More Web Proxy on the site http://driver.im/

research-article

A Cloud Computing Based Network Monitoring and Threat Detection System for Critical Infrastructures

Authors:

Vivek Mahalingam,

Chao LuAuthors Info & Claims

Big Data Research, Volume 3, Issue C

Pages 10 - 23

https://doi.org/10.1016/j.bdr.2015.11.002

Published: 01 April 2016 Publication History

Abstract

Critical infrastructure systems perform functions and missions that are essential for our national economy, health, and security. These functions are vital to commerce, government, and society and are closely interrelated with people's lives. To provide highly secured critical infrastructure systems, a scalable, reliable and robust threat monitoring and detection system should be developed to efficiently mitigate cyber threats. In addition, big data from threat monitoring systems pose serious challenges for cyber operations because an ever growing number of devices in the system and the amount of complex monitoring data collected from critical infrastructure systems require scalable methods to capture, store, manage, and process the big data. To address these challenges, in this paper, we propose a cloud computing based network monitoring and threat detection system to make critical infrastructure systems secure. Our proposed system consists of three main components: monitoring agents, cloud infrastructure, and an operation center. To build our proposed system, we use both Hadoop MapReduce and Spark to speed up data processing by separating and processing data streams concurrently. With a real-world data set, we conducted real-world experiments to evaluate the effectiveness of our developed network monitoring and threat detection system in terms of network monitoring, threat detection, and system performance. Our empirical data indicates that the proposed system can efficiently monitor network activities, find abnormal behaviors, and detect network threats to protect critical infrastructure systems.

References

[1]

Wikipedia, Cyber-physical system. http://en.wikipedia.org/wiki/Cyber-physical_system

[2]

Abhishek B. Sharma, Franjo Ivančić, Alexandru Niculescu-Mizil, Haifeng Chen, Guofei Jiang, Modeling and analytics for cyber-physical systems in the age of big data, in: Proceedings of ACM SIGMETRICS Performance Evaluation Review, 2014.

Digital Library

[3]

Lu-An Tang, Jiawei Han, Guofei Jiang, Mining sensor data in cyber-physical systems, in: Proceedings of Tsinghua Science and Technology, 2014.

[4]

Ching-Han Chen, Ching-Yi Chen, Chih-Hsien Hsia, Guan-Xin Wu, Big data collection gateway for vision-based smart meter reading network, in: Proceedings of Big Data, 2014.

[5]

Tao Qu, Steven T. Parker, Yang Cheng, Bin Ran, David A. Noyce, Large-scale intelligent transportation system traffic detector data archiving, in: Proceedings of Transportation Research Board 93rd Annual Meeting, 2014.

[6]

Transportation Research Board, Strategic Highway Research Program: SHRP 2. http://www.trb.org/StrategicHighwayResearchProgram2SHRP2/Blank2.aspx

[7]

G. Kim, S. Trimi, J. Chung, Big-data applications in the government sector, Proc. Commun. ACM, 57 (2014) 78-85.

Digital Library

[8]

J. Bertot, H. Choi, Big data and e-government: issues, policies, and recommendations, in: Proceedings of the 14th Annual International Conference on Digital Government Research, 2013.

Digital Library

[9]

Naoto Nakazato, Takuji Narumi, Toshiki Takeuchi, Tomohiro Tanikawa, Kyohei Suwa, Michitaka Hirose, Influencing driver behavior through future expressway traffic predictions, in: Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing, 2014.

Digital Library

[10]

Hsinchun Chen, Sherri Compton, Owen Hsiao, DiabeticLink: a health big data system for patient empowerment and personalized healthcare, in: Proceedings of Smart Health, 2013.

Digital Library

[11]

Nicolas Billen, Johannes Lauer, Alexander Zipf, A mobile sensor data acquisition and evaluation framework for crowd sourcing data, in: Proceedings of the Second ACM SIGSPATIAL International Workshop on Crowdsourced and Volunteered Geographic Information, 2013.

Digital Library

[12]

Jiangpeng Dai, Jin Teng, Xiaole Bai, Zhaohui Shen, Dong Xuan, Mobile phone based drunk driving detection, in: Proceedings of Pervasive Computing Technologies for Healthcare, 2010.

[13]

Jakob Eriksson, Lewis Girod, Bret Hull, Ryan Newton, Samuel Madden, Hari Balakrishnan, The pothole patrol: using a mobile sensor network for road surface monitoring, in: Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services, 2008.

