existing relational database, and compared their performance. Moreover, the number of virtual machine has been increased to find out the performance change as the IDS is distributed. As a result, it is shown that the performance is improved as the number of virtual machine is increased to make IDS distributed in MongoDB environment but keeping the overall system performance unchanged. The security event input rate based on distributed MongoDB was faster as much as 60%, and distributed MongoDB-based intrusion detection rate was faster up to 100% comparing to the IDS based on relational database.
Keywords
Big Data; Intrusion Dectection System; MongoDB; Cloud Computing; Distributed Processing;
Citations & Related Records
연도 인용수 순위
  • Reference
1 "IoT 2020 : Smart and Secure IoT Platform," International Electrotechnical Commission, pp.1-181, 2016.
2 M. Chen, S. W. Mao, and Y. H. Liu, "Big Data : A Survey", Mobile Networks and Applications, Vol.19, Issue 2, pp. 171-209, Jan. 2014.   DOI
3 Rehman, and Rafeeq Ur, "Intrusion Detection Systems With Snort: Advance IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID," Prentice Hall, 2003.
4 ATEZENI, "Relational Database Theory," Addison Wesley Longman, 1993.
5 H. J. Han, J. W. Kang, Y. H. Jung, and Y. W. Kim, "NoSQL-Based Distributed Processing System for Processing BigData Security Event," 2017 Spring Conference Proceedings, Vol.24, Issue 1, Korea Information Processing Society.
6 MariaDB [Internet], https://mariadb.org/
7 MariaDB Spider Storage Engine [Internet], https:// mariadb.com/kb/en/library/spider/
8 M. Armbrust, et al., "Above the Clouds : A Berkeley View of Cloud Computing," Electrical Engineering and Computer Sciences University of California at Berkeley, 2009.
9 MongoDB [Internet], https://www.mongodb.org
10 Shannon Bradshaw, "Mongodb : The Definitive Guide : Powerful and Scalable Data Storage," O'ReillyMedia, 2017.
11 M. H. Kang, "Completion of IDS and Security Control by Big Data Analysis," Wowbooks, 2013.
12 J. Beale, A. R. Baker, B. Caswell, "Snort : IDS and IPS Toolkit," Syngress, 2007.
13 G. Serpen and E. Aghaei, "Host-based Misuse Intrusion Detection using PCA Feature Extraction and kNN Classification Algorithms," Intelligent Data Analysis, Vol. 22, No.5, pp.1101-1114, 2018.   DOI
14 S. Aljawarneh, M. Aldwairi, and M. B. Yassein, "Anomalybased Intrusion Detection System Through Feature Selection Analysis and Building Hybrid Efficient Model," Journal of Computational Science, Vol.25, pp. 152-160, 2018.   DOI
15 Ali Shiravi, Hadi Shiravi, Mahbod Tavallaee, and Ali A. Ghorbani, "Toward Developing a Systematic Approach to Generate Benchmark Datasets for Intrusion Detection," Compute & Security, Vol.31, Issue 3, pp.357-374, May 2012.   DOI
16 Y. W. Kim and S. Y. Lee, "Analysis and Understanding of Cloud Computing", Information and Communication on April, The Korean Institute of Communication and Information Sciences, pp. 87-92, 2015.
17 G. Lu and W. H. Zeng, "Cloud Computing Survey," Applied Mechanics and Materials, Volume 530-531, pp. 650-661, 2014.   DOI
18 OpenStack, [Internet], https://www.openstack.org/