DocumentCode
3122452
Title
DOFUR: DDoS Forensics Using MapReduce
Author
Khattak, Rana ; Bano, Shehar ; Hussain, Shujaat ; Anwar, Zahid
Author_Institution
SEECS, NUST, Islamabad, Pakistan
fYear
2011
fDate
19-21 Dec. 2011
Firstpage
117
Lastpage
120
Abstract
Currently we have seen a very sharp increase in network traffic. Due to this increase, the size of attack log files has also increased greatly and using conventional techniques to mine the logs and get some meaningful analyses about the DDoS attacker´s location and possible victims has become increasingly difficult. We propose a technique using Hadoop´s MapReduce to deduce results efficiently and quickly which would otherwise take a long time if conventional means were used. The aim of this paper is to describe how we designed a framework to detect those packets in a dataset which belong to a DDoS attack using MapReduce provided by Hadoop. Experimental results using a real dataset show that parallelising DDoS detection can greatly improve efficiency.
Keywords
computer forensics; computer network security; parallel processing; DDoS attacker location; DDoS detection; DDoS forensics; DOFUR; Hadoop MapReduce; attack log files; denial of service attack; Computer crime; File systems; Forensics; IP networks; Internet; Laboratories; Protocols; DDoS; MapReduce;
fLanguage
English
Publisher
ieee
Conference_Titel
Frontiers of Information Technology (FIT), 2011
Conference_Location
Islamabad
Print_ISBN
978-1-4673-0209-8
Type
conf
DOI
10.1109/FIT.2011.29
Filename
6137130
Link To Document