Scalable Security Analytics Framework Using NoSQL Database

Abstract

Enterprises generate an estimated ten to hundred billion events every day. Large enterprises collect over 500GB logs per day. Traditional systems are not capable to handle this massive amount of data and this becoming classic problem of Big Data. Security Analytics deals with these issues by utilizing the techniques from Big Data analytics to dig out valuable information for averting cyber attacks. In this paper the scalable framework for security analytics is proposed using MongoDB NoSQL database. An attack scenario is created to simulate the zero-day malware. Supervised and unsupervised learning techniques are applied for analytics on data collected from live application and experimental set-up. The outcome is 360 view of data by singling out an abnormal access behavior for given user. It is observed that False Positive rate has been reduced.