Honeypot based unauthorized data access detection in MapReduce systems

Ulusoy, Huseyin; Kantarcıoğlu, Murat; Thuraisingham, Bhavani; Khan, Latifur

doi:10.1109/isi.2015.7165951

Cited by 10 publications

(5 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Further to log-based anomaly detection approaches, there are other research efforts share the same goal for improving the security of big data systems. These approaches span different research directions, ranging from differential privacy [36], integrity verification [37]- [40], policy enforcement [41]- [44], data provenance [45]- [48], honeypot-based [49], to encryptionbased [50] mechanisms, Security Monitoring [51], among others.…”

Section: Graph Neural Networkmentioning

confidence: 99%

“…They face several challenges that may hinder its practicability such as the volume of captured provenance data, the storage and integration required to effectively analyze these data, and the most important factor is the overhead incurred from collecting these data during the execution of distributed analytic applications. Other approach [49] takes on honeypot-based mechanism to detect unauthorized access in MapReduce. A different approach [50] leverages encryption to protect data at the cost of imposing performance burden and reduction of system operations.…”

Section: Graph Neural Networkmentioning

confidence: 99%

See 1 more Smart Citation

PredictDeep: Security Analytics as a Service for Anomaly Detection and Prediction

Elsayed

Zulkernine

2020

IEEE Access

View full text Add to dashboard Cite

As businesses embrace digitization, the Internet of Everything (IoE) begins to take shape and the Cloud continues to empower new innovations for big data-at the heart, Cloud analytic applications gain increasing momentum. Such applications have remarkable benefits for big data processing, making it easy, fast, scalable, and cost-effective; albeit, they pose many security risks. Security breaches causing anomalous activities due to malicious, vulnerable, or misconfigured analytic applications are considered the top security risks to big ''sensitive'' data. The risk is further expanded from the coupling of data analytics with the Cloud. Towards maintaining secure and trustworthy applications, effective anomaly detection and prediction become crucial tasks to be offered by Cloud providers. This paper presents, PredictDeep, a novel security analytics framework for anomaly detection and prediction. The proposed framework leverages log data collected from monitoring systems with graph analytics and deep learning techniques to add intelligence for detecting and predicting known and unknown patterns of security anomalies. It represents the collected data and transforms them into a graph model. The graph model captures the analytical activities as well as their interrelation. In this sense, such a model provides informed insight of the monitored application, understanding its behavior, and revealing anomalous patterns. Different from existing traditional rule-based machine learning and statistics-based approaches, our solution takes the benefits of incorporating not only available node attributes but also graph structure and context information to extract rich features that boost the anomaly classification and prediction. We leverage graph embeddings to represent the nodes and relationships in the graph model as feature vectors to learn and predict anomalies in an inductive way utilizing recent advanced deep graph neural network techniques. This design augments our solution with robustness and computational efficiency. Extensive experiments are conducted over an open-source Hadoop log dataset. The evaluation results demonstrate that PredictDeep is a viable solution and very effective.

show abstract

Section: Graph Neural Networkmentioning

confidence: 99%

Section: Graph Neural Networkmentioning

confidence: 99%

PredictDeep: Security Analytics as a Service for Anomaly Detection and Prediction

Elsayed

Zulkernine

2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…MapReduce programs consist of map processes that perform filtering and sorting, and reduce processes that perform summary operations. MapReduce combines the distributed serves, runs the different tasks in parallel, manages all communication and data transmission in a different system, and provides redundancy and fault tolerance [ 21 , 22 ]. MapReduce processes K-V data.…”

