State, Radu[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Engel, Thomas[University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Jul-2014
Proceedings of the 3rd IEEE Congress on Big Data
IEEE
56-63
Yes
International
978-1-4799-5057-7
3rd IEEE Big Data Congress
from 27-06-2014 to 2-07-2014
Anchorage
AK, USA
[en] security monitoring ; architecture ; big data
[en] Network traffic is a rich source of information for security monitoring. However the increasing volume of data to treat raises issues, rendering holistic analysis of network traffic difficult. In this paper we propose a solution to cope with the tremendous amount of data to analyse for security monitoring perspectives. We introduce an architecture dedicated to security monitoring of local enterprise networks. The application domain of such a system is mainly network intrusion detection and prevention, but can be used as well for forensic analysis. This architecture integrates two systems, one dedicated to scalable distributed data storage and management and the other dedicated to data exploitation. DNS data, NetFlow records, HTTP traffic and honeypot data are mined and correlated in a distributed system that leverages state of the art big data solution. Data correlation schemes are proposed and their performance are evaluated against several well-known big data framework including Hadoop and Spark.
[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
