KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Evaluation of Distributed Intrusion Detection System Based on MongoDB

MongoDB 기반의 분산 침입탐지시스템 성능 평가

  • Received : 2019.06.17
  • Accepted : 2019.10.24
  • Published : 2019.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Due to the development and increased usage of Internet services such as IoT and cloud computing, a large number of packets are being generated on the Internet. In order to create a safe Internet environment, malicious data that may exist among these packets must be processed and detected quickly. In this paper, we apply MongoDB, which is specialized for unstructured data analysis and big data processing, to intrusion detection system for rapid processing of big data security events. In addition, building the intrusion detection system(IDS) using some of the private cloud resources which is the target of protection, elastic and dynamic reconfiguration of the IDS is made possible as the number of security events increase or decrease. In order to evaluate the performance of MongoDB - based IDS proposed in this paper, we constructed prototype systems of IDS based on MongoDB as well as existing relational database, and compared their performance. Moreover, the number of virtual machine has been increased to find out the performance change as the IDS is distributed. As a result, it is shown that the performance is improved as the number of virtual machine is increased to make IDS distributed in MongoDB environment but keeping the overall system performance unchanged. The security event input rate based on distributed MongoDB was faster as much as 60%, and distributed MongoDB-based intrusion detection rate was faster up to 100% comparing to the IDS based on relational database.

IoT, 클라우드 컴퓨팅과 같은 인터넷 서비스의 발전과 사용량의 증가로 인해 수많은 패킷들이 인터넷상에서 빠르게 생성되고 있다. 안전한 인터넷 사용 환경을 만들기 위해서는 이 수많은 패킷 중에 존재할 수 있는 악성 데이터의 빠른 처리가 이뤄져야 한다. 본 논문에서는 빅데이터 보안 이벤트의 신속한 처리를 위해 비정형 데이터 분석과 빅데이터 처리에 특화된 MongoDB를 침입탐지시스템에 적용하였다. 또한 보호 대상인 사설 클라우드의 일부 자원을 이용하여 침입탐지시스템을 구축함으로써 증가 또는 감소하는 보안 이벤트 수에 따라 탄력적으로 컴퓨팅 자원 재구성이 가능하도록 하였다. 본 논문에서 제안하는 MongoDB 기반 침입탐지시스템의 성능을 평가하기 위하여 MongoDB 기반의 침입탐지시스템과 기존의 관계형 데이터 베이스를 기반으로 한 침입탐지시스템의 프로토타입을 구축하고 성능을 비교하였다. 또한 분산화 구성에 따른 성능 변화를 확인하기 위하여 가상머신의 수를 변경하며 성능 변화를 확인하였다. 그 결과 전체적으로 MongoDB 환경에서 동일한 성능의 시스템을 분산화시켜 가상 머신의 수를 증가시킬수록 침입탐지시스템의 성능이 향상되는 것을 확인하였다. 분산 MongoDB 기반의 보안 이벤트 저장 속도가 관계형 데이터베이스 기반에 비해 최대 60%, 그리고 분산 MongoDB 기반의 침입 데이터 탐지 속도가 관계형 데이터베이스 기반에 비해 최대 100% 빠른 결과를 얻었다.

Keywords

References

  1. "IoT 2020 : Smart and Secure IoT Platform," International Electrotechnical Commission, pp.1-181, 2016.
  2. M. Chen, S. W. Mao, and Y. H. Liu, "Big Data : A Survey", Mobile Networks and Applications, Vol.19, Issue 2, pp. 171-209, Jan. 2014. https://doi.org/10.1007/s11036-013-0489-0
  3. Rehman, and Rafeeq Ur, "Intrusion Detection Systems With Snort: Advance IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID," Prentice Hall, 2003.
  4. ATEZENI, "Relational Database Theory," Addison Wesley Longman, 1993.
  5. H. J. Han, J. W. Kang, Y. H. Jung, and Y. W. Kim, "NoSQL-Based Distributed Processing System for Processing BigData Security Event," 2017 Spring Conference Proceedings, Vol.24, Issue 1, Korea Information Processing Society.
  6. MariaDB [Internet], https://mariadb.org/
  7. MariaDB Spider Storage Engine [Internet], https:// mariadb.com/kb/en/library/spider/
  8. M. Armbrust, et al., "Above the Clouds : A Berkeley View of Cloud Computing," Electrical Engineering and Computer Sciences University of California at Berkeley, 2009.
  9. MongoDB [Internet], https://www.mongodb.org
  10. Shannon Bradshaw, "Mongodb : The Definitive Guide : Powerful and Scalable Data Storage," O'ReillyMedia, 2017.
  11. M. H. Kang, "Completion of IDS and Security Control by Big Data Analysis," Wowbooks, 2013.
  12. J. Beale, A. R. Baker, B. Caswell, "Snort : IDS and IPS Toolkit," Syngress, 2007.
  13. G. Serpen and E. Aghaei, "Host-based Misuse Intrusion Detection using PCA Feature Extraction and kNN Classification Algorithms," Intelligent Data Analysis, Vol. 22, No.5, pp.1101-1114, 2018. https://doi.org/10.3233/IDA-173493
  14. S. Aljawarneh, M. Aldwairi, and M. B. Yassein, "Anomalybased Intrusion Detection System Through Feature Selection Analysis and Building Hybrid Efficient Model," Journal of Computational Science, Vol.25, pp. 152-160, 2018. https://doi.org/10.1016/j.jocs.2017.03.006
  15. Y. W. Kim and S. Y. Lee, "Analysis and Understanding of Cloud Computing", Information and Communication on April, The Korean Institute of Communication and Information Sciences, pp. 87-92, 2015.
  16. G. Lu and W. H. Zeng, "Cloud Computing Survey," Applied Mechanics and Materials, Volume 530-531, pp. 650-661, 2014. https://doi.org/10.4028/www.scientific.net/AMM.530-531.650
  17. OpenStack, [Internet], https://www.openstack.org/
  18. Ali Shiravi, Hadi Shiravi, Mahbod Tavallaee, and Ali A. Ghorbani, "Toward Developing a Systematic Approach to Generate Benchmark Datasets for Intrusion Detection," Compute & Security, Vol.31, Issue 3, pp.357-374, May 2012. https://doi.org/10.1016/j.cose.2011.12.012