Towards Large Scale Packet Capture and Network Flow Analysis on Hadoop

Towards Large Scale Packet Capture and Network Flow Analysis on Hadoop

Network traffic continues to grow yearly at a compounded rate. However, network traffic is still being analyzed on vertically scaled machines that do not scale as well as distributed computing platforms. Hadoop's horizontally scalable ecosystem provides a better environment for processing these...

Full description

Saved in:
Bibliographic Details
Main Authors: Saavedra, Miguel Zenon Nicanor L, Yu, William Emmanuel S
Format: text
Published: Archīum Ateneo 2018
Subjects:
Libraries
Protocols
Time factors
Big Data
Standards
Aggregates
Payloads
Hadoop
Network Analytics
PCAP
Flow Analytics
Computer Sciences
Databases and Information Systems
Online Access:https://archium.ateneo.edu/discs-faculty-pubs/291
https://ieeexplore.ieee.org/document/8590897
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Ateneo De Manila University
id ph-ateneo-arc.discs-faculty-pubs-1308
record_format eprints
spelling ph-ateneo-arc.discs-faculty-pubs-13082022-04-28T06:27:07Z Towards Large Scale Packet Capture and Network Flow Analysis on Hadoop Saavedra, Miguel Zenon Nicanor L Yu, William Emmanuel S Network traffic continues to grow yearly at a compounded rate. However, network traffic is still being analyzed on vertically scaled machines that do not scale as well as distributed computing platforms. Hadoop's horizontally scalable ecosystem provides a better environment for processing these network captures stored in packet capture (PCAP) files. This paper proposes a framework called hcap for analyzing PCAPs on Hadoop inspired by the Rseaux IP Europens' (RIPE's) existing hadoop-pcap library but built completely from the ground up. The hcap framework improves several aspects of the hadoop-pcap library, namely protocol, error, and log handling. Results show that, while other methods still outperform hcap, it not only performs better than hadoop-pcap by 15% in scan queries and 18% in join queries, but it's more tolerant to broken PCAP entries which reduces preprocessing time and data loss, while also speeding up the conversion process used in other methods by 85%. 2018-11-01T07:00:00Z text https://archium.ateneo.edu/discs-faculty-pubs/291 https://ieeexplore.ieee.org/document/8590897 Department of Information Systems & Computer Science Faculty Publications Archīum Ateneo Libraries Protocols Time factors Big Data Standards Aggregates Payloads Hadoop Network Analytics PCAP Flow Analytics Computer Sciences Databases and Information Systems
institution Ateneo De Manila University
building Ateneo De Manila University Library
continent Asia
country Philippines
Philippines
content_provider Ateneo De Manila University Library
collection archium.Ateneo Institutional Repository
topic Libraries
Protocols
Time factors
Big Data
Standards
Aggregates
Payloads
Hadoop
Network Analytics
PCAP
Flow Analytics
Computer Sciences
Databases and Information Systems
spellingShingle Libraries
Protocols
Time factors
Big Data
Standards
Aggregates
Payloads
Hadoop
Network Analytics
PCAP
Flow Analytics
Computer Sciences
Databases and Information Systems
Saavedra, Miguel Zenon Nicanor L
Yu, William Emmanuel S
Towards Large Scale Packet Capture and Network Flow Analysis on Hadoop
description Network traffic continues to grow yearly at a compounded rate. However, network traffic is still being analyzed on vertically scaled machines that do not scale as well as distributed computing platforms. Hadoop's horizontally scalable ecosystem provides a better environment for processing these network captures stored in packet capture (PCAP) files. This paper proposes a framework called hcap for analyzing PCAPs on Hadoop inspired by the Rseaux IP Europens' (RIPE's) existing hadoop-pcap library but built completely from the ground up. The hcap framework improves several aspects of the hadoop-pcap library, namely protocol, error, and log handling. Results show that, while other methods still outperform hcap, it not only performs better than hadoop-pcap by 15% in scan queries and 18% in join queries, but it's more tolerant to broken PCAP entries which reduces preprocessing time and data loss, while also speeding up the conversion process used in other methods by 85%.
format text
author Saavedra, Miguel Zenon Nicanor L
Yu, William Emmanuel S
author_facet Saavedra, Miguel Zenon Nicanor L
Yu, William Emmanuel S
author_sort Saavedra, Miguel Zenon Nicanor L
title Towards Large Scale Packet Capture and Network Flow Analysis on Hadoop
title_short Towards Large Scale Packet Capture and Network Flow Analysis on Hadoop
title_full Towards Large Scale Packet Capture and Network Flow Analysis on Hadoop
title_fullStr Towards Large Scale Packet Capture and Network Flow Analysis on Hadoop
title_full_unstemmed Towards Large Scale Packet Capture and Network Flow Analysis on Hadoop
title_sort towards large scale packet capture and network flow analysis on hadoop
publisher Archīum Ateneo
publishDate 2018
url https://archium.ateneo.edu/discs-faculty-pubs/291
https://ieeexplore.ieee.org/document/8590897
_version_ 1733052860135899136

Similar Items