Premium
Toward a monitoring and threat detection system based on stream processing as a virtual network function for big data
Author(s) -
Andreoni Lopez Martin,
Mattos Diogo M. F.,
Duarte Otto Carlos M. B.,
Pujolle Guy
Publication year - 2019
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.5344
Subject(s) - computer science , denial of service attack , intrusion detection system , big data , spark (programming language) , vulnerability (computing) , network monitoring , virtual network , virtualization , network security , computer security , real time computing , function (biology) , operating system , the internet , cloud computing , evolutionary biology , biology , programming language
Summary The late detection of security threats causes a significant increase in the risk of irreparable damages and restricts any defense attempt. In this paper, we propose a s CA lable TR Affic C lassifier and A nalyzer (CATRACA). CATRACA works as an efficient online Intrusion Detection and Prevention System implemented as a Virtualized Network Function. CATRACA is based on Apache Spark, a Big Data Streaming processing system, and it is deployed over the Open Platform for Network Functions Virtualization (OPNFV), providing an accurate real‐time threat‐detection service. The system presents a friendly graphical interface that provides real‐time visualization of the traffic and the attacks that occur in the network. Our prototype can differentiate normal traffic from denial of service (DoS) attacks and vulnerability probes over 95% accuracy under three different datasets. Moreover, CATRACA handles streaming data under concept drift detection with more than 85% of accuracy.