Design And Implementation Of Network Forensics Analysis System Based On Hadoop

In recent years, with the further development of computer and network technology in allaspects of social life, the computer network has become the essential part of people’s life. Allpeople have enjoyed the convenient of the network, At the same time, trojan, hackers, cybercrime bring great threat to the network security, and along with the unceasing expansion ofnetwork scale, the number of network security events and the resulting losses are increasingrapidly, the network security issues have become a conspicuous problem, has become thefocus of attention of the whole society. According to the2014CNCERT Internet securitythreat report shows, the number of network security incident increased somewhat than lastyear, and there is a certain amount of the Internet infrastructure and public network denial ofservice attacks and network crime. Therefore, it is imperative to combat network crime.Under the big trend of evidence informatization, electronic evidence which depends oncomputer and computer network plays a increasingly important role in the process of provingthe facts. Because of this, network forensics becomes more and more important, hasincreasingly become the focus of domestic and foreign scholars and research institutions. Butat present there are still some challenges for network forensics: such as massive network datapackets; mining method of network evidence; the comprehensibility of network evidence etc..According to these problems, this paper developed a network forensics analysis system usingtechnology of Hadoop and clustering analysics. Through the analysis on a variety of networkattacks and bad behavior by the system, found that the system have good performance.Thispaper completed the following work:(1) On the basis of reading a lot of domestic and foreign related references, this paperanalyzed the current state of network forensic analysis system, studied the related technologyof network forensic analysis, identified the goal of system design, gave the requirementanalysis and determination of the technology of system development, including the capture ofnetwork packets, HBase data storage, the MapReduce and so on.(2) On the basis of the requirement analysis, designed a network forensics analysissystem based on Hadoop. Firstly carried on the system summary design,made sure the threemodules of sysem: data acquisition module, data storage module and data analysis module,and designed the process of each module, then gave the detailed design,determined thetechnical architecture and function of each module.(3) On the basis of the requirement analysis and system design, the use of C/Sarchitecture, through programming to achieve the various functions of the network forensicsanalysis system based on Hadoop. Finally, this system was deployed in the laboratory LANenvironment, analyzed functions and performance of the system, through the simulation of common network attacks, and visited some bad Web site through the browser to test thesystem. Through the test, found that the system can detected common network attacks andbad site rapidly, at the same time with high speed and accurate rate.