DOCSLIB.ORG

Network Traffic Profiling and Anomaly Detection for Cyber Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Network Traffic Profiling and Anomaly Detection for Cyber Security Network traffic profiling and anomaly detection for cyber security Laurens D’hooge Student number: 01309688 Supervisors: Prof. dr. ir. Filip De Turck, dr. ir. Tim Wauters Counselors: Prof. dr. Bruno Volckaert, dr. ir. Tim Wauters A dissertation submitted to Ghent University in partial fulfilment of the requirements for the degree of Master of Science in Information Engineering Technology Academic year: 2017-2018 Acknowledgements This thesis is the result of 4 months work and I would like to express my gratitude towards the people who have guided me throughout this process. First and foremost I’d like to thank my thesis advisors prof. dr. Bruno Volckaert and dr. ir. Tim Wauters. By virtue of their knowledge and clear communication, I was able to maintain a clear target. Secondly I would like to thank prof. dr. ir. Filip De Turck for providing me the opportunity to conduct research in this field with the IDLab research group. Special thanks to Andres Felipe Ocampo Palacio and dr. Marleen Denert are in order as well. Mr. Ocampo’s Phd research into big data processing for network traffic and the resulting framework are an integral part of this thesis. Ms. Denert has been the go-to member of the faculty staff for general advice and administrative dealings. The final token of gratitude I’d like to extend to my family and friends for their continued support during this process. Laurens D’hooge Network traffic profiling and anomaly detection for cyber security Laurens D’hooge Supervisor(s): prof. dr. ir. Filip De Turck, dr. ir. Tim Wauters Abstract— This article is a short summary of the research findings of a creation of APT2. An open source project on Github, by an Master’s dissertation on the intersection of network intrusion detection, big employee of Rapid7, the company behind the biggest frame- data processing and machine learning. Its results contribute to the founda- tion of a new research project at the Internet Technology and Data Science work for penetration testing, Metasploit. APT2 [3] is a Python- Lab (IDLab) of the University of Ghent. powered extensible framework for Metasploit and nmap au- Keywords— Network intrusion detection, big data, Apache Spark, ma- tomation. APT2 starts with an nmap scan or an nmap file with chine learning, Metasploit the details of a previous scan. Based on the information from the scan, events are fired that get picked up by automated versions of I. INTRODUCTION reconnaissance and exploit modules from Metasploit. The pro- HE full text of this dissertation covers a wide range of top- gram requires almost no human interaction and is customizable. Tics, connected to existing research fields at IDLab [1], a.o.: To avoid unwanted intrusiveness, a safety setting is available in APT2, with values ranging from one to five. One is the most ag- gressive level and can potentially crash the target server. Level • Machine learning and data mining 5 is the weakest intrusiveness level and does only information • Cloud and big data infrastructures gathering tasks. As a final extension to this research part, I have • Cyber security written an attack that automates another Metasploit module and The three main sections that were researched are summarized nmap to find hosts with a vulnerability in the TCP/IP stack, al- briefly. These sections are: lowing them to act as intermediaries for a stealthy port scan of • A capture setup for network traffic with an automated hacker the real target. and intentionally vulnerable target B. Vulnerable target • A detailed study of the state of the art in big data process- ing for the purpose of network intrusion detection (NIDS), with An automated hacker isn’t useful without a target to attack. special attention for the Apache Spark engine and ecosystem. To collect quality traffic beyond probing (=port scanning, finger- • The processing of a public NIDS data set, with machine learn- printing), the target should be exploitable. The second stage of ing algorithms. Implementations cover both Scikit-Learn and this research part was the search and integration of a deliberately Apache Spark to research the benefits and drawbacks of single- vulnerable system in a controlled environment. After comparing host versus distributed processing. different options, Metasploitable3, was chosen to be the target. It integrates well with Metasploit because it is also invented and II. AUTOMATED ATTACKER AND VULNERABLE TARGET maintained by Rapid7 (and the open source community). Metas- Data quality is of paramount importance to build any machine ploitable3 is a portable, virtual machine (VM) built on Pakcer, learning system. A system that can generalize needs to have Chef and Vagrant [4]. Packer uses a template system to specify seen lots of normal and attack traffic. Obtaining clean samples the creation steps of virtual machines in a portable way. Chef is is a difficult problem, especially if those samples have to be la- a tool to