Massive distributed and parallel log analysis for organizational security

Author

Xiaokui Shu ; Smiy, John ; Danfeng Yao ; Heshan Lin

Author_Institution

Dept. of Comput. Sci., Virginia Tech, Blacksburg, VA, USA

fYear

2013

fDate

9-13 Dec. 2013

Firstpage

194

Lastpage

199

Abstract

Security log analysis is extremely useful for uncovering intrusions and anomalies. However, the sheer volume of log data demands new frameworks and techniques of computing and security. We present a lightweight distributed and parallel security log analysis framework that allows organizations to analyze a massive number of system, network, and transaction logs efficiently and scalably. Different from the general distributed frameworks, e.g., MapReduce, our framework is specifically designed for security log analysis. It features a minimum set of necessary properties, such as dynamic task scheduling for streaming logs. For prototyping, we implement our framework in Amazon cloud environments (EC2 and S3) with a basic analysis application. Our evaluation demonstrates the effectiveness of our design and shows the potential of our cloud-based distributed framework in large-scale log analysis scenarios.

Keywords

cloud computing; distributed processing; security of data; system monitoring; Amazon cloud environments; EC2; MapReduce; S3; cloud-based distributed framework; dynamic task scheduling; log data demands; massive distributed frameworks; organizational security; parallel security log analysis framework; streaming logs; transaction logs; Cloud computing; Conferences; Data privacy; Organizations; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Globecom Workshops (GC Wkshps), 2013 IEEE

Conference_Location

Atlanta, GA

Type

conf

DOI

10.1109/GLOCOMW.2013.6824985

Filename

6824985