Um sistema por processamento de fluxos aplicado à análise e monitoramento da rede

Detalhes bibliográficos
Autor(a) principal: Haas, Alexsander
Data de Publicação: 2019
Tipo de documento: Dissertação
Idioma: por
Título da fonte: Manancial - Repositório Digital da UFSM
dARK ID: ark:/26339/00130000097rt
Texto Completo: http://repositorio.ufsm.br/handle/1/17036
Resumo: Data processing is commonly performed by big data systems, in traditional architectures, performing data manipulation offline. However, with the need to get results with low latency, there is the use of other architectures, such as LAMBDA and Kappa for the implementation of big data systems, directed to the processing of data streams. Several studies in the literature begin to apply this new model of architecture for different purposes, as well as the use of different types of tools to make it possible to implement it. In This scenario some systems are developed with these molds to monitor and process the flow of data generated by network traffic, employing different types of analysis on the collected data, to get from information about network bandwidth consumption to identify anomalies that occur. In this context, this work aims to develop a system based on the Lambda architecture, applied to the monitoring and processing of the data flow of network traffic, performing the integration of different open source tools. Each tool is responsible for certain functionality implemented, from monitoring and collecting network traffic, information transport, normalization and data storage, to subsequently perform analyses thereof and detect anomalies originated by DDoS attacks, brute force, and port scanning on certain protocols. Regarding the connections classified as anomalous, information pertinent to the IP responsible for originating this connection will be obtained. The experimental analysis of the system occurs with the use of a controlled set of data that has several anomalies, as well as those that must be detected by the system. Shortly after this step, the system is applied to process data that was collected from a local network for eleven days, totaling more than 14 million connections. The experimental results obtained on the actual network traffic present the three types of anomalies that were considered in this study, as well as information about the IPs responsible for them, identifying the country and its respective organization.
id UFSM_61d5c342b746be2843379e24de9b3c47
oai_identifier_str oai:repositorio.ufsm.br:1/17036
network_acronym_str UFSM
network_name_str Manancial - Repositório Digital da UFSM
repository_id_str
spelling Um sistema por processamento de fluxos aplicado à análise e monitoramento da redeA flow processing system applied to network analysis and monitoringArquitetura lambdaBig dataTráfego de redeDetecção de ataquesArchitecture lambdaNetwork trafficDetection of attacksCNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAOData processing is commonly performed by big data systems, in traditional architectures, performing data manipulation offline. However, with the need to get results with low latency, there is the use of other architectures, such as LAMBDA and Kappa for the implementation of big data systems, directed to the processing of data streams. Several studies in the literature begin to apply this new model of architecture for different purposes, as well as the use of different types of tools to make it possible to implement it. In This scenario some systems are developed with these molds to monitor and process the flow of data generated by network traffic, employing different types of analysis on the collected data, to get from information about network bandwidth consumption to identify anomalies that occur. In this context, this work aims to develop a system based on the Lambda architecture, applied to the monitoring and processing of the data flow of network traffic, performing the integration of different open source tools. Each tool is responsible for certain functionality implemented, from monitoring and collecting network traffic, information transport, normalization and data storage, to subsequently perform analyses thereof and detect anomalies originated by DDoS attacks, brute force, and port scanning on certain protocols. Regarding the connections classified as anomalous, information pertinent to the IP responsible for originating this connection will be obtained. The experimental analysis of the system occurs with the use of a controlled set of data that has several anomalies, as well as those that must be