DOFUR: DDoS Forensics Using MapReduce

Abstract

Currently we have seen a very sharp increase in network traffic. Due to this increase, the size of attack log files has also increased greatly and using conventional techniques to mine the logs and get some meaningful analyses about the DDoS attacker's location and possible victims has become increasingly difficult. We propose a technique using Hadoop's MapReduce to deduce results efficiently and quickly which would otherwise take a long time if conventional means were used. The aim of this paper is to describe how we designed a framework to detect those packets in a dataset which belong to a DDoS attack using MapReduce provided by Hadoop. Experimental results using a real dataset show that parallelising DDoS detection can greatly improve efficiency.