摘要
由于传统入侵检测系统存在单点无法容错和数据处理能力不足,已无法满足日益增长的信息安全问题.文中利用分布式技术,基于Hadoop的集群运算环境和其快速存储的优势,结合MongoDB数据库,采用Java体系设计了主数据检测器、RabbitMQ采集器、收发中间件和分析中心等部件,实现了一种开源的分布式入侵检测框架.通过对CPU、MEM、TCP和网络带宽等四个指标进行监控,能较好的发现外部DDOS的攻击和入侵并提供报警服务功能.
Because of the lack of single point fault tolerance and inadequate data processing capability, the traditional intrusion detection system cannot meet the increasing demand for information security. By using the distributed technology and taking advantages of Hadoop ~s cluster operation environment and rapid storage, an open source intrusion detection framework is designed, with MongoDB adopted as database. Besides, the main data detector, the RabbitMQ collector, the transceiver middleware and the analysis center are designed, respectively. Through monitoring four indicators CPU, MEM, TCP and network bandwidth, the proposed IDS framework can detect external DDOS intrusion attack and intrusion effectively and provide alarm service.
作者
洪波
曹子建
HONG Bo;CAO Zijian(School of Computer Science and Engineering,Xi'an Technological University,Xi' an 710021,China)
出处
《西安工业大学学报》
CAS
2018年第4期390-395,407,共7页
Journal of Xi’an Technological University
基金
陕西省教育厅专项科研计划项目(17JK0371
17JZ004)
新型网络与检测控制国家地方联合工程实验室基金(GSYSJ2016007)
关键词
分布式
入侵检测
数据处理
HADOOP
监控
distributed
intrusion detection
data processing
Hadoop
monitor control