detected by the system. Shortly after this step, the system is applied to process data that was collected from a local network for eleven days, totaling more than 14 million connections. The experimental results obtained on the actual network traffic present the three types of anomalies that were considered in this study, as well as information about the IPs responsible for them, identifying the country and its respective organization.Processamentos de dados são comumente realizados por sistemas Big Data, em arquiteturas tradicionais, efetuando a manipulação dos dados de forma offline. No entanto, com a necessidade de obter resultados com baixa latência, ocorre o uso de outras arquiteturas, como Lambda e Kappa para implementação de sistemas Big Data, direcionadas ao processamento de fluxos de dados. Diversos estudos na literatura começam a aplicar esse novo modelo de arquitetura para diferentes fins, assim como a utilização de diferentes tipos de ferramentas para que seja possível efetuar sua implementação. Neste cenário alguns sistemas são desenvolvidos com estes moldes para monitorar e processar o fluxo de dados gerados pelo tráfego de rede, empregando diferentes tipos de análises sobre os dados coletados, para obter desde informações sobre o consumo de banda da rede a identificar anomalias que ocorrem. Nesse contexto, este trabalho tem como objetivo o desenvolvimento de um sistema com base na arquitetura Lambda, aplicado ao monitoramento e processamento do fluxo de dados do tráfego de rede, realizando a integração de diferentes ferramentas de código aberto. Cada ferramenta é responsável por determinada funcionalidade implementada, desde o monitoramento e coleta do tráfego de rede, transporte de informações, normalização e armazenamento dos dados, para posteriormente efetuar análises dos mesmos e detectar anomalias originadas por ataques DDoS, força bruta e varredura de portas sobre determinados protocolos. Sobre as conexões classificadas como anômalas, obter-se-á informações pertinentes ao IP responsável por originar essa conexão. A análise experimental do sistema ocorre com o uso de um conjunto de dados controlado que possui diversas anomalias, bem como as que devem ser detectadas pelo sistema. Logo após essa etapa, o sistema é aplicado para processar dados que foram coletados de uma rede local durante onze dias, totalizando mais de quatorze milhões de conexões. Os resultados experimentais obtidos sobre o tráfego de rede real apresentam os três tipos de anomalias que foram consideradas nesse estudo, assim como traz informações sobre os IPs responsáveis pelas mesmas, identificando o país e sua respectiva organização.Universidade Federal de Santa MariaBrasilCiência da ComputaçãoUFSMPrograma de Pós-Graduação em Ciência da ComputaçãoCentro de TecnologiaLima, João Vicente Ferreirahttp://lattes.cnpq.br/6266546896929217Stein, Benhur de Oliveirahttp://lattes.cnpq.br/4640320476003795Koslovski, Guilherme Piêgashttp://lattes.cnpq.br/2749773427704993Haas, Alexsander2019-06-18T18:59:39Z2019-06-18T18:59:39Z2019-03-25info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://repositorio.ufsm.br/handle/1/17036ark:/26339/00130000097rtporAttribution-NonCommercial-NoDerivatives 4.0 Internationalhttp://creativecommons.org/licenses/by-nc-nd/4.0/info:eu-repo/semantics/openAccessreponame:Manancial - Repositório Digital da UFSMinstname:Universidade Federal de Santa Maria (UFSM)instacron:UFSM2019-06-19T06:00:30Zoai:repositorio.ufsm.br:1/17036Biblioteca Digital de Teses e Dissertaçõeshttps://repositorio.ufsm.br/ONGhttps://repositorio.ufsm.br/oai/requestatendimento.sib@ufsm.br||tedebc@gmail.comopendoar:2019-06-19T06:00:30Manancial - Repositório Digital da UFSM - Universidade Federal de Santa Maria (UFSM)false
dc.title.none.fl_str_mv Um sistema por processamento de fluxos aplicado à análise e monitoramento da rede
A flow processing system applied to network analysis and monitoring
title Um sistema por processamento de fluxos aplicado à análise e monitoramento da rede
spellingShingle Um sistema por processamento de fluxos aplicado à análise e monitoramento da rede
Haas, Alexsander
Arquitetura lambda
Big data
Tráfego de rede
Detecção de ataques
Architecture lambda
Network traffic
Detection of attacks
CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
title_short Um sistema por processamento de fluxos aplicado à análise e monitoramento da rede
title_full Um sistema por processamento de fluxos aplicado à análise e monitoramento da rede
title_fullStr Um sistema por processamento de fluxos aplicado à análise e monitoramento da rede
