DOI QR코드

DOI QR Code

The Model of Network Packet Analysis based on Big Data

빅 데이터 기반의 네트워크 패킷 분석 모델

  • Choi, Bomin (Department of Computer Engineering, Gachon University) ;
  • Kong, Jong-Hwan (Department of Computer Engineering, Gachon University) ;
  • Han, Myung-Mook (Department of Computer Engineering, Gachon University)
  • 최보민 (가천대학교 컴퓨터공학과) ;
  • 공종환 (가천대학교 컴퓨터공학과) ;
  • 한명묵 (가천대학교 컴퓨터공학과)
  • Received : 2013.08.16
  • Accepted : 2013.09.16
  • Published : 2013.10.25

Abstract

Due to the development of IT technology and the information age, a dependency of the network over the most of our lives have grown to a greater extent. Although it provides us to get various useful information and service, it also has negative effectiveness that can provide network intruder with vulnerable roots. In other words, we need to urgently cope with theses serious security problem causing service disableness or system connected to network obstacle with exploiting various packet information. Many experts in a field of security are making an effort to develop the various security solutions to respond against these threats, but existing solutions have a lot of problems such as lack of storage capacity and performance degradation along with the massive increase of packet data volume. Therefore we propose the packet analysis model to apply issuing Big Data technology in the field of security. That is, we used NoSQL which is technology of massive data storage to collect the packet data growing massive and implemented the packet analysis model based on K-means clustering using MapReudce which is distributed programming framework, and then we have shown its high performance by experimenting.

IT 기술 발달 및 정보화 시대로 인해 우리 사회 전반에 걸쳐 많은 부분이 네트워크에 대한 의존도가 상당히 커지고 있다. 이는 다양한 정보 및 서비스 획득의 용이성을 제공해 주는 이점이 있는 반면에, 네트워크 침입자들로 하여금 더 많은 취약성의 루트를 제공할 수 있는 부정적 효과도 따르고 있다. 이는 네트워크 이용과 함께 증가한 패킷의 다양한 루트를 악용하여 네트워크의 연결된 시스템에 서비스 장애나 마비를 일으키는 악의적인 위협 및 공격 또한 함께 증가하고 있음을 의미하며 이러한 문제에 대한 해결책이 시급히 필요하다. 이에 보안 분야에서는 네트워크 패킷이나 시스템 로그 등을 수집하여 이를 분석하고 이러한 위협에 대응할 수 있는 다양한 보안 솔루션을 개발하고 있으나, 기존의 분석 방식들로는 점차 방대해져가고 있는 보안 데이터들을 처리하는데 데이터 저장 공간 부족 및 이에 따른 성능 저하와 같은 여러 문제점들이 발생하고 있다. 따라서 본 논문에서는 보안 영역 분야에서도 최근 이슈가 되고 있는 빅 데이터 기술을 적용하여 이러한 문제점들을 개선하는 모델을 제안한다. 즉, 대용량 데이터 저장 기술인 NoSQL을 통해 점차 방대해져 가는 패킷데이터를 수집하고, 분산 프로그래밍모델인 맵리듀스 기반의 K-means 클러스터링을 설계하여 네트워크 침입에 대한 특징 및 패턴을 추출 할 수 있는 분석모델을 제안하고 실험을 통하여 이에 대한 우수성을 입증하였다.

