Hadoop‐based analytic framework for cyber forensics

Chhabra, Gurpal Singh; Singh, Vishal; Singh, Maninder

doi:10.1002/dac.3772

Cited by 16 publications

(28 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sachdeva et al 30 recommended the distributed internet service provider (ISP) domain DDoS deployment because of several reasons: (i) Distributed environment, (ii) Practically feasible solution, (iii) Robust implementation, (v) Autonomous control, etc. Further, few researchers 31‐43 proposed distributed processing framework‐based DDoS detection systems. This type of deployment not only quickly recognizes attacks but also efficiently explores a huge volume of traffic by employing a cluster of slaves in a coordinated manner.…”

Section: A Ddos Defense Deployment Taxonomymentioning

confidence: 99%

“…References 31‐42, proposed Hadoop‐ and Spark‐based distributed DDoS attack detection mechanisms. A victim‐end deployment is one of the best choice to implement distributed processing frameworks‐based mechanisms because of several reasons:It is deployed near to the victim system or in victim networks.…”

Section: A Ddos Defense Deployment Taxonomymentioning

confidence: 99%

“…Therefore, this type of framework is not suitable for source‐end deployment. In traditional framework‐based victim‐end DDoS detection received a massive (aggregated) amount of network traffic to analyze, and sometimes systems itself becomes a victim of an attack while analyzing such massive traffic. Therefore, one of the best distributed approach is to implement a victim‐end DDoS mechanisms and most of researchers 31‐42 have used this type deployment.…”

Section: A Ddos Defense Deployment Taxonomymentioning

confidence: 99%

“…Few authors 31‐43,91,92,95,96 proposed distributed framework‐based mechanisms and most of them deployed their mechanism on the Apache Hadoop. Apache Hadoop distributed framework follows a two‐step process to analyze data efficiently.…”

Section: Review Of Existing Distributed Processing Framework‐based Ddos Detection Systemmentioning

confidence: 99%

“…Alsirhani et al 39 proposed a DDoS detection system similar to Reference 38 and applied Gradient Boosting to identify malicious traffic. However, both systems 38,39 required more time. Chhabra et al 42 proposed a victim‐end DDoS forensics analytics technique deployed on the Apache Hadoop distributed framework. They employed a supervised random forest‐based decision tree algorithm to design a detection model and claimed an approximate 99% accuracy.…”

Section: Review Of Existing Distributed Processing Framework‐based Ddos Detection Systemmentioning

confidence: 99%

See 4 more Smart Citations

Distributed frameworks for detecting distributed denial of service attacks: A comprehensive review, challenges and future directions

Patil

Krishna

Kumar

2021

Concurrency and Computation

View full text Add to dashboard Cite

A distributed denial of service (DDoS) attack is a significant threat to web‐based applications and hindering legitimate traffic (denies access to benign users) by overwhelming the victim system or its infrastructure (service, bandwidth, networking devices, etc.) with a large volume of attack traffic. It leads to a delay in responses or sometimes a crash victim system. Even a few moments of pause in web‐based applications lead to a huge monetary loss and a bad reputation in the market. Several approaches available in the literature to protect websites from different types of DDoS attacks. However, incidents and volume sizes of DDoS attacks are growing quarter by quarter. Further, various challenges in the traditional framework based defense mechanisms: itself becoming a victim of attacks while analyzing a massive amount of traffic, require more time for detection process, no coordination among the modules, etc. This paper presents a comprehensive DDoS defense deployment taxonomy and critically reviewed existing distributed frameworks based DDoS attack detection systems. Further, characterized several existing distributed processing frameworks to select an appropriate one for deploying DDoS attack detection mechanisms. Finally, several evaluation metrics, open issues, discussion on available datasets including their limitations, and future directions are presented.

show abstract

Section: A Ddos Defense Deployment Taxonomymentioning

confidence: 99%

Section: A Ddos Defense Deployment Taxonomymentioning

confidence: 99%

Section: A Ddos Defense Deployment Taxonomymentioning

confidence: 99%

Section: Review Of Existing Distributed Processing Framework‐based Ddos Detection Systemmentioning

confidence: 99%

Section: Review Of Existing Distributed Processing Framework‐based Ddos Detection Systemmentioning

confidence: 99%

See 3 more Smart Citations

Distributed frameworks for detecting distributed denial of service attacks: A comprehensive review, challenges and future directions

