Service denial detection method for large data platform

A big data platform, denial of service technology, applied in the field of big data security, can solve the problems of denial of service attacks, cluster security hardening guidance is not effective, and achieve the effect of preventing denial of service attacks, preventing malicious damage, and simple deployment

Inactive Publication Date: 2016-06-08
PEKING UNIV
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0017] 2) The authorization and authentication mechanism only performs security verification at the system level, but it will not work for internal users or malicious users who enter the cluster through traditional attack means. Attackers can still use the node health check mechanism and the exclusion list mechanism to initiate rejection service attack
[0018] 3) The existing authorization authentication method is not enabled by default. It is generally believed that the cluster is deployed in a safe and reliable environment, so it has little effect on the security hardening of the cluster.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Service denial detection method for large data platform
  • Service denial detection method for large data platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0041] Take Hadoop YARN as an example.

[0042] 1) In the actual situation, the administrator divides the cluster, divides 5% of the nodes (more than 10) as detection nodes, and 95% of the nodes as ordinary computing nodes, and configures the user's default submission queue as the queue where the detection nodes are located , all user applications are first submitted to the detection node to run.

[0043] 2) The MapReduce program submitted by the user can be detected in two ways:

[0044] ①Map task status detection, adding a log scanning engine engine on the detection node to track the running status of the task. If there is a problem, such as throwing an exception or failing to complete successfully, the task status is read from the log as failed, and subsequent resources are no longer available. distribute.

[0045] ② Parameter detection, to detect the parameters of the MapReduce program that can be set by the user, for example, to detect the program timeout time, the defa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a service denial detection method for a large data platform. The method includes the steps that a plurality of nodes are selected in the large data platform and serve as detection nodes, and a plurality of nodes serve as calculation nodes; a user blacklist is set; secondly, a submitted application is firstly detected in the detection nodes; if any task is detected unqualified, the task and the application are both marked failed; if tasks are detected qualified, the application is allocated to the calculation nodes for continuous execution; thirdly, the nodes are detected, and when the number of the tasks marked failed on the nodes exceeds a set value P, the nodes are marked UNHEALTHY; when the number of the calculation nodes marked UNHEALTHY exceeds a set threshold, the tasks marked failed on the calculation nodes are detected, and if the tasks come from a same user or the similarity exceeds a set value, the calculation nodes are added into an exclusion list; if the ratio of the number of the nodes in the exclusion list exceeds N%, it is judged that attack of service denial exists.

Description

technical field [0001] The invention relates to the field of big data security, in particular to a denial of service detection method for a big data platform. Background technique [0002] In the context of the era of big data, its information security issues have extended to various fields, mainly including corporate data leakage, commercial espionage, privacy leakage, and hacker attacks. In the context of the gradual completion of the big data era, it can be said that the form of network information security is very severe. Whether you can protect your privacy, information security, and cluster availability has become the first problem in deploying big data. At present, common big data processing platforms such as Hadoop, Storm, Spark, etc., do not consider how to create a secure distributed computing environment during development. Since the clusters are deployed in a LAN protected by a firewall and only allow access by internal personnel of the company, the motivation ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/44G06F21/50G06F11/20
CPCG06F11/202G06F21/44G06F21/50
Inventor 沈晴霓李文婷杨雅辉吴中海
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap