Design and Implement of a Hadoop-based SIEM System-A Case Study of Web Application Firewall

• Main Authors: Tsung-Chih Liu, 劉宗治
• Other Authors: Hsung-Pin Chang
• Format: Others
• Language: zh-TW
• Published: 2013
• Online Access: http://ndltd.ncl.edu.tw/handle/teaw8t

碩士 === 國立中興大學 === 資訊科學與工程學系所 === 101 === With the tremendously improvement of network technologies and the increased popularization of networking, information security has received a significant attention from human beings. Especially, analyzing a huge amount of log data to extract implicit or explicit attacks, so to alert system managers or execute defense procedures has become a major research area. To rapidly and automatically handle the information security issue, many researchers have proposed the Security Informant and Event Management (SIEM) system. Thus, by the SIEM system, we can detect and response immediately when an attack is issued. However, with the rapid growth of amount of digital information, log data is also significantly increased. As a result, using traditional single-computer approach to analyze the large amount of log data becomes impossible. Thus, in this thesis, we utilize the Hadoop-based ecosystem to design and implement a SIEM system on a private cloud. Besides, we use Web Application Firewall as a case study to compare the performance of analyzing the firewall’s logs under different cloud architectures. From the experimental results, Hadoop-based cloud systems can indeed reduce the time of analyzing the log. Therefore, Hadoop-based cloud architecture is suitable to run the system, e.g., SIEM, which requires a significant amount of space and time to store and analyze data respectively. Thus, Hadoop-based cloud can significantly provide IT staff the ability to face and handle the era of Big Data.