Keywords

References

  1. Dae-Soo Choi and Yong-Min Kim, "Big Data and Enterprise Security 2.0", Journal of the Korean Institute of Information Scientists and Engineers(KIISE), vol. 30, no. 6, pp.65-72, Jun. 2012.
  2. Kim Hyun-Woo, Shin Seong-Jun, Lee Seung-Min, and Jeong Seok-Bong, "Network-based Intrusion Detection Scheme using Markov Chin Model", Journal of Decision Science, Vol. 20, No. 1, pp.75-88, Nov. 2012.
  3. Kim Sang Beom, "Reserach on development direction of network intrusion detection system", M.A., Yonsei University, 2008.
  4. Hansung Lee, Jiyung Song, Eunyoung Kim, Chulho Lee, and Daihee Park, "Adaptive Intrusion Detection System Based on SVM and Clustering", Proceedings of KIIS Conference, vol. 13, no. 2, pp. 237-242, Jun. 2005.
  5. Jong-Ha Ahn and Dae-Won Kim, "Compression-based Anomaly Detection using K-means Clustering, Journal of the Korean Institute of Information Scientists and Engineers(KIISE) , vol. 39, no. 8, pp. 605-612, Aug. 2012.
  6. Kyle Banker, MongoDB in Action, Oreilly & Associates, Aug. 2010.
  7. Varun Chandola, Arindam Banerjee, and Vipin Kumar, "Anomaly Detection : A Survey," in ACM Computing Surveys, vol.41 no. 3, Jul. 2009
  8. Kumar, Vipin, Pang-Ning Tan, and Michael Steinbach, Introduction to data mining, Addison-Wesley, 2005
  9. Zhao, Weizhong, Huifang Ma, and Qing He, Cloud Computing, Springer Berlin Heidelberg, 2009.
  10. Jeffrey Dean and Sanjay Ghemawat, "MapReduce: simplified data processing on large clusters," Communications of the ACM - 50th anniversary , vol. 51, no. 1, pp. 107-113, 2008
  11. Olusola, Adetunmbi A., Adeola S. Oladele, and Daramola O. Abosede, "Analysis of KDD'99 Intrusion Detection Dataset for Selection of Relevance Features." Proceedings of the World Congress on Engineering and Computer Science. vol. 1. pp. 20-22, Oct. 2010.
  12. Jaekwang Kim, KwangHo Yoon, Seunghoon Lee, Je-hee Jung, Jeehyong Lee, "A Slow Portscan Attack Detection and Countermove Mechanism based on Fuzzy Logic," INTERNATIONAL JOURNAL of FUZZY LOGIC and INTELLIGENT, Vol.18, No.5, pp 679-684, 2008
  13. Kwee-Bo Sim, Jae-Won Yang, Dong-Wook Lee, Dong-Il Seo, Yang-Seo Choi, "Intrusion Detection System of Network Based on Biological Immune System," INTERNATIONAL JOURNAL of FUZZY LOGIC and INTELLIGENT, Vol.12, No.5, pp 411-416, 2002 https://doi.org/10.5391/JKIIS.2002.12.5.411
  14. Se-Yul Lee , Yong-Soo Kim, Kwee-Bo Sim, "A Study on Network based Intelligent Intrusion Prevention model by using Fuzzy Cognitive Maps on Denial of Service Attack," INTERNATIONAL JOURNAL of FUZZY LOGIC and INTELLIGENT, Vol.13, No.2, pp 148-153, 2003 https://doi.org/10.5391/JKIIS.2003.13.2.148
  15. Kwee-Bo Sim, Jae-Won Yang, Young-Soo Kim, Se-Yul Lee, "Intrusion Detection Learning Algorithm using Adaptive Anomaly Detector," INTERNATIONAL JOURNAL of FUZZY LOGIC and INTELLIGENT, Vol.14, No.4, pp 451-456, 2004 https://doi.org/10.5391/JKIIS.2004.14.4.451
  16. Kwee-Bo Sim, Jae-Won Yang, Dong-Wook Lee, Dong-Il Seo, and Yang-Seo Choi, "Adaptive Intrusion Detection Algorithm based on Learning Algorithm," INTERNATIONAL JOURNAL of FUZZY LOGIC and INTELLIGENT, Vol.14, No.1, pp 75-81, 2004 https://doi.org/10.5391/JKIIS.2004.14.1.075

Cited by

  1. A Big Data Preprocessing using Statistical Text Mining vol.25, pp.5, 2015, https://doi.org/10.5391/JKIIS.2015.25.5.470
  2. Big Data Analysis Using Principal Component Analysis vol.25, pp.6, 2015, https://doi.org/10.5391/JKIIS.2015.25.6.592
  3. DDoS Attack Analysis Using the Improved ATMSim vol.17, pp.2, 2016, https://doi.org/10.7472/jksii.2016.17.2.19