Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

uccsc2014-20140804

advertisement 
Big Data Technologies
for InfoSec
Dive Deeper. See Further.
Ram Sripracha (rsriprac@ucla.edu)
UCLA / Sift Security
Experiences
RR Systems
What are “Big Data” systems?
• XXL in Size
• Data Volume
• TBs - PBs
• Computation Scalability
• Horizontally Scalable
• Multi-host Deployment
• Commodity Hardware
Why now?
• Rich Ecosystem
• Well Supported Open Source Software
• High Adoption Rate
• Commercial Backings
• “Redhat” Model
• Heavily Invested
Platform Providers
Technologies
Is it a “Big Data” problem?
• Many moving parts
• Initially maybe overwhelming
• 100s of configuration setting
• Requests some level of expertise
• Overkill for some problems
• Larger resource footprint
Big Data Stack
Big Data Stack
DFS
• NoSQL
• Columnar
• Sits on HDFS
• Million Rows
x Million Columns
• Cell-level Security
Titan
• Graph-based Datastore
• Optimized for (E, V)
• Key/Value attributes for vertices and
edges
• 100s million vertices x 100s billion edges
• Capturing relationships
• Sits on top of HBase, Cassandra, …
Map-Reduce
• Resilient Distributed Dataset
(RDD)
• In-Memory RDD
• Iterative Algorithms
• Machine Learning
Impala
• Near-real-time analysis
• Micro-batch processing
• Pipelining of micro-batches
• Stream annotations
• Sits on top of
• Distributed indexing and search
• Indexes
•
•
•
•
Raw text files from HDFS
HBase content
Titan properties
Other data replicated data streams
Application Log Search
• Full Text Indexes
• Flexible Faceting
• Automatic field extraction
• Dashboard-able search interface
• Low-cost alternative to Splunk
and other search solutions
Real-time Blacklist Alerting
• Fault tolerance
• Netflow annotation
• Match alerting
• Application access alerting
• Authentication alerting
• Network metrics
Netflow Data Warehouse
• 3x Nodes
• 2x 8-Core Intel E5-2450 per node
• 16Gb RAM per node
• 72TB Storage Total
• ~5B Netflow records/day
• >1 year retention
• Support complex SQL-like query
Netflow Data Warehouse
• Continuous scanning
• Direct querying of delimited file
DFS
• Perform metrics and diffs
• Compute trending
• Firewall rule validations
• Long retention
EMR Access Anomalies
• Category of insider threat
• Relational networks of
• Users/Groups
• Department
• Document Access
• Community structure-based
anomaly detection
Related documents
Statseeker - why it is unique
Statseeker - why it is unique
Presentations
Presentations
Network Forensics Tracking Hackers Through Cyberspace.
Network Forensics Tracking Hackers Through Cyberspace.
Hadoop-HBase-Tutorial - CSE Labs User Home Pages
Hadoop-HBase-Tutorial - CSE Labs User Home Pages
NetFlow Analyzer Drilldown to the root-QoS
NetFlow Analyzer Drilldown to the root-QoS
Type title here
Type title here
Source IP Address Destination IP Address Input I/F
Source IP Address Destination IP Address Input I/F
Hbase: Hadoop Database
Hbase: Hadoop Database
Netflow and Security Nicolas Fischbach, COLT TELECOM
Netflow and Security Nicolas Fischbach, COLT TELECOM
Hbase: Hadoop Database
Hbase: Hadoop Database
Network Visibility Guide
Network Visibility Guide
Spark: Cluster Computing with Working Sets
Spark: Cluster Computing with Working Sets
An Internet Traffic Analysis Method with MapReduce
An Internet Traffic Analysis Method with MapReduce
Cisco experiences of IP traffic flow measurement and billing with NetFlow
Cisco experiences of IP traffic flow measurement and billing with NetFlow
SNMP NetFlow
SNMP NetFlow
NetFlow Overview
NetFlow Overview
RTC01 TCTW Plixer_original CE_original
RTC01 TCTW Plixer_original CE_original
Network Monitoring @ PASI - CIARA - Florida International University
Network Monitoring @ PASI - CIARA - Florida International University
slides
slides
20130415-Breiner
20130415-Breiner
Ch8- Study Guide
Ch8- Study Guide
NetFlow Implementing and Traffic Analysis
NetFlow Implementing and Traffic Analysis
Download
advertisement