Hadoop Development - CSC

More documents

Recommendations

Info

Real world example - a Cyber problem • We would like to be able to trace the use of any Linux system calls back to the user who was ultimately responsible for them. • Assume malicious users will try to hide their identity by spawning layers of child processes that make it difficult to track back to the original process that is their "terminal" (login) session. • What we would like to know is can <strong>Hadoop</strong> be used to solve this problem by doing the track back for any (or all) SYSCALL (system call) events? • As for the scale, consider a datacentre with: – servers generating audit events at the rate of ~20 per second, i.e. ~72,000 per hour – that has 1000 servers, i.e. ~72 million events per hour, or ~1.5 billion events a day (!) TBSC 2009 11/10/2011 12:53 PM 0725-23_TBSC 2009 22
Real world example - a Cyber problem (cont’d) • The problem can addressed by processing the audit logs produced by the auditd daemon that is supplied with Linux kernels 2.6.x (or newer). • In order to get auditd to log the data we are interested in it is necessary to set up rules in /etc/audit/audit.rules on each server as specified in the NSA document “Guide to the Secure Configuration of Red Hat Enterprise Linux 5, Revision 4, September 14, 2010” • The data to process looks something like this: TBSC 2009 11/10/2011 12:53 PM 0725-23_TBSC 2009 23
Page 1 and 2: ©2011 CSC INNOVATE AND DELIVER AN
Page 3 and 4: The Data Challenge •3 dimensions:
Page 5 and 6: Volume (cont’d) • IDC now predi
Page 7 and 8: Variety • Continuing increase in
Page 9 and 10: What Is Hadoop? • Google famously
Page 11 and 12: What Is Hadoop? (cont’d) • Hado
Page 13 and 14: Hadoop Architectural Overview (cont
Page 15 and 16: Hadoop Architectural Overview (cont
Page 17 and 18: What is Map-Reduce? • Map-Reduce
Page 19 and 20: What is Map-Reduce? (cont’d) Map
Page 21: What is Map-Reduce? (cont’d) •
Page 25 and 26: Real world example - a Cyber proble
Page 31 and 32: How to get started... • Download
Page 33 and 34: Questions? TBSC 2009 ? 11/10/2011 1
Page 35: TBSC 2009 11/10/2011 12:53 PM 0725-

Hadoop Development - CSC

Create successful ePaper yourself

Delete template?

Save as template?