configure what software should be installed on a VM beled. Human labeling is hard because network traffic quickly and how it should be configured. Chef’s configuration files are generates large volumes of varied data. The labeling is com- called recipes and are listed in a section of the Packer build tem- plicated further by the contextual classification difficulty of net- plate. After building the VM, the final configuration (e.g. net- work packets and flows. They might not be anomalous on their working) is done by Vagrant, which also acts as a management own, but when seen as part of a set, do indicate an attack. To system for virtual machines, with functionality akin to Docker solve this problem a setup was created that combines an auto- for containers. mated hacker and a target with intentionally vulnerable services to exploit. This experiment was tested on the cloud experiment C. Results infrastructure of the University, the Virtual Wall [2]. The setup has been experimentally verified on the Virtual Wall. The experiment layout is shown in figure 1. The layout is A. Automated hacker a stripped down version of the full layout to reduce the resource Manual penetration testing is a laborious, repetitive process claim on the Virtual Wall. An even smaller layout without the that can be automated. This thought was the inspiration for the us and dst nodes has been used for testing as well. Traffic col- lection was done with TShark, Wireshark’s command line inter- L. D’hooge does his dissertation at the IDLab research group of the faculty of engineering and architecture, Ghent University (UGent), Gent, Belgium. E- face. The packet capture files were transformed into flows with mail: [email protected] . Joy, an open source tool by Cisco for network security research, monitoring and forensics [5]. Inspection of the generated traffic at the available safety levels revealed that APT2 was success- ful in gathering information with the modules for which Metas- ploitable ran a service. This proves the validity of the setup and opens more extension of APT2 and Metasploitable in tandem to exploit a greater number of services. Labeling the resulting cap- tures is less problematic, because of the controlled environment in which the experiment runs. Specific modules can activated to attack specific services, with much less overhead and noise than capturing in a network with active users. Fig. 2. The Spark ecosystem The main abstraction underlying Spark is the resilient, dis- tributed data set (RDD) on top of which more recent additions like DataFrames and DataSets have been built. More efficient processing is continually introduced into the Spark project and its libraries. Two main projects stand out: the Spark-SQL cata- lyst optimizer works like a database query optimizer, receiving a programmed logical query plan, generating an optimized logical query plan and ultimately outputting Java bytecode that runs on each machine. The other umbrella project concerned with opti- mization is called Project Tungsten. The research efforts under Tungsten are focused on improving memory management and binary processing (elimination of memory and garbage collec- tion overhead), cache-aware computation (making optimal use of on-die CPU cache) and code generation (improving serializa- tion and removing virtual function calls). These improvements aim to make Spark the dominant big data processing engine for Fig. 1. Experiment layout times to come. B. IDLab NIDS architecture III. BIG DATA FOR NETWORK INTRUSION DETECTION This dissertation happens complementary to the research of SYSTEMS an IDLab PhD. student, Andres Ocampo. His research focuses on user profiling and data-analysis from a streaming perspective Network traffic maps directly onto the three dimensions of [8], while this research has a batch perspective. The layout in big data, volume, velocity and variety. Because of this, a part which both systems integrate is shown in figure 3. An avenue of the research time was invested in getting to the state-of-the for future research is the deep integration of the real-time stream art of big data processing, with the specific purpose of network processing and profiling with detailed batch analysis. intrusion detection. After this research phase, the Apache Spark engine was studied from an architectural overview down to the IV. MACHINE LEARNING FOR NETWORK INTRUSION optimization efforts at the byte- and native code level. DETECTION SYSTEMS The biggest and last part of this dissertation is the use of ma- A. Apache Spark chine learning (ML) algorithms for IDS purposes with imple- The core processing engine in this dissertation is Apache mentations on Spark (distributed) and Scikit-learn [11] (single- Spark, the successor of Apache Hadoop. Spark is an in-memory host) to study whether and how using Spark is beneficial in this big data engine, with three layers (see figure 2). The Spark Core, process. Research began with a broad search state of the art in which provides shared functionality for the four libraries on top machine learning and anomaly detection, followed by more spe- of it.
