Title :
DOFUR: DDoS Forensics Using MapReduce
Author :
Khattak, Rana ; Bano, Shehar ; Hussain, Shujaat ; Anwar, Zahid
Author_Institution :
SEECS, NUST, Islamabad, Pakistan
Abstract :
Currently we have seen a very sharp increase in network traffic. Due to this increase, the size of attack log files has also increased greatly and using conventional techniques to mine the logs and get some meaningful analyses about the DDoS attacker´s location and possible victims has become increasingly difficult. We propose a technique using Hadoop´s MapReduce to deduce results efficiently and quickly which would otherwise take a long time if conventional means were used. The aim of this paper is to describe how we designed a framework to detect those packets in a dataset which belong to a DDoS attack using MapReduce provided by Hadoop. Experimental results using a real dataset show that parallelising DDoS detection can greatly improve efficiency.
Keywords :
computer forensics; computer network security; parallel processing; DDoS attacker location; DDoS detection; DDoS forensics; DOFUR; Hadoop MapReduce; attack log files; denial of service attack; Computer crime; File systems; Forensics; IP networks; Internet; Laboratories; Protocols; DDoS; MapReduce;
Conference_Titel :
Frontiers of Information Technology (FIT), 2011
Conference_Location :
Islamabad
Print_ISBN :
978-1-4673-0209-8
DOI :
10.1109/FIT.2011.29
