The Next-Generation NIDS Platform: Cloud-Based Snort NIDS Using Containers and Big Data
Snort is a well-known, signature-based network intrusion detection system (NIDS). The Snort sensor must be placed within the same physical network, and the defense centers in the typical NIDS architecture offer limited network coverage, especially for remote networks with a restricted bandwidth and...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-02-01
|
| Series: | Big Data and Cognitive Computing |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2504-2289/6/1/19 |
| _version_ | 1797472874202660864 |
|---|---|
| author | Ferry Astika Saputra Muhammad Salman Jauari Akhmad Nur Hasim Isbat Uzzin Nadhori Kalamullah Ramli |
| author_facet | Ferry Astika Saputra Muhammad Salman Jauari Akhmad Nur Hasim Isbat Uzzin Nadhori Kalamullah Ramli |
| author_sort | Ferry Astika Saputra |
| collection | DOAJ |
| description | Snort is a well-known, signature-based network intrusion detection system (NIDS). The Snort sensor must be placed within the same physical network, and the defense centers in the typical NIDS architecture offer limited network coverage, especially for remote networks with a restricted bandwidth and network policy. Additionally, the growing number of sensor instances, followed by a quick increase in log data volume, has caused the present system to face big data challenges. This research paper proposes a novel design for a cloud-based Snort NIDS using containers and implementing big data in the defense center to overcome these problems. Our design consists of Docker as the sensor’s platform, Apache Kafka, as the distributed messaging system, and big data technology orchestrated on lambda architecture. We conducted experiments to measure sensor deployment, optimum message delivery from the sensors to the defense center, aggregation speed, and efficiency in the data-processing performance of the defense center. We successfully developed a cloud-based Snort NIDS and found the optimum method for message-delivery from the sensor to the defense center. We also succeeded in developing the dashboard and attack maps to display the attack statistics and visualize the attacks. Our first design is reported to implement the big data architecture, namely, lambda architecture, as the defense center and utilize rapid deployment of Snort NIDS using Docker technology as the network security monitoring platform. |
| first_indexed | 2024-03-09T20:07:20Z |
| format | Article |
| id | doaj.art-ff477c63cbd54a8fb32d8ceb5b441925 |
| institution | Directory Open Access Journal |
| issn | 2504-2289 |
| language | English |
| last_indexed | 2024-03-09T20:07:20Z |
| publishDate | 2022-02-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Big Data and Cognitive Computing |
| spelling | doaj.art-ff477c63cbd54a8fb32d8ceb5b4419252023-11-24T00:29:03ZengMDPI AGBig Data and Cognitive Computing2504-22892022-02-01611910.3390/bdcc6010019The Next-Generation NIDS Platform: Cloud-Based Snort NIDS Using Containers and Big DataFerry Astika Saputra0Muhammad Salman1Jauari Akhmad Nur Hasim2Isbat Uzzin Nadhori3Kalamullah Ramli4Department of Electrical Engineering, Faculty of Engineering, Kampus UI Depok, Universitas Indonesia, Depok 16424, IndonesiaDepartment of Electrical Engineering, Faculty of Engineering, Kampus UI Depok, Universitas Indonesia, Depok 16424, IndonesiaDepartment of Informatics and Computer Engineering, Kampus Sukolilo, Politeknik Elektronika Negeri Surabaya, Surabaya 60111, IndonesiaDepartment of Informatics and Computer Engineering, Kampus Sukolilo, Politeknik Elektronika Negeri Surabaya, Surabaya 60111, IndonesiaDepartment of Electrical Engineering, Faculty of Engineering, Kampus UI Depok, Universitas Indonesia, Depok 16424, IndonesiaSnort is a well-known, signature-based network intrusion detection system (NIDS). The Snort sensor must be placed within the same physical network, and the defense centers in the typical NIDS architecture offer limited network coverage, especially for remote networks with a restricted bandwidth and network policy. Additionally, the growing number of sensor instances, followed by a quick increase in log data volume, has caused the present system to face big data challenges. This research paper proposes a novel design for a cloud-based Snort NIDS using containers and implementing big data in the defense center to overcome these problems. Our design consists of Docker as the sensor’s platform, Apache Kafka, as the distributed messaging system, and big data technology orchestrated on lambda architecture. We conducted experiments to measure sensor deployment, optimum message delivery from the sensors to the defense center, aggregation speed, and efficiency in the data-processing performance of the defense center. We successfully developed a cloud-based Snort NIDS and found the optimum method for message-delivery from the sensor to the defense center. We also succeeded in developing the dashboard and attack maps to display the attack statistics and visualize the attacks. Our first design is reported to implement the big data architecture, namely, lambda architecture, as the defense center and utilize rapid deployment of Snort NIDS using Docker technology as the network security monitoring platform.https://www.mdpi.com/2504-2289/6/1/19Snortbig datacloud-based IDSdockerlambda architecture |
| spellingShingle | Ferry Astika Saputra Muhammad Salman Jauari Akhmad Nur Hasim Isbat Uzzin Nadhori Kalamullah Ramli The Next-Generation NIDS Platform: Cloud-Based Snort NIDS Using Containers and Big Data Big Data and Cognitive Computing Snort big data cloud-based IDS docker lambda architecture |
| title | The Next-Generation NIDS Platform: Cloud-Based Snort NIDS Using Containers and Big Data |
| title_full | The Next-Generation NIDS Platform: Cloud-Based Snort NIDS Using Containers and Big Data |
| title_fullStr | The Next-Generation NIDS Platform: Cloud-Based Snort NIDS Using Containers and Big Data |
| title_full_unstemmed | The Next-Generation NIDS Platform: Cloud-Based Snort NIDS Using Containers and Big Data |
| title_short | The Next-Generation NIDS Platform: Cloud-Based Snort NIDS Using Containers and Big Data |
| title_sort | next generation nids platform cloud based snort nids using containers and big data |
| topic | Snort big data cloud-based IDS docker lambda architecture |
| url | https://www.mdpi.com/2504-2289/6/1/19 |
| work_keys_str_mv | AT ferryastikasaputra thenextgenerationnidsplatformcloudbasedsnortnidsusingcontainersandbigdata AT muhammadsalman thenextgenerationnidsplatformcloudbasedsnortnidsusingcontainersandbigdata AT jauariakhmadnurhasim thenextgenerationnidsplatformcloudbasedsnortnidsusingcontainersandbigdata AT isbatuzzinnadhori thenextgenerationnidsplatformcloudbasedsnortnidsusingcontainersandbigdata AT kalamullahramli thenextgenerationnidsplatformcloudbasedsnortnidsusingcontainersandbigdata AT ferryastikasaputra nextgenerationnidsplatformcloudbasedsnortnidsusingcontainersandbigdata AT muhammadsalman nextgenerationnidsplatformcloudbasedsnortnidsusingcontainersandbigdata AT jauariakhmadnurhasim nextgenerationnidsplatformcloudbasedsnortnidsusingcontainersandbigdata AT isbatuzzinnadhori nextgenerationnidsplatformcloudbasedsnortnidsusingcontainersandbigdata AT kalamullahramli nextgenerationnidsplatformcloudbasedsnortnidsusingcontainersandbigdata |