Á¤º¸°úÇÐȸ ³í¹®Áö I : Á¤º¸Åë½Å
| ÇѱÛÁ¦¸ñ(Korean Title) |
´ë±Ô¸ð ³ÝÇÃ·Î¿ì µ¥ÀÌÅÍ ºÐ¼®À» À§ÇÑ ·ê ±â¹Ý ¸Ê¸®µà½º ¾ÆÅ°ÅØÃÄ |
| ¿µ¹®Á¦¸ñ(English Title) |
A Rule-based MapReduce Architecture for Analyzing a Large Volume of NetFlow Data |
| ÀúÀÚ(Author) |
ÀÌ¿¬Èñ
ÀÌ¿µ¼®
Yeonhee Lee
YoungSeok Lee
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 40 NO. 06 PP. 0303 ~ 0311 (2013. 12) |
Çѱ۳»¿ë
(Korean Abstract) |
³ÝÇ÷οì´Â °¡Àå º¸ÆíÀûÀÎ ³×Æ®¿öÅ© Æ®·¡ÇÈ ¸ð´ÏÅ͸µ ¹× ºÐ¼®À» À§ÇÑ Ãà¾à ±â¼ú·Î¼ ´Ù¾çÇÑ ºÐ¼® ÅøµéÀÌ °³¹ßµÇ¾î ¿Ô´Ù. º» ³í¹®¿¡¼´Â ´ë±Ô¸ð ³ÝÇ÷ο쿡 ´ëÇÑ ´Ù¾çÇÑ ºÐ¼®À» À§ÇÏ¿© ÇÏµÓ ºÐ»êȯ°æ¿¡¼ÀÇ Ç÷οì Åë°è°ú ÀÌ»óŽÁö¸¦ À§ÇÑ ´ÜÀÏÀÇ ¸Ê¸®µà½º ·ê ±¸Á¶¸¦ ¼³°èÇÏ°í, À̸¦ ÀÌ¿ëÇÑ ºÐ¼®°ú ħÀÔŽÁöÀÇ ¸Ê¸®µà½º ¹æ¹ýÀ» Á¦¾ÈÇÑ´Ù. º» ³í¹®¿¡¼ Á¦¾ÈÇÑ ·ê ±â¹Ý ÇÃ·Î¿ì ºÐ¼® ¹æ¹ýÀÇ ¹ü¿ë¼ºÀ» °ËÁõÇϱâ À§ÇÏ¿© ´ë±Ô¸ð ³×Æ®¿öÅ© ¸ð´ÏÅ͸µÀ» À§ÇÑ CERT NetSAÀÇ º¸¾È ÅøÀÎ SiLK ·êÀ¸·ÎÀÇ º¯È¯¹æ¹ýÀ» Á¦½ÃÇÑ´Ù. ½ÇÇèÀ» ÅëÇØ ¿ì¸®°¡ Á¦¾ÈÇÑ ·ê ±â¹ÝÀÇ ºÐ¼® ¹æ¹ýÀÌ ½Ã½ºÅÛÀÇ Ã³¸®¼º´É°ú ºÐ¼®±â´ÉÀÇ È®ÀåÀ» ½±°Ô ´Þ¼ºÇÒ ¼ö ÀÖÀ½À» È®ÀÎÇÑ´Ù. º» ¿¬±¸´Â ÇÏµÓ ±â¹ÝÀÇ IDS ½Ã½ºÅÛÀ» À§ÇÑ Åä´ë·Î¼, ÇâÈÄ ÇÏµÓ Å¬·¯½ºÅ͸¦ ÀÌ¿ëÇÑ ÅëÇÕ ³×Æ®¿öÅ© º¸¾È ¼Ö·ç¼ÇÀ¸·Î ¹ßÀüÇÒ ¼ö ÀÖÀ» °ÍÀ¸·Î ±â´ëÇÑ´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
NetFlow has been widely adopted for network monitoring and analysis. In this paper, we propose a MapReduce-oriented rule structure for calculating statistics and detecting anomalies from NetFlow data, and present a unified MapReduce job architecture for one-pass analytics using rulesets. By applying our proposal to the SiLK, a CERT NetSA security suite for large-scale network monitoring we show that our rule-based MapReduce approach is easily deployed for managing lots of flow data. From the evaluation with a Hadoop testbed, we confirm that our rule-based MapReduce approach is a scalable and practical solution for analyzing a large volume of NetFlow.
|
| Å°¿öµå(Keyword) |
ÇϵÓ
¸Ê¸®µà½º
³ÝÇ÷οì
ÆÐŶ
ÀÌ»óŽÁö
ÆÐÅϸÅĪ
ÀÎÅÍ³Ý ÃøÁ¤
ºÐ¼®
Hadoop
Hive
MapReduce
NetFlow
pcap
packet
anomaly detection
pattern matching
traffic measurement
analysis
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
