Logo PTI
Polish Information Processing Society
Logo FedCSIS

Annals of Computer Science and Information Systems, Volume 11

Proceedings of the 2017 Federated Conference on Computer Science and Information Systems

TARZAN: An Integrated Platform for Security Analysis

,

DOI: http://dx.doi.org/10.15439/2017F280

Citation: Proceedings of the 2017 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 11, pages 561567 ()

Full text

Abstract. In this paper, we present the TARZAN platform, an integrated platform for analysis of digital data from security incidents. The platform serves primarily as a middleware between data sources and data processing applications, however, it also provides several supporting services and a runtime environment for the applications. The supporting services, such as a data storage, a resource and application registry, a synchronization service, and a distributed computing platform, are utilized by the TARZAN applications for various security-oriented analyses on the integrated data ranging from an IT security incident detection to inference analyses of data from social networks or crypto-currency transactions. To cope with a large amount of distributed data, both streamed in real-time and stored, and for the need of a large scale distributed computing, the platform has been designed as a big data processing system ensuring reliable, scalable, and cost-effective solution. The platform is demonstrated on the case of a security analysis of network traffic.

References

  1. A. Guarino, Digital Forensics as a Big Data Challenge. Wiesbaden: Springer Fachmedien Wiesbaden, 2013, pp. 197–203. ISBN 978-3-658-03371-2. [Online]. Available: http://dx.doi.org/10.1007/978-3-658-03371-2_17
  2. A. A. Cardenas, P. K. Manadhata, and S. P. Rajan, “Big data analytics for security,” IEEE Security Privacy, vol. 11, no. 6, pp. 74–76, Nov. 2013. http://dx.doi.org/10.1109/MSP.2013.138. [Online]. Available: http://dx.doi.org/10.1109/MSP.2013.138
  3. H. V. Jagadish, J. Gehrke, A. Labrinidis, Y. Papakonstantinou, J. M. Patel, R. Ramakrishnan, and C. Shahabi, “Big data and its technical challenges,” Commun. ACM, vol. 57, no. 7, pp. 86–94, Jul. 2014. http://dx.doi.org/10.1145/2611567. [Online]. Available: http://doi.acm.org/10.1145/2611567
  4. D. Quick and K.-K. R. Choo, “Big forensic data reduction: digital forensic images and electronic evidence,” Cluster Computing, vol. 19, no. 2, pp. 723–740, 2016. http://dx.doi.org/10.1007/s10586-016-0553-1. [Online]. Available: http://dx.doi.org/10.1007/s10586-016-0553-1
  5. D. L. Schales, X. Hu, J. Jang, R. Sailer, M. P. Stoecklin, and T. Wang, “FCCE: Highly scalable distributed feature collection and correlation engine for low latency big data analytics,” in 2015 IEEE 31st International Conference on Data Engineering, Apr. 2015. http://dx.doi.org/10.1109/ICDE.2015.7113379. ISSN 1063-6382 pp. 1316–1327. [Online]. Available: http://dx.doi.org/10.1109/ICDE.2015.7113379
  6. E. S. Pilli, R. Joshi, and R. Niyogi, “Network forensic frameworks: Survey and research challenges,” Digital Investigation, vol. 7, no. 1-2, pp. 14–27, 2010. http://dx.doi.org/https://doi.org/10.1016/j.diin.2010.02.003. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S1742287610000113
  7. M. I. Cohen, “Pyflag: An advanced network forensic framework,” in Proceedings of the 2008 Digital Forensics Research Workshop. DFRWS, Aug. 2008. [Online]. Available: http://www.pyflag.org
  8. A. Lukashin, L. Laboshin, V. Zaborovsky, and V. Mulukha, Distributed Packet Trace Processing Method for Information Security Analysis. Cham: Springer International Publishing, 2014, pp. 535–543. ISBN 978-3-319-10353-2. [Online]. Available: http://dx.doi.org/10.1007/978-3-319-10353-2_49
  9. M. Wullink, G. C. M. Moura, M. Muller, and C. Hesselman, “ENTRADA: A high-performance network traffic data streaming warehouse,” in NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, Apr. 2016. http://dx.doi.org/10.1109/NOMS.2016.7502925 pp. 913–918. [Online]. Available: http://dx.doi.org/10.1109/NOMS.2016.7502925
  10. M. Aupetit, Y. Zhauniarovich, G. Vasiliadis, M. Dacier, and Y. Boshmaf, “Visualization of actionable knowledge to mitigate DRDoS attacks,” in 2016 IEEE Symposium on Visualization for Cyber Security (VizSec), Oct. 2016. http://dx.doi.org/10.1109/VIZSEC.2016.7739577 pp. 1–8. [Online]. Available: http://dx.doi.org/10.1109/VIZSEC.2016.7739577
  11. N. Promrit and A. Mingkhwan, “Traffic flow classification and visualization for network forensic analysis,” in 2015 IEEE 29th International Conference on Advanced Information Networking and Applications, Mar. 2015. http://dx.doi.org/10.1109/AINA.2015.207. ISSN 1550-445X pp. 358–364. [Online]. Available: http://dx.doi.org/10.1109/AINA.2015.207
  12. L. He, B. Tang, M. Zhu, B. Lu, and W. Huang, NetflowVis: A Temporal Visualization System for Netflow Logs Analysis. Cham: Springer International Publishing, 2016, pp. 202–209. ISBN 978-3-319-46771-9. [Online]. Available: http://dx.doi.org/10.1007/978-3-319-46771-9_27
  13. (2016) Apache Metron: Real-time big data security. [Online]. Available: https://metron.incubator.apache.org/
  14. (2016) Apache Spot (incubating): A community approach to fighting cyber threats. [Online]. Available: https://spot.incubator.apache.org/
  15. Eoghan and Casey, “Network traffic as a source of evidence: tool strengths, weaknesses, and future needs,” Digital Investigation, vol. 1, no. 1, pp. 28–43, 2004. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S1742287603000033
  16. (2016) Apache Kafka: A high-throughput distributed messaging system. [Online]. Available: https://kafka.apache.org/
  17. (2014) Welcome to Apache Hadoop! [Online]. Available: https://hadoop.apache.org/
  18. (2010) Apache ZooKeeper. [Online]. Available: https://zookeeper.apache.org/
  19. (2016) Apache Cassandra. [Online]. Available: https://cassandra.apache.org/
  20. J. S. van der Veen, B. van der Waaij, and R. J. Meijer, “Sensor data storage performance: SQL or NoSQL, physical or virtual,” in 2012 IEEE Fifth International Conference on Cloud Computing, Jun. 2012. http://dx.doi.org/10.1109/CLOUD.2012.18. ISSN 2159-6182 pp. 431–438. [Online]. Available: http://dx.doi.org/10.1109/CLOUD.2012.18
  21. J. Gantz and D. Reinsel, “Extracting value from chaos,” IDC iview, vol. 1142, no. 2011, pp. 1–12, 2011.
  22. (2016) Apache Spark: Lightning-fast cluster computing. [Online]. Available: https://spark.apache.org/
  23. M. Zaharia, T. Das, H. Li, S. Shenker, and I. Stoica, “Discretized streams: An efficient and fault-tolerant model for stream processing on large clusters,” in Proceedings of the 4th USENIX Conference on Hot Topics in Cloud Ccomputing, ser. HotCloud’12. Berkeley, CA, USA: USENIX Association, 2012.
  24. S. Zawoad and R. Hasan, “Digital forensics in the age of big data: Challenges, approaches, and opportunities,” 2015 IEEE 17th International Conference on High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), and 2015 IEEE 12th International Conf on Embedded Software and Systems (ICESS), pp. 1320–1325, 2015. http://dx.doi.org/10.1109/HPCC-CSS-ICESS.2015.305
  25. H. J. Mohammed, N. L. Clarke, and F. Li, “An automated approach for digital forensic analysis of heterogeneous big data,” JDFSL, vol. 11, no. 2, pp. 137–152, 2016. [Online]. Available: http://ojs.jdfsl.org/index.php/jdfsl/article/view/410
  26. A. Irons and H. Lallie, “Digital forensics to intelligent forensics,” Future Internet, vol. 6, no. 3, pp. 584–596, 2014. http://dx.doi.org/10.3390/fi6030584. [Online]. Available: http://doi.acm.org/10.3390/fi6030584