Digital Library

[14]

Hung-chih Yang, Ali Dasdan, Ruey-Lung Hsiao, D. Stott Parker, Map-reduce-merge: simplified relational data processing on large clusters, in: Proceedings of the 2007 ACM SIGMOD International Conference on Management of Data, 2007.

[15]

Thiago Pereira de Brito Vieira, Stenio Flavio de Lacerda Fernandes, Vinicius Cardoso Garcia, Evaluating mapreduce for profiling application traffic, in: Proceedings of the first Workshop on High Performance and Programmable Networking, 2013.

Digital Library

[16]

Yeonhee Lee, Youngseok Lee, Toward scalable internet traffic measurement and analysis with Hadoop, in: Proceedings of ACM SIGCOMM Computer Communication Review (43), 2013, pp. 5-13.

[17]

I. Aljarah, A.S. Ludwig, Towards a scalable intrusion detection system based on parallel PSO clustering using mapreduce, in: Proceedings of the 15th Annual Conference Companion on Genetic and Evolutionary Computation, 2013.

Digital Library

[18]

Yeonhee Lee, Youngseok Lee, Detecting DDoS attacks with Hadoop, in: Proceedings of the ACM CoNEXT Student Workshop, 2011.

[19]

Pratik Narang, Abhishek Thakur, Chittaranjan Hota, HaDeS: a Hadoop-based framework for detection of peer-to-peer botnets, in: Proceedings of the 20th International Conference on Management of Data, 2014.

[20]

Lin Dai, Xin Gao, Yan Guo, Jingfa Xiao, Zhang Zhang, Bioinformatics clouds for big data manipulation, Biol. Direct, 7 (2012).

[21]

Randal Bryant, Randy H. Katz, Edward D. Lazowska, Big-data computing: creating revolutionary breakthroughs in commerce, science and society. www.cra.org/ccc/files/docs/init/Big_Data.pdf

[22]

Viktor Mayer-Schönberger, Kenneth Cukier, Big Data: A Revolution that Will Transform how We Live, Work, and Think, Houghton Mifflin Harcourt, 2013.

[23]

Danah Boyd, Kate Crawford, Critical questions for big data: provocations for a cultural, technological, and scholarly phenomenon, Inf. Commun. Soc., 15 (2012) 662-679.

[24]

Chris Yiu, The big data opportunity: making government faster, smarter and more personal, in: Policy Exchange, 2012.

[25]

Lev Manovich, Trending: the promises and the challenges of big social data. http://manovich.net/index.php/projects/trending-the-promises-and-the-challenges-of-big-social-data

[26]

Hsinchun Chen, Roger H.L. Chiang, Veda C. Storey, Business intelligence and analytics: from big data to big impact, Manag. Inf. Syst. Q., 36 (2012) 1165-1188.

[27]

Jiaqi Zhao, Lizhe Wang, Jie Tao, Jinjun Chen, Weiye Sun, Rajiv Ranjan, Joanna Kołodziej, Achim Streit, Dimitrios Georgakopoulos, A security framework in G-Hadoop for big data computing across distributed cloud data centres, J. Comput. Syst. Sci., 80 (2014) 994-1007.

[28]

Eric Bloedorn, Alan D. Christiansen, William Hill, Clement Skorupka, Lisa M. Talbot, Jonathan Tivel, Data mining for network intrusion detection: how to get started, 2001.

[29]

Jerome Francois, Shaonan Wang, Walter Bronzi, R. State, Thomas Engel, Botcloud: detecting botnets using mapreduce, in: Proceedings of IEEE International Workshop on Information Forensics and Security, 2011.

Digital Library

[30]

Anna Koufakou, Jimmy Secretan, John Reeder, Kelvin Cardona, Michael Georgiopoulos, Fast parallel outlier detection for categorical datasets using MapReduce, in: Proceedings of IEEE International Joint Conference on Neural Networks, 2008.

[31]

Vibhore Kumar, Henrique Andrade, Buğra Gedik, Kun-Lung Wu, DEDUCE: at the intersection of MapReduce and stream processing, in: Proceedings of the 13th International Conference on Extending Database Technology, 2010.

[32]

Zhifeng Xiao, Yang Xiao, Accountable MapReduce in cloud computing, in: Proceedings of IEEE Conference on Computer Communications Workshops, 2011.