title_full_unstemmed Um sistema por processamento de fluxos aplicado à análise e monitoramento da rede
title_sort Um sistema por processamento de fluxos aplicado à análise e monitoramento da rede
author Haas, Alexsander
author_facet Haas, Alexsander
author_role author
dc.contributor.none.fl_str_mv Lima, João Vicente Ferreira
http://lattes.cnpq.br/6266546896929217
Stein, Benhur de Oliveira
http://lattes.cnpq.br/4640320476003795
Koslovski, Guilherme Piêgas
http://lattes.cnpq.br/2749773427704993
dc.contributor.author.fl_str_mv Haas, Alexsander
dc.subject.por.fl_str_mv Arquitetura lambda
Big data
Tráfego de rede
Detecção de ataques
Architecture lambda
Network traffic
Detection of attacks
CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
topic Arquitetura lambda
Big data
Tráfego de rede
Detecção de ataques
Architecture lambda
Network traffic
Detection of attacks
CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
description Data processing is commonly performed by big data systems, in traditional architectures, performing data manipulation offline. However, with the need to get results with low latency, there is the use of other architectures, such as LAMBDA and Kappa for the implementation of big data systems, directed to the processing of data streams. Several studies in the literature begin to apply this new model of architecture for different purposes, as well as the use of different types of tools to make it possible to implement it. In This scenario some systems are developed with these molds to monitor and process the flow of data generated by network traffic, employing different types of analysis on the collected data, to get from information about network bandwidth consumption to identify anomalies that occur. In this context, this work aims to develop a system based on the Lambda architecture, applied to the monitoring and processing of the data flow of network traffic, performing the integration of different open source tools. Each tool is responsible for certain functionality implemented, from monitoring and collecting network traffic, information transport, normalization and data storage, to subsequently perform analyses thereof and detect anomalies originated by DDoS attacks, brute force, and port scanning on certain protocols. Regarding the connections classified as anomalous, information pertinent to the IP responsible for originating this connection will be obtained. The experimental analysis of the system occurs with the use of a controlled set of data that has several anomalies, as well as those that must be detected by the system. Shortly after this step, the system is applied to process data that was collected from a local network for eleven days, totaling more than 14 million connections. The experimental results obtained on the actual network traffic present the three types of anomalies that were considered in this study, as well as information about the IPs responsible for them, identifying the country and its respective organization.
publishDate 2019
dc.date.none.fl_str_mv 2019-06-18T18:59:39Z
2019-06-18T18:59:39Z
2019-03-25
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://repositorio.ufsm.br/handle/1/17036
dc.identifier.dark.fl_str_mv ark:/26339/00130000097rt
url http://repositorio.ufsm.br/handle/1/17036
identifier_str_mv ark:/26339/00130000097rt
dc.language.iso.fl_str_mv por
language por
dc.rights.driver.fl_str_mv Attribution-NonCommercial-NoDerivatives 4.0 International
http://creativecommons.org/licenses/by-nc-nd/4.0/
info:eu-repo/semantics/openAccess
rights_invalid_str_mv Attribution-NonCommercial-NoDerivatives 4.0 International
http://creativecommons.org/licenses/by-nc-nd/4.0/
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Universidade Federal de Santa Maria
Brasil
Ciência da Computação
UFSM
Programa de Pós-Graduação em Ciência da Computação
Centro de Tecnologia
publisher.none.fl_str_mv Universidade Federal de Santa Maria
Brasil
Ciência da Computação
UFSM
Programa de Pós-Graduação em Ciência da Computação
Centro de Tecnologia
dc.source.none.fl_str_mv reponame:Manancial - Repositório Digital da UFSM
instname:Universidade Federal de Santa Maria (UFSM)
instacron:UFSM
instname_str Universidade Federal de Santa Maria (UFSM)
instacron_str UFSM
institution UFSM
reponame_str Manancial - Repositório Digital da UFSM
collection Manancial - Repositório Digital da UFSM
repository.name.fl_str_mv Manancial - Repositório Digital da UFSM - Universidade Federal de Santa Maria (UFSM)
repository.mail.fl_str_mv atendimento.sib@ufsm.br||tedebc@gmail.com
_version_ 1815172308927512576

Registros relacionados