簡易檢索 / 詳目顯示

回結果列表
研究生: 羅大郡
Lo, Ta-Chun
論文名稱: 利用容器化技術開發一個以Flink為基底的殭屍網路快速偵測系統
Using Containerization Approach to Develop a Flink-based Botnet Rapid Detection System
指導教授: 謝錫堃
Shieh, Ce-Kuen
共同指導教授: 張志標
Chang, Jyh-Biau
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 電腦與通信工程研究所
Institute of Computer & Communication Engineering
論文出版年: 2020
畢業學年度: 108
語文別: 英文
論文頁數: 30
中文關鍵詞: 虛擬容器網路流Kubernetes殭屍網路偵測FlinkHadoop
外文關鍵詞: Virtual Container, NetFlow, Kubernetes, botnet detection, Flink, Hadoop
相關次數: 點閱:121下載:50
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 近年來,殭屍網路造成的破壞日益嚴重。在2018年2月底,GitHub遭受了流量高達每秒13 億位元的分佈式拒絕服務攻擊。鑑於這種趨勢,殭屍網路偵測愈來愈受關注,相關的研究也持續增加。然而,儘管殭屍網路檢測的方法和性能與時俱進,大部分的研究結果仍停留在演算法開發的理論階段,很少有研究探討如何在現實世界中部署這些系統使其發揮作用。
    在本文中,我們結合虛擬容器技術與一個基於Flink開發的殭屍網路偵測演算法,構建了一套具有管理方便、有效且易於部署等特徵的系統。我們採用docker虛擬容器和Kubernetes管理系統使其輕量化、可移植且易於部署。為了實現系統構建的目標,我們進行了一些實驗比較不同的系統設定。第一項實驗旨在找到最合適的Flink TaskManager個數。第二項實驗比較了三種不同的系統架構:獨立Flink架構、Flink on Yarn架構以及Flink on Hadoop架構。根據實驗結果,獨立的Flink架構在我們的系統中能達成更高的性能;每個節點部署兩個TaskManager可以達到最佳資源利用效率。

    The damage caused by botnets has been increasing in recent years. At the end of February 2018, GitHub suffered a distributed denial of service (DDoS) attack with traffic up to 1.3 Tbps. In view of the trend, botnet detection is getting more and more attention, and related researches are also increasing. However, although the methods and performance of botnet detection are advancing with the times, few studies have focused on deploying those systems in the real world to make them play their role, resulting in many research results still stays in the theoretical stage.
    In this paper, we combine a developed Flink-based botnet detection algorithm with virtual containers technologies to build a set of the system which owns the characteristics of convenient management, effective, and easy deployment. We use docker container runtime and Kubernetes to make the system lightweight, portable, and easy to deploy. In order to achieve the goal, we hold some experiments to compare different configurations. The first one aims to find the most proper number of Flink TaskManagers. The second experiment compares three different system architectures: standalone Flink, Flink on Yarn and Flink on Hadoop. According to the experiment results, standalone Flink performs better in our system, and two TaskManagers per node can reach the best resource efficiency.

    Chapter 1 : Introduction 1 Chapter 2 : Background & Related Works 4 2.1 Background 4 2.1.1 Container 4 2.1.2 Kubernetes 5 2.1.3 Apache Flink 6 2.1.4 BotCluster 8 2.1.5 Rapid Detection 9 2.2 Related Work 10 Chapter 3 : System Design 12 3.1 Overview 12 3.2 Design Consideration 12 3.2.1 Basic Components 12 3.2.2 Advanced Demands 14 3.3 Architecture Solutions 16 3.3.1 Flink on Hadoop 16 3.3.2 Flink on YARN 17 3.3.3 Standalone Flink 18 3.4 Comparison of Each Architecture 18 Chapter 4 : Implementation 20 4.1 Overview 20 4.2 Pods Configuration 21 4.2.1 Storage Cluster Configuration 21 4.2.2 Compute Cluster Configuration 21 4.3 Other Implement Details 22 4.3.1 Distributed Deployment 22 4.3.2 Easy Deployment 23 Chapter 5 : Experiments 24 5.1 Experiment Overview 24 5.2 Experimental Environment 24 5.3 Dataset 24 5.4 Results 25 5.4.1 Number of TaskManagers 25 5.4.2 Performance of the Three Architecture Solutions 26 Chapter 6 : Conclusion 28 Chapter 7 : References 29

    [1] A Streaming P2P Botnet Quick Detection System based on Group Features of BotCluster http://etds.lib.ncku.edu.tw/etdservice/view_metadata?etdun=U0026-1308201821074200&query_field1=&query_word1=Quick%20Detection
    [2] Apache Flink https://flink.apache.org/
    [3] C.-Y. Wang, C.-L. Ou, Y.-E. Zhang, F.-M. Cho, J.-B. Chang, and C.-K. Shieh, "BotCluster: A Session-based P2P Botnet Clustering System on NetFlow," Computer Networks, Volume 145, 9 November 2018, pp. 175-189.
    [4] D. Battulga, D. Miorandi and C. Tedeschi, "FogGuru: a Fog Computing platform based on Apache Flink," 2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), Paris, France, 2020, pp. 156-158, doi: 10.1109/ICIN48450.2020.9059374.
    [5] Docker https://www.docker.com/
    [6] Kubernetes https://kubernetes.io/
    [7] Manuja DeSilva and Michael Hendrick. "Using streaming data and Apache Flink to infer energy consumption." Proceedings of the 14th ACM International Conference on Distributed and Event-based Systems (DEBS ’20). Association for Computing Machinery, New York, USA, 204–207. doi:https://doi.org/10.1145/3401025.3401759
    [8] National Center for High-performance Computing, https://www.nchc.org.tw/
    [9] Nicolo Rivetti, Yann Busnel, and Avigdor Gal. 2017. FlinkMan: Anomaly Detection in Manufacturing Equipment with Apache Flink: Grand Challenge. In Proceedings of the 11th ACM International Conference on Distributed and Event-based Systems (DEBS '17). Association for Computing Machinery, New York, NY, USA, 274–279. DOI:https://doi.org/10.1145/3093742.3095099
    [10] Q. Zhang, L. Liu, C. Pu, Q. Dou, L. Wu and W. Zhou, "A Comparative Study of Containers and Virtual Machines in Big Data Environment," 2018 IEEE 11th International Conference on Cloud Computing (CLOUD), San Francisco, CA, 2018, pp. 178-185, doi: 10.1109/CLOUD.2018.00030.
    [11] Theodoros Toliopoulos, Christos Bellas, Anastasios Gounaris, and Apostolos Papadopoulos. 2020. PROUD: PaRallel OUtlier Detection for Streams. In Proceedings of the 2020 ACM SIGMOD International Conference on Management of Data (SIGMOD '20). Association for Computing Machinery, New York, NY, USA, 2717–2720. DOI:https://doi.org/10.1145/3318464.3384688
    [12] Zongshun Zhang and Ethan Timoteo Go. "Anomaly detection for NILM task with Apache Flink." Proceedings of the 14th ACM International Conference on Distributed and Event-based Systems (DEBS ’20). Association for Computing Machinery, New York, USA, 199–203. doi:https://doi.org/10.1145/3401025.3401758

    下載圖示 校內:立即公開
    校外:立即公開
    QR CODE