TY - JOUR
T1 - Haddle
T2 - 58th IEEE Global Communications Conference, GLOBECOM 2015
AU - Gao, Yun
AU - Fu, Xiao
AU - Luo, Bin
AU - Du, Xiaojiang
AU - Guizani, Mohsen
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015
Y1 - 2015
N2 - Nowadays Hadoop is popular among businesses and individuals for its low costs, convenience, and fast speed. However, this also makes it the goal of data leakage attacks as sensitive data stored with an HDFS infrastructure grows rapidly. Therefore, it is important to investigate such attacks in Hadoop. Several works have been done on improving the security of Hadoop, but hardly any have been done on data leakage investigation. This paper presents a typical data leakage attack scene in Hadoop and proposes Haddle (Hadoop Data Leakage Explorer), a forensic framework composed of automatic analytical methods and on-demand data collection based on two stages. With the assistance of Haddle, investigators can find the stolen data, find the perpetrator who stole the data, and reconstruct the crime scene. Also, Haddle can help improve the audit mechanism of Hadoop.
AB - Nowadays Hadoop is popular among businesses and individuals for its low costs, convenience, and fast speed. However, this also makes it the goal of data leakage attacks as sensitive data stored with an HDFS infrastructure grows rapidly. Therefore, it is important to investigate such attacks in Hadoop. Several works have been done on improving the security of Hadoop, but hardly any have been done on data leakage investigation. This paper presents a typical data leakage attack scene in Hadoop and proposes Haddle (Hadoop Data Leakage Explorer), a forensic framework composed of automatic analytical methods and on-demand data collection based on two stages. With the assistance of Haddle, investigators can find the stolen data, find the perpetrator who stole the data, and reconstruct the crime scene. Also, Haddle can help improve the audit mechanism of Hadoop.
KW - Cloud computing
KW - Data leakage
KW - Forensics
KW - Hadoop
KW - HDFS
UR - http://www.scopus.com/inward/record.url?scp=84964906368&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84964906368&partnerID=8YFLogxK
U2 - 10.1109/GLOCOM.2014.7417387
DO - 10.1109/GLOCOM.2014.7417387
M3 - Conference article
AN - SCOPUS:84964906368
SN - 2334-0983
JO - Proceedings - IEEE Global Communications Conference, GLOBECOM
JF - Proceedings - IEEE Global Communications Conference, GLOBECOM
M1 - 7417387
Y2 - 6 December 2015 through 10 December 2015
ER -