[33]

Marcelo D. Holtz, Bernardo M. David, Rafael Timóteo de Sousa, Building scalable distributed intrusion detection systems based on the mapreduce framework, in: Proceedings of Revista Telecommun., vol. 1, 2011.

[34]

Junho Choi, Chang Choi, Byeongkyu Ko, Dongjin Choi, Pankoo Kim, Detecting web based DDoS attack using MapReduce operations in cloud computing environment, J. Internet Serv. Inf. Secur., 3 (2014) 28-37.

[35]

Alvaro A. Cárdenas, Pratyusa K. Manadhata, Sreeranga P. Rajan, Big data analytics for security, in: Proceedings of the IEEE Computer and Reliability Societies, 2013.

[36]

Stephanie E. Hampton, Carly A. Strasser, Joshua J. Tewksbury, Wendy K. Gram, Amber E. Budden, Archer L. Batcheller, Clifford S. Duke, John H. Porter, Big data and the future of ecology, in: Proceedings of Frontiers in Ecology and the Environment, 2013.

[37]

Stephen Kaisler, Frank Armour, J. Alberto Espinosa, William Money, Big data: issues and challenges moving forward, in: Proceedings of 46th Hawaii International Conference on System Sciences, 2013.

Digital Library

[38]

Emilio Corchado, Álvaro Herrero, Neural visualization of network traffic data for intrusion detection, in: Proceedings of Applied Soft Computing, 2012.

[39]

Yuri Demchenko, Zhiming Zhao, Paola Grosso, Adianto Wibisono, Cees de Laat, Addressing big data challenges for scientific data infrastructure, in: Proceedings of CloudCom, 2012.

Digital Library

[40]

Wei Yu, Guobin Xu, Khanh D. Pham, Erik P. Blasch, Genshe Chen, Dan Shen, Paul Moulema, A framework for cyber-physical system security situation awareness, Foundational Methods for Cyber-Physical Systems, 2015, in press.

[41]

Linqiang Ge, Hanling Zhang, Guobin Xu, Wei Yu, Chen Chen, Erik P. Blasch, Towards MapReduce Based Machine Learning Techniques for Processing Massive Network Threat Monitoring Data, CRC Press & Francis Group, 2015.

[42]

Guobin Xu, Wei Yu, Zhijiang Chen, Hanlin Zhang, Paul Moulema, Xinwen Fu, Chao Lu, A cloud computing based system for network security management, Int. J. Parallel Emerg. Distrib. Syst., 30 (2015) 29-45.

Digital Library

[43]

Wei Yu, Guobin Xu, Zhijiang Chen, Paul Moulema, A cloud computing based architecture for cyber security situation awareness, in: Proceedings of the 4th International Workshop on Security and Privacy in Cloud Computing (SPCC), 2013.

[44]

Hadoop, What is Apache Hadoop. https://hadoop.apache.org/

[45]

Spark, Spark: lightning-fast cluster computing. https://spark.apache.org/

[46]

Ahmad Amir, Lipika Dey, A k-mean clustering algorithm for mixed numeric and categorical data, in: Proceedings of Data & Knowledge Engineering, 2007.

[47]

CAIDA Data, . http://www.caida.org/data/

[48]

troyhunt, What is LOIC and can I be arrested for DDoS'ing someone. http://www.troyhunt.com/2013/01/what-is-loic-and-can-i-be-arrested-for.html

[49]

Anna-Maija Juuso, Ari Takanen, Kati Kittilä, Proactive cyber defense: understanding and testing for advanced persistent threats (APTs), in: Proceedings of the European Conference on Informations Warfare, 2013.

[50]

SYSSTAT, . http://sebastien.godard.pagesperso-orange.fr/

[51]

Qingyu Yang, Jie Yang, Wei Yu, Dou An, Nan Zhang, Wei Zhao, On false data-injection attacks against power system state estimation: modeling and countermeasures, IEEE Trans. Parallel Distrib. Syst., 25 (March 2014) 717-729.

