دانلود رایگان مقاله نظارت بر شبکه بر اساس محاسبات ابری و تشخیص تهدید سیستم

Abstract

Critical infrastructure systems perform functions and missions that are essential for our national economy, health, and security. These functions are vital to commerce, government, and society and are closely interrelated with people’s lives. To provide highly secured critical infrastructure systems, a scalable, reliable and robust threat monitoring and detection system should be developed to efficiently mitigate cyber threats. In addition, big data from threat monitoring systems pose serious challenges for cyber operations because an ever growing number of devices in the system and the amount of complex monitoring data collected from critical infrastructure systems require scalable methods to capture, store, manage, and process the big data. To address these challenges, in this paper, we propose a cloud computing based network monitoring and threat detection system to make critical infrastructure systems secure. Our proposed system consists of three main components: monitoring agents, cloud infrastructure, and an operation center. To build our proposed system, we use both Hadoop MapReduce and Spark to speed up data processing by separating and processing data streams concurrently. With a real-world data set, we conducted real-world experiments to evaluate the effectiveness of our developed network monitoring and threat detection system in terms of network monitoring, threat detection, and system performance. Our empirical data indicates that the proposed system can efficiently monitor network activities, find abnormal behaviors, and detect network threats to protect critical infrastructure systems.

7. Conclusion

In this paper, we proposed a cloud computing-based network monitoring and threat detection system to secure critical infrastructure systems. The three main components of the proposed system are monitoring agents, cloud infrastructure, and an operation center. With distributed deploying in critical infrastructure systems, monitoring agents play a role in data collection. A cloud infrastructure can provide both large storage space and high computation resources. The operation center can dynamically update system operation policies, configuration, and monitor the system security. We leveraged both Hadoop MapReduce and Spark to speed up data processing by separating and processing data streams concurrently. To evaluate the effectiveness of our developed network threat monitoring system, we evaluated the effectiveness of our developed system with respect to network monitoring, threat detection, and system performance. Through our extensive evaluations, our data shows that the proposed system can efficiently help the system administrator to monitor network activities and find abnormal behaviors. Moreover, the proposed system can accurately and dynamically detect network threats. Our experiments also show that there is a significant performance gain when Spark is used over Hadoop MapReduce.