Load more

Recommended publications
  • Large-Scale Learning from Data Streams with Apache SAMOA
    Large-Scale Learning from Data Streams with Apache SAMOA Nicolas Kourtellis1, Gianmarco De Francisci Morales2, and Albert Bifet3 1 Telefonica Research, Spain, [email protected] 2 Qatar Computing Research Institute, Qatar, [email protected] 3 LTCI, Télécom ParisTech, France, [email protected] Abstract. Apache SAMOA (Scalable Advanced Massive Online Anal- ysis) is an open-source platform for mining big data streams. Big data is defined as datasets whose size is beyond the ability of typical soft- ware tools to capture, store, manage, and analyze, due to the time and memory complexity. Apache SAMOA provides a collection of dis- tributed streaming algorithms for the most common data mining and machine learning tasks such as classification, clustering, and regression, as well as programming abstractions to develop new algorithms. It fea- tures a pluggable architecture that allows it to run on several distributed stream processing engines such as Apache Flink, Apache Storm, and Apache Samza. Apache SAMOA is written in Java and is available at https://samoa.incubator.apache.org under the Apache Software Li- cense version 2.0. 1 Introduction Big data are “data whose characteristics force us to look beyond the traditional methods that are prevalent at the time” [18]. For instance, social media are one of the largest and most dynamic sources of data. These data are not only very large due to their fine grain, but also being produced continuously. Furthermore, such data are nowadays produced by users in different environments and via a multitude of devices. For these reasons, data from social media and ubiquitous environments are perfect examples of the challenges posed by big data.
    [Show full text]
  • DSP Frameworks DSP Frameworks We Consider
    Università degli Studi di Roma “Tor Vergata” Dipartimento di Ingegneria Civile e Ingegneria Informatica DSP Frameworks Corso di Sistemi e Architetture per Big Data A.A. 2017/18 Valeria Cardellini DSP frameworks we consider • Apache Storm (with lab) • Twitter Heron – From Twitter as Storm and compatible with Storm • Apache Spark Streaming (lab) – Reduce the size of each stream and process streams of data (micro-batch processing) • Apache Flink • Apache Samza • Cloud-based frameworks – Google Cloud Dataflow – Amazon Kinesis Streams Valeria Cardellini - SABD 2017/18 1 Apache Storm • Apache Storm – Open-source, real-time, scalable streaming system – Provides an abstraction layer to execute DSP applications – Initially developed by Twitter • Topology – DAG of spouts (sources of streams) and bolts (operators and data sinks) Valeria Cardellini - SABD 2017/18 2 Stream grouping in Storm • Data parallelism in Storm: how are streams partitioned among multiple tasks (threads of execution)? • Shuffle grouping – Randomly partitions the tuples • Field grouping – Hashes on a subset of the tuple attributes Valeria Cardellini - SABD 2017/18 3 Stream grouping in Storm • All grouping (i.e., broadcast) – Replicates the entire stream to all the consumer tasks • Global grouping – Sends the entire stream to a single task of a bolt • Direct grouping – The producer of the tuple decides which task of the consumer will receive this tuple Valeria Cardellini - SABD 2017/18 4 Storm architecture • Master-worker architecture Valeria Cardellini - SABD 2017/18 5 Storm
    [Show full text]
  • Comparative Analysis of Data Stream Processing Systems
    Shah Zeb Mian Comparative Analysis of Data Stream Processing Systems Master’s Thesis in Information Technology February 23, 2020 University of Jyväskylä Faculty of Information Technology Author: Shah Zeb Mian Contact information: [email protected] Supervisors: Oleksiy Khriyenko, and Vagan Terziyan Title: Comparative Analysis of Data Stream Processing Systems Työn nimi: Vertaileva analyysi Data Stream-käsittelyjärjestelmistä Project: Master’s Thesis Study line: All study lines Page count: 48+0 Abstract: Big data processing systems are evolving to be more stream oriented where data is processed continuously by processing it as soon as it arrives. Earlier data was often stored in a database, a file system or other form of data storage system. Applications would query the data as needed. Stram processing is the processing of data in motion. It works on continuous data retrieved from different resources. Instead of periodically collecting huge static data, streaming frameworks process data as soon as it becomes available, hence reducing latency. This thesis aims to conduct a comparative analysis of different streaming processors based on selected features. Research focuses on Apache Samza, Apache Flink, Apache Storm and Apache Spark Structured Streaming. Also, this thesis explains Apache Kafka which is a log-based data storage widely used in streaming frameworks. Keywords: Big Data, Stream Processing,Batch Processing,Streaming Engines, Apache Kafka, Apache Samza Suomenkielinen tiivistelmä: Big data-käsittelyjärjestelmät ovat tällä hetkellä kehittymässä stream-orientoituneiksi, eli data käsitellään heti saapuessaan. Perinteisemmin data säilöt- tiin tietokantaan, tiedostopohjaisesti tai muuhun tiedonsäilytysjärjestelmään, ja applikaatiot hakivat datan tarvittaessa. Stream-pohjainen järjestelmä käsittelee liikkuvaa dataa, jatkuva- aikaista dataa useasta lähteestä. Sen sijaan, että haetaan ajoittain dataa, stream-pohjaiset frameworkit pystyvät käsittelemään i dataa heti kun se on saatavilla, täten vähentäen viivettä.
    [Show full text]
  • Optimizing Resource Utilization in Distributed Computing Systems For
    THESE` DE DOCTORAT DE L’ETABLISSEMENT´ UNIVERSITE´ BOURGOGNE FRANCHE-COMTE´ PREPAR´ EE´ A` L’UNIVERSITE´ DE FRANCHE-COMTE´ Ecole´ doctorale n°37 Sciences Pour l’Ingenieur´ et Microtechniques Doctorat d’Informatique par ANTHONY NASSAR Optimizing Resource Utilization in Distributed Computing Systems for Automotive Applications Optimisation de l’utilisation des ressources dans les systemes` informatiques distribues´ pour les applications automobiles These` present´ ee´ et soutenue publiquement le 04-02-2021 a` Belfort, devant le Jury compose´ de : MR CERIN CHRISTOPHE Professeur a` l’Universite´ Sorbonne Paris Nord President´ MR CHBEIR RICHARD Professeur a` l’Universite´ de Pau et des Pays de l’Adour Rapporteur MME BENBERNOU SALIMA Professeur a` l’Universite´ Paris-Descartes Rapporteur MR MOSTEFAOUI AHMED Maˆıtre de conferences´ a` l’Universite´ de Franche-Comte´ Directeur de these` MR DESSABLES FRANC¸ OIS Ingenieur´ chez Groupe PSA Codirecteur de these` DOCTORAL THESIS OF THE UNIVERSITY BOURGOGNE FRANCHE-COMTE´ INSTITUTION PREPARED AT UNIVERSITE´ DE FRANCHE-COMTE´ Doctoral school n°37 Engineering Sciences and Microtechnologies Computer Science Doctorate by ANTHONY NASSAR Optimizing Resource Utilization in Distributed Computing Systems for Automotive Applications Optimisation de l’utilisation des ressources dans les systemes` informatiques distribues´ pour les applications automobiles Thesis presented and publicly defended in Belfort, on 04-02-2021 Composition of the Jury : CERIN CHRISTOPHE Professor at Universite´ Sorbonne Paris Nord President
    [Show full text]
  • Storage and Ingestion Systems in Support of Stream Processing
    Storage and Ingestion Systems in Support of Stream Processing: A Survey Ovidiu-Cristian Marcu, Alexandru Costan, Gabriel Antoniu, María Pérez-Hernández, Radu Tudoran, Stefano Bortoli, Bogdan Nicolae To cite this version: Ovidiu-Cristian Marcu, Alexandru Costan, Gabriel Antoniu, María Pérez-Hernández, Radu Tudoran, et al.. Storage and Ingestion Systems in Support of Stream Processing: A Survey. [Technical Report] RT-0501, INRIA Rennes - Bretagne Atlantique and University of Rennes 1, France. 2018, pp.1-33. hal-01939280v2 HAL Id: hal-01939280 https://hal.inria.fr/hal-01939280v2 Submitted on 14 Dec 2018 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Storage and Ingestion Systems in Support of Stream Processing: A Survey Ovidiu-Cristian Marcu, Alexandru Costan, Gabriel Antoniu, María S. Pérez-Hernández, Radu Tudoran, Stefano Bortoli, Bogdan Nicolae TECHNICAL REPORT N° 0501 November 2018 Project-Team KerData ISSN 0249-0803 ISRN INRIA/RT--0501--FR+ENG Storage and Ingestion Systems in Support of Stream Processing: A Survey Ovidiu-Cristian Marcu∗, Alexandru
    [Show full text]
  • A Study of Incremental Checkpointing in Distributed Stream Processing Systems
    A Study of Incremental Checkpointing in Distributed Stream Processing Systems A Thesis submitted to the designated by the General Assembly of Special Composition of the Department of Computer Science and Engineering Examination Committee by Aristidis Chronarakis in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE IN COMPUTER SCIENCE WITH SPECIALIZATION IN COMPUTER SYSTEMS University of Ioannina 2019 Examining Committee: • Kostas Magoutis, Assistant Professor, Department of Computer Science and Engineering, University of Ioannina (Supervisor) • Vassilios V. Dimakopoulos, Associate Professor, Department of Computer Sci- ence and Engineering, University of Ioannina • Evaggelia Pitoura, Professor, Department of Computer Science and Engineer- ing, University of Ioannina Dedication Dedicated to my family. Acknowledgements I would like to thank my advisor Prof. Kostas Magoutis for his guidance and support throughout my studies on the department, from the undergraduate level till the graduate. Special thanks to Prof. Vassilios Dimakopoulos and Prof. Evaggelia Pitoura for their participation as members of the examination committee. Finally, I would like to thank my family for the support and my friends for all the good moments we spent. Table of Contents List of Figures iii Abstract v Εκτεταμένη Περίληψη vi 1 Introduction 1 1.1 Objectives ................................... 2 1.2 Structure of this dissertation ......................... 3 2 Background 4 2.1 General concepts ............................... 4 2.2 Checkpoint-rollback methodology ..................... 7 2.3 Continuous eventual checkpointing (CEC) ................. 8 2.4 Apache Samza ................................ 9 2.4.1 Streams ................................ 9 2.4.2 Applications, Tasks, Containers ................... 10 2.4.3 State .................................. 11 2.4.4 Fault tolerance of stateful applications ............... 12 2.4.5 Message (tuple) replay and semantics ..............
    [Show full text]
  • Evaluating the Impact of Streaming Systems Design on Application Performance Alessio Pagliari
    Evaluating the impact of streaming systems design on application performance Alessio Pagliari To cite this version: Alessio Pagliari. Evaluating the impact of streaming systems design on application performance. Data Structures and Algorithms [cs.DS]. Université Côte d’Azur, 2021. English. NNT : 2021COAZ4011. tel-03273377 HAL Id: tel-03273377 https://tel.archives-ouvertes.fr/tel-03273377 Submitted on 29 Jun 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE DE DOCTORAT Évaluer l'impact de la conception des systèmes de streaming sur la performance des applications Alessio PAGLIARI Laboratoire d’Informatique, Signaux et Systèmes de Sophia Antipolis (I3S) Présentée en vue de l’obtention Devant le jury, composé de : du grade de docteur en Informatique Jean-Marc Pierson, Professeur, Université Paul Sabatier Toulouse 3 d’Université Côte d’Azur Guillaume Pierre, Professeur, Université de Rennes 1 Pietro Michiardi, Professeur, Eurecom Dirigée par : Fabrice Huet / Fabrice Huet, Professeur, Université Côte d’Azur Guillaume Urvoy-Keller, Professeur,
    [Show full text]
  • Apache Samza
    Apache Samza Martin Kleppmann Definition vehicles, or the writes of records to a database. Apache Samza is an open source frame- Stream processing jobs are long- work for distributed processing of high- running processes that continuously volume event streams. Its primary design consume one or more event streams, goal is to support high throughput for a invoking some application logic on wide range of processing patterns, while every event, producing derived output providing operational robustness at the streams, and potentially writing output massive scale required by Internet com- to databases for subsequent querying. panies. Samza achieves this goal through While a batch process or a database a small number of carefully designed ab- query typically reads the state of a stractions: partitioned logs for messag- dataset at one point in time, and then ing, fault-tolerant local state, and cluster- finishes, a stream processor is never based task scheduling. finished: it continually awaits the arrival of new events, and it only shuts down when terminated by an administrator. Many tasks can be naturally ex- Overview pressed as stream processing jobs, for example: Stream processing is playing an increas- • aggregating occurrences of events, ingly important part of the data man- e.g., counting how many times a agement needs of many organizations. particular item has been viewed; Event streams can represent many kinds • computing the rate of certain events, of data, for example, the activity of users e.g., for system diagnostics, report- on a website, the movement of goods or ing, and abuse prevention; 1 2 Martin Kleppmann • enriching events with information the scalability of Samza is directly at- from a database, e.g., extending user tributable to the choice of these founda- click events with information about tional abstractions.
    [Show full text]
  • An Evaluation of Real-Time Processing of Call Detail Records Using Stream Processing
    UNIVERSITY OF NAIROBI COLLEGE OF BIOLOGICAL AND PHYSICAL SCIENCES SCHOOL OF COMPUTING AND INFORMATICS An Evaluation of Real-Time Processing of Call Detail Records Using Stream Processing CATHERINE KITHUSI WAMBUA P53/73389/2014 A research project report submitted to the School of Computing and Informatics in partial fulfillment of the requirements for the award of the Degree of Masters of Science in Distributed Computing Technology at the University of Nairobi December 2017. DECLARATION I certify that this research project report to the best of my knowledge, is my original authorial work except as acknowledged therein and has not been submitted for any other degree or professional qualification award in this or any other University. Signature: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Date: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Catherine Kithusi Wambua (P53/73389/2014) This research report has been submitted in partial fulfillment of the requirements for the Degree of Master of Science in Distributed Computing Technology at the University of Nairobi with my approval as the University supervisor. Signature: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Date: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Dr. Christopher Chepken i | P a g e DEDICATION To my beloved parents, for their unrelenting dedication to ensuring that my siblings and I acquired the best education despite all odds.
    [Show full text]
  • Code Smell Prediction Employing Machine Learning Meets Emerging Java Language Constructs"
    Appendix to the paper "Code smell prediction employing machine learning meets emerging Java language constructs" Hanna Grodzicka, Michał Kawa, Zofia Łakomiak, Arkadiusz Ziobrowski, Lech Madeyski (B) The Appendix includes two tables containing the dataset used in the paper "Code smell prediction employing machine learning meets emerging Java lan- guage constructs". The first table contains information about 792 projects selected for R package reproducer [Madeyski and Kitchenham(2019)]. Projects were the base dataset for cre- ating the dataset used in the study (Table I). The second table contains information about 281 projects filtered by Java version from build tool Maven (Table II) which were directly used in the paper. TABLE I: Base projects used to create the new dataset # Orgasation Project name GitHub link Commit hash Build tool Java version 1 adobe aem-core-wcm- www.github.com/adobe/ 1d1f1d70844c9e07cd694f028e87f85d926aba94 other or lack of unknown components aem-core-wcm-components 2 adobe S3Mock www.github.com/adobe/ 5aa299c2b6d0f0fd00f8d03fda560502270afb82 MAVEN 8 S3Mock 3 alexa alexa-skills- www.github.com/alexa/ bf1e9ccc50d1f3f8408f887f70197ee288fd4bd9 MAVEN 8 kit-sdk-for- alexa-skills-kit-sdk- java for-java 4 alibaba ARouter www.github.com/alibaba/ 93b328569bbdbf75e4aa87f0ecf48c69600591b2 GRADLE unknown ARouter 5 alibaba atlas www.github.com/alibaba/ e8c7b3f1ff14b2a1df64321c6992b796cae7d732 GRADLE unknown atlas 6 alibaba canal www.github.com/alibaba/ 08167c95c767fd3c9879584c0230820a8476a7a7 MAVEN 7 canal 7 alibaba cobar www.github.com/alibaba/
    [Show full text]
  • A Novel Cloud Broker-Based Resource Elasticity Management and Pricing for Big Data Streaming Applications
    A Novel Cloud Broker-based Resource Elasticity Management and Pricing for Big Data Streaming Applications by Olubisi A. Runsewe Thesis submitted to the Faculty of Graduate and Postdoctoral Studies in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Electronic Business School of Electrical Engineering and Computer Science Faculty of Engineering University of Ottawa c Olubisi A. Runsewe, Ottawa, Canada, 2019 Abstract The pervasive availability of streaming data from various sources is driving todays' enterprises to acquire low-latency big data streaming applications (BDSAs) for extracting useful information. In parallel, recent advances in technology have made it easier to collect, process and store these data streams in the cloud. For most enterprises, gaining insights from big data is immensely important for maintaining competitive advantage. However, majority of enterprises have difficulty managing the multitude of BDSAs and the complex issues cloud technologies present, giving rise to the incorporation of cloud service brokers (CSBs). Generally, the main objective of the CSB is to maintain the heterogeneous quality of service (QoS) of BDSAs while minimizing costs. To achieve this goal, the cloud, al- though with many desirable features, exhibits major challenges | resource prediction and resource allocation | for CSBs. First, most stream processing systems allocate a fixed amount of resources at runtime, which can lead to under- or over-provisioning as BDSA demands vary over time. Thus, obtaining optimal trade-off between QoS violation and cost requires accurate demand prediction methodology to prevent waste, degradation or shutdown of processing. Second, coordinating resource allocation and pricing decisions for self-interested BDSAs to achieve fairness and efficiency can be complex.
    [Show full text]
  • Parte I Studio Delle Tecnologie Utili Per L'analisi, L'elaborazione E L'interrogazione Di Big Data
    UNIVERSITÀ DEGLI STUDI DI MODENA E REGGIO EMILIA Dipartimento di Scienze Fisiche, Informatiche e Matematiche Corso di Laurea in Informatica Titolo Tesi Progettazione e sviluppo di un’applicazione Big Data per l’analisi e l’elaborazione di tweet in real-time RELATORE CANDIDATO Chiar.mo Professore Alessandro Pillo Riccardo Martoglia MATR. 111759 Anno Accademico 2018/2019 Indice Introduzione ………………………………….………………………………… pag. 1 Parte I Studio delle tecnologie utili per l’analisi, l’elaborazione e l’interrogazione di Big Data Capitolo I - “Ecosistema Hadoop” 1.1 Big Data ….………………………………….……………….………… pag. 3 1.2 Analisi derivate dalla figura ………………….…………….…….…… pag. 5 1.3 Processing layer …………………….……………………….………….. pag. 6 1.4 Distributed data processing & programming .…………….….…………. pag. 7 1.5 Sistemi analizzati in tabella .…………….……………..…….……..…… pag. 11 1.5.1 Apache Hadoop ……….….……………..………………………. pag. 11 1.5.2 Apache Apex ……….……….…………..………..……….….….. pag. 17 1.5.3 Apache Beam ……….…………………..…………………….…. pag. 20 1.5.4 Apache Flink……….…………………………………………..… pag. 24 1.5.5 Apache Samza …….……………..……………..……………….. pag. 30 1.5.6 Apache Spark .…….……………..……………………………… pag. 34 1.5.7 Apache Storm…….……………..……………………………….. pag. 38 1.5.8 Apache Tez .………….……………..……………………….…… pag. 40 1.5.9 Google MillWheel….……………..…………………………….. pag. 41 1.5.10 Google Cloud Dataflow…………..……………………………… pag. 41 1.5.11 IBM InfoSphere Streams ..………..………………………..…… pag. 43 1.5.12 Twitter Heron ………..………………..………………………… pag. 44 !I Capitolo II - “Machine Learning” 2.1 Introduzione al ML ………………………….………………………….. pag. 46 2.2 Algoritmi di machine learning …….…………………………………….. pag. 46 2.2.1 Training e Test Dataset ……….………………………………….. pag. 46 2.2.2 Fitting del modello: underfitting e overfitting ……………….. pag. 47 2.2.3 Apprendimento ………………………………………………….. pag. 49 2.3 Machine learning: “tradizionale” e “online” ………………………….… pag. 50 Parte II Studio di un’applicazione reale Capitolo III - “Applicazione reale: progetto” 3.1 Descrizione della realtà da analizzare ………………………………..….
    [Show full text]