Section: Related Workmentioning

confidence: 99%

Spark-based parallel calculation of 3D fourier shell correlation for macromolecule structure local resolution estimation

et al. 2020

View full text Add to dashboard Cite

Background Resolution estimation is the main evaluation criteria for the reconstruction of macromolecular 3D structure in the field of cryoelectron microscopy (cryo-EM). At present, there are many methods to evaluate the 3D resolution for reconstructed macromolecular structures from Single Particle Analysis (SPA) in cryo-EM and subtomogram averaging (SA) in electron cryotomography (cryo-ET). As global methods, they measure the resolution of the structure as a whole, but they are inaccurate in detecting subtle local changes of reconstruction. In order to detect the subtle changes of reconstruction of SPA and SA, a few local resolution methods are proposed. The mainstream local resolution evaluation methods are based on local Fourier shell correlation (FSC), which is computationally intensive. However, the existing resolution evaluation methods are based on multi-threading implementation on a single computer with very poor scalability. Results This paper proposes a new fine-grained 3D array partition method by key-value format in Spark. Our method first converts 3D images to key-value data (K-V). Then the K-V data is used for 3D array partitioning and data exchange in parallel. So Spark-based distributed parallel computing framework can solve the above scalability problem. In this distributed computing framework, all 3D local FSC tasks are simultaneously calculated across multiple nodes in a computer cluster. Through the calculation of experimental data, 3D local resolution evaluation algorithm based on Spark fine-grained 3D array partition has a magnitude change in computing speed compared with the mainstream FSC algorithm under the condition that the accuracy remains unchanged, and has better fault tolerance and scalability. Conclusions In this paper, we proposed a K-V format based fine-grained 3D array partition method in Spark to parallel calculating 3D FSC for getting a 3D local resolution density map. 3D local resolution density map evaluates the three-dimensional density maps reconstructed from single particle analysis and subtomogram averaging. Our proposed method can significantly increase the speed of the 3D local resolution evaluation, which is important for the efficient detection of subtle variations among reconstructed macromolecular structures.

show abstract

“…A slave token (contains identity of the CA server and the public key of the corresponding slave node) is used by the master process for authenticating a slave node. In [111], the authors suggested a honey-pot-based mechanism for detecting an unauthorized data access. Honey data is deliberately produced and mixed in the original data.…”

Section: Authentication Authorization and Access Control Based Apprmentioning

confidence: 99%

“…All the approaches suggested in Section 4.4.3 are based on encryption-decryption, which comes at a price of computation and limited operations [111]. In [40], a Shamir's secret-sharing [95] based solution for five types of MapReduce computations such as count, search, fetch, equijoin, and range selection is provided.…”

Section: Data Privacy In Adversarial Clouds Using Secret-sharingmentioning

confidence: 99%

Security and privacy aspects in MapReduce on clouds: A survey

Derbeko

Dolev

Gudes

et al. 2016

Computer Science Review

View full text Add to dashboard Cite

MapReduce is a programming system for distributed processing large-scale data in an efficient and fault tolerant manner on a private, public, or hybrid cloud. MapReduce is extensively used daily around the world as an efficient distributed computation tool for a large class of problems, e.g., search, clustering, log analysis, different types of join operations, matrix multiplication, pattern matching, and analysis of social networks. Security and privacy of data and MapReduce computations are essential concerns when a MapReduce computation is executed in public or hybrid clouds. In order to execute a MapReduce job in public and hybrid clouds, authentication of mappers-reducers, confidentiality of data-computations, integrity of data-computations, and correctness-freshness of the outputs are required. Satisfying these requirements shield the operation from several types of attacks on data and MapReduce computations. In this paper, we investigate and discuss security and privacy challenges and requirements, considering a variety of adversarial capabilities, and characteristics in the scope of MapReduce. We also provide a review of existing security and privacy protocols for MapReduce and discuss their overhead issues.

show abstract

Honeypot based unauthorized data access detection in MapReduce systems

Cited by 10 publications

References 18 publications

PredictDeep: Security Analytics as a Service for Anomaly Detection and Prediction

PredictDeep: Security Analytics as a Service for Anomaly Detection and Prediction

Spark-based parallel calculation of 3D fourier shell correlation for macromolecule structure local resolution estimation

Security and privacy aspects in MapReduce on clouds: A survey

Contact Info

Product

Resources

About