Abstract
Snort is a well-known, signature-based network intrusion detection system (NIDS). The Snort sensor must be placed within the same physical network, and the defense centers in the typical NIDS architecture offer limited network coverage, especially for remote networks with a restricted bandwidth and network policy. Additionally, the growing number of sensor instances, followed by a quick increase in log data volume, has caused the present system to face big data challenges. This research paper proposes a novel design for a cloud-based Snort NIDS using containers and implementing big data in the defense center to overcome these problems. Our design consists of Docker as the sensor’s platform, Apache Kafka, as the distributed messaging system, and big data technology orchestrated on lambda architecture. We conducted experiments to measure sensor deployment, optimum message delivery from the sensors to the defense center, aggregation speed, and efficiency in the data-processing performance of the defense center. We successfully developed a cloud-based Snort NIDS and found the optimum method for message-delivery from the sensor to the defense center. We also succeeded in developing the dashboard and attack maps to display the attack statistics and visualize the attacks. Our first design is reported to implement the big data architecture, namely, lambda architecture, as the defense center and utilize rapid deployment of Snort NIDS using Docker technology as the network security monitoring platform.
Highlights
Snort is a commonly used, signature-based network intrusion detection system (NIDS) [1]
The rapid change in Internet technology with cloud computing and big data technology challenged us to develop a new platform for a network intrusion detection system (NIDS)
The cloud-based NIDS platform requires sensors that act as multi-agents, messaging middleware, and big data environments
Summary
Snort is a commonly used, signature-based network intrusion detection system (NIDS) [1] It is implemented in many network security systems. The sensors send the log data to a dedicated defense center for processing and aggregation. One of the best examples of Snort’s implementation is in the Mata Garuda Project of the Indonesia Security Incident Response Team in the Internet Infrastructure coordination center (ID-SIRTII/CC) [2,3]. The intrusion detection, data aggregation sensors, and defense center were in the same networks. The data were aggregated based on various time units and enriched with IP geolocation to build attack maps and other security-related tools for analyses. In139.2e0.00a0rly 2019, the rap00id..0580change in Intern7e80t.05.00t0echnology in Indo04n..35e00sia, with cloud com puting120a.0n0d big data techno0.l4o0 gy, challenged u70s0.t0o0 develop a new ve1r.0s0ion of Mata Garuda. The UbeDtwTeFenretdheuscoeudrcjeoiInP atadbdlreesos panedraGtieoon2IcPolmocpatuiotnattiaobnle.tiTmhee aflrgoomrith3m56t1hasttwoe0a.0p8plsieudsing joi qonuebriiTqigenuhsdete.hraUiFeetiDsmag.TuitFneFirgicenruhegr3dnepuos3rchloesocohdgewosjywoss.iswnttahthaseebklaa-ermrcochephiateniertcsaettcucilotruuensrotceefortmiohnfepguti,mhwtaephtriiioocmnvheptadimlrlvooeevwrfesreioddomnuvos3ef5tro6Ms1icoalstunatsoGtoe0far.r0GMu8deasoatuI,aPbsiaaGnstgetaadrjcouokinnsd.a, base big data technology
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