Patil

Krishna

Kumar

2021

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

K‐DDoS‐SDN: A distributed DDoS attacks detection approach for protecting SDN environment

Kaur,

Krishna,

Patil

2023

Concurrency and Computation

View full text Add to dashboard Cite

SummarySoftware‐defined networking (SDN) is an advanced networking paradigm that decouples forwarding control logic from the data plane. Therefore, it provides a loosely‐coupled architecture between the control and data plane. This separation provides flexibility in the SDN environment for addressing any transformations. Further, it delivers a centralized way of managing networks due to control logic embedded in the SDN controller. However, this advanced networking paradigm has been facing several security issues, such as topology spoofing, exhausting bandwidth, flow table updating, and distributed denial of service (DDoS) attacks. A DDoS attack is one of the most powerful menaces to the SDN environment. Further, the central data controller of SDN becomes the primary target of DDoS attacks. In this article, we propose a Kafka‐based distributed DDoS attacks detection approach for protecting the SDN environment named K‐DDoS‐SDN. The K‐DDoS‐SDN consists of two modules: (i) Network traffic classification (NTClassification) module and (ii) Network traffic storage (NTStorage) module. The NTClassification module is the detection approach designed using scalable H2O ML techniques in a distributed manner and deployed an efficient model on the two‐nodes Kafka Streams cluster to classify incoming network traces in real‐time. The NTStorage module collects raw packets, network flows, and 21 essential attributes and then systematically stores them in the HDFS to re‐train existing models. The proposed K‐DDoS‐SDN designed and evaluated using the recent and publically available CICDDoS2019 dataset. The average classification accuracy of the proposed distributed K‐DDoS‐SDN for classifying network traces into legitimate and one of the most popular attacks, such as DDoS_UDP is 99.22%. Further, the outcomes demonstrate that proposed distributed K‐DDoS‐SDN classifies traffic traces into five categories with at least 81% classification accuracy.

show abstract

Cyber forensic framework for big data analytics using Sunflower Jaya optimization‐based Deep stacked autoencoder

Venugopal¹,

Sathianesan

Rengaswamy

2021

Int J Numerical Modelling

View full text Add to dashboard Cite

The skills of forensic analysts are at risk to process the increasing data in the Internet of Things‐based environment platforms. However, the technical issues like anti‐forensics, variety of traffic formats, steganography or encrypted data, and real‐time live investigation degrades the performance of the cyber forensic framework. Therefore, an effective method named Sunflower Jaya Optimization‐based Deep stacked autoencoder (SFJO‐based Deep stacked autoencoder) is proposed to perform the cyber forensic framework. The finite element model of Sunflower optimization is integrated with the control parameters of Jaya optimization to solve the issues in the cyber forensic framework. The proposed SFJO‐based Deep stacked autoencoder uses the pollination and the peculiar behaviors to enable the cyber forensic framework based on the error value in the big data analytics model. Accordingly, the solution with the minimal value of error is accepted as the best optimal solution by computing the orientation vector. However, the proposed model is illustrated based on the unconstrained benchmark function, which in turn results in the fitness function to reveal the best candidate solution. The proposed SFJO‐based Deep stacked autoencoder attained better performance using metrics like precision, sensitivity, and specificity with the values of 0.9053, 0.8865, and 0.8839 using dataset‐1.

show abstract

Hadoop‐based analytic framework for cyber forensics

Cited by 16 publications

References 46 publications

Distributed frameworks for detecting distributed denial of service attacks: A comprehensive review, challenges and future directions

Distributed frameworks for detecting distributed denial of service attacks: A comprehensive review, challenges and future directions

K‐DDoS‐SDN: A distributed DDoS attacks detection approach for protecting SDN environment

Cyber forensic framework for big data analytics using Sunflower Jaya optimization‐based Deep stacked autoencoder

Contact Info

Product

Resources

About