Digital Library

Cited By

Bhattacharya TPeddi APonaganti SVeeramalla S(2025)A survey on various security protocols of edge computingThe Journal of Supercomputing10.1007/s11227-024-06678-681:1Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1007/s11227-024-06678-6
Xu XZang SBilal MXu XDou W(2024)Intelligent architecture and platforms for private edge cloud systemsFuture Generation Computer Systems10.1016/j.future.2024.06.024160:C(457-471)Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1016/j.future.2024.06.024
Nain ASheikh SShahid MMalik R(2024)Resource optimization in edge and SDN-based edge computing: a comprehensive studyCluster Computing10.1007/s10586-023-04256-827:5(5517-5545)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1007/s10586-023-04256-8
Show More Cited By

A Cloud Computing Based Network Monitoring and Threat Detection System for Critical Infrastructures
1. Networks
  1. Network services
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures

Recommendations

Towards Countermeasure of Insider Threat in Network Security
INCOS '11: Proceedings of the 2011 Third International Conference on Intelligent Networking and Collaborative Systems

We discuss countermeasure against insider threats in network security aspect. In the context of countermeasure against insider threats, there is no perimeter for access control in a network. A traditional access control process by using a firewall on a ...
The Cyber Threat to National Critical Infrastructures: Beyond Theory

Adversary threats to critical infrastructures have always existed during times of conflict, but threat scenarios now include peacetime attacks from anonymous computer hackers. Current events, including examples from Israel and Estonia, prove that a ...
A cloud/edge computing streaming system for network traffic monitoring and threat detection

The unyielding trend of increasing cyber threats has made cyber security paramount in protecting personal and private intellectual property. To provide a highly secured network environment, network threat detection systems must handle real-time big data ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Big Data Research

Big Data Research Volume 3, Issue C

April 2016

40 pages

ISSN:2214-5796

EISSN:2214-5796

Issue’s Table of Contents

Copyright © Elsevier Inc.

Publisher

Elsevier Science Publishers B. V.

Netherlands

Publication History

Published: 01 April 2016

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Bhattacharya TPeddi APonaganti SVeeramalla S(2025)A survey on various security protocols of edge computingThe Journal of Supercomputing10.1007/s11227-024-06678-681:1Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1007/s11227-024-06678-6
Xu XZang SBilal MXu XDou W(2024)Intelligent architecture and platforms for private edge cloud systemsFuture Generation Computer Systems10.1016/j.future.2024.06.024160:C(457-471)Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1016/j.future.2024.06.024
Nain ASheikh SShahid MMalik R(2024)Resource optimization in edge and SDN-based edge computing: a comprehensive studyCluster Computing10.1007/s10586-023-04256-827:5(5517-5545)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1007/s10586-023-04256-8
Nguyen GDlugolinsky STran VLópez García Á(2024)Network security AIOps for online stream data monitoringNeural Computing and Applications10.1007/s00521-024-09863-z36:24(14925-14949)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1007/s00521-024-09863-z
Zeng YOuyang SZhu TLi C(2022)E-Commerce Network Security Based on Big Data in Cloud Computing EnvironmentMobile Information Systems10.1155/2022/99352442022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/9935244
Shah SKhan FAhmad M(2022)Mitigating TCP SYN flooding based EDOS attack in cloud computing environment using binomial distribution in SDNComputer Communications10.1016/j.comcom.2021.11.008182:C(198-211)Online publication date: 15-Jan-2022
https://dl.acm.org/doi/10.1016/j.comcom.2021.11.008
Sun DWu JYang JWu H(2021)Intelligent Data Collaboration in Heterogeneous-device IoT PlatformsACM Transactions on Sensor Networks10.1145/342791217:3(1-17)Online publication date: 21-Jun-2021
https://dl.acm.org/doi/10.1145/3427912
Tian PChen ZYu WLiao W(2021)Towards asynchronous federated learning based threat detectionComputers and Security10.1016/j.cose.2021.102344108:COnline publication date: 1-Sep-2021
https://dl.acm.org/doi/10.1016/j.cose.2021.102344
Agrawal NTapaswi S(2019)Defense Mechanisms Against DDoS Attacks in a Cloud Computing Environment: State-of-the-Art and Research ChallengesIEEE Communications Surveys & Tutorials10.1109/COMST.2019.293446821:4(3769-3795)Online publication date: 1-Oct-2019
https://dl.acm.org/doi/10.1109/COMST.2019.2934468
Wang PMa MChu C(2018)Long-Term Event Processing over Data Streams in Cyber-Physical SystemsACM Transactions on Cyber-Physical Systems10.1145/32044122:2(1-23)Online publication date: 9-Jun-2018
https://dl.acm.org/doi/10.1145/3204412
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents