Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Systems Security and Privacy

ICISSP 2016: Information Systems Security and Privacy pp 148–168Cite as

SEYARN: Enhancing Security of YARN Clusters Based on Health Check Service

  • Conference paper
  • First Online:

  • 585 Accesses

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 691))

Abstract

Hadoop serves as an essential tool in the rise of big data, it has insufficient security model. The internal attacks can bypass current Hadoop security mechanism, and compromised Hadoop components can be used to threaten overall Hadoop. This paper studies the vulnerabilities of Health Check Service in Hadoop/YARN and the threat of denial-of-service to a YARN cluster with multi-tenancy. We use theoretical analysis and numerical simulations to demonstrate the effectiveness of this DDoS attack based on health check service (DDHCS). Our experiments show that DDHCS is capable of causing significant impacts on the performance of a YARN cluster in terms of high attack broadness (averagely 85.6%), high attack strength (more than 80%). In addition, we developed a security enhancement for YARN, named SEYARN. We have implemented the SEYARN model, and demonstrated that SEYARN fixes the above vulnerabilities with extending 95% accuracy and minimal run-time overhead, and effectively resists related attacks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Alarifi, S., Wolthusen, S.D.: Mitigation of cloud-internal denial of service attacks. In: IEEE 8th International Symposium on Service Oriented System Engineering (SOSE), pp. 478–483. IEEE (2014)

    Google Scholar 

  2. Barham, P., Donnelly, A., Isaacs, R.: Using magpie for request extraction and workload modelling. In: USENIX OSDI, vol. 6, pp. 259–272 (2004)

    Google Scholar 

  3. Chen, M.Y., Kiciman, E., Fratkin, E.: Pinpoint: problem determination in large, dynamic internet services. In: International Conference on Dependable Systems and Networks (DSN), pp. 595–604. IEEE (2002)

    Google Scholar 

  4. Criscuolo, P.J.: Distributed Denial of Service: Trin00, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht CIAC-2319. California Univ. Livermore Radiation Lab. (2000)

    Google Scholar 

  5. Durcekova, V., Schwartz, L., Shahmehri, N.: Sophisticated denial of service attacks aimed at application layer. In: ELEKTRO, pp. 55–60. IEEE (2012)

    Google Scholar 

  6. Ficco, M., Rak, M.: Stealthy denial of service strategy in cloud computing. IEEE Trans. Cloud Comput. 3(1), 80–94 (2015)

    Article  Google Scholar 

  7. Girma, A., Garuba, M., Li, J.: Analysis of DDoS attacks and an introduction of a hybrid statistical model to detect DDoS attacks on cloud computing environment. In: 12th International Conference on Information Technology-New Generations (ITNG), pp. 212–217. IEEE (2015)

    Google Scholar 

  8. Gu, Z., Pei, K., Wang, Q.: LEAPS: detecting camouflaged attacks with statistical learning guided by program analysis. In: IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 57–68. IEEE (2015)

    Google Scholar 

  9. Hameed S., Ali, U.: On the Efficacy of Live DDoS Detection with Hadoop. arXiv preprint arXiv:1506.08953 (2015)

  10. Huang, J., Nicol, D.M., Campbell, R.H.: Denial-of-service threat to Hadoop/YARN clusters with multi-tenancy. In: 2014 IEEE International Congress on Big Data (BigData Congress), pp. 48–55. IEEE (2014)

    Google Scholar 

  11. Karthik, S., Shah, J.J.: Analysis of simulation of DDOS attack in cloud. In: 2014 International Conference on Information Communication and Embedded Systems (ICICES), pp. 1–5. IEEE (2014)

    Google Scholar 

  12. Khattak, R., Bano, S., Hussain, S.: DOFUR: DDoS forensics using MapReduce. In: Frontiers of Information Technology (FIT), pp. 117–120. IEEE (2011)

    Google Scholar 

  13. Kholidy, H., Baiardi, F.: CIDS: A framework for intrusion detection in cloud systems. In: Ninth International Conference on Information Technology: New Generations (ITNG), pp. 379–385. IEEE (2012)

    Google Scholar 

  14. Kholidy, H., Baiardi, F., Hariri, S.: DDSGA: a data-driven semi-global alignment approach for detecting masquerade attacks. IEEE Trans. Dependable Secure Comput. 12(2), 164–178 (2015). IEEE

    Article  Google Scholar 

  15. Kiciman, E., Fox, A.: Detecting application-level failures in component-based internet services. IEEE Trans. Neural Networks 16(5), 1027–1041 (2005)

    Article  Google Scholar 

  16. Koskinen, E., Jannotti, J.: Borderpatrol: isolating events for black-box tracing. ACM SIGOPS Operating Syst. Rev. 42(4), 191–203 (2008). ACM

    Article  Google Scholar 

  17. Lee, Y., Kang, W., Lee, Y.: A hadoop-based packet trace processing tool. In: Domingo-Pascual, J., Shavitt, Y., Uhlig, S. (eds.) TMA 2011. LNCS, vol. 6613, pp. 51–63. Springer, Heidelberg (2011). doi:10.1007/978-3-642-20305-3_5

    Chapter  Google Scholar 

  18. Lee, Y., Lee, Y.: Detecting DDoS attacks with hadoop. In: ACM CoNEXT Student Workshop, pp. 1–2. ACM (2011)

    Google Scholar 

  19. Mizukoshi, M., Munetomo, M.: Distributed denial of services attack protection system with genetic algorithms on hadoop cluster computing framework. In: 2015 IEEE Congress on Evolutionary Computation (CEC), pp. 1575–1580. IEEE (2015)

    Google Scholar 

  20. O’Malley, O., Zhang K., Radia, S.: Hadoop security design. Yahoo! Technical report (2009)

    Google Scholar 

  21. Sabahi, F.: Cloud computing security threats and responses. In: IEEE 3rd International Conference on Communication Software and Networks (ICCSN), pp. 245–249. IEEE (2011)

    Google Scholar 

  22. Specht, S.M., Lee R.B.: Distributed denial of service: taxonomies of attacks, tools, and countermeasures. In: ISCA PDCS, pp. 543–550 (2004)

    Google Scholar 

  23. Ulusoy, H., Colombo, P., Ferrari, E.: GuardMR: fine-grained security policy enforcement for MapReduce systems. In: ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 285–296. ACM, New York (2015)

    Google Scholar 

  24. Vavilapalli, V.K., Murthy, A.C., Douglas, C.: Apache hadoop YARN: yet another resource negotiator. In: Symposium on Cloud Computing, pp. 1–16. ACM (2013)

    Google Scholar 

  25. Wu, H., Tantawi, A.N., Yu, T.: A self-optimizing workload management solution for cloud applications. In: IEEE 20th International Conference on Web Services (ICWS), pp. 483–490. IEEE (2013)

    Google Scholar 

Download references

Acknowledgements

The authors gratefully acknowledge the support of the National High Technology Research and Development Program (“863” Program) of China under Grant No. 2015AA016009, the National Natural Science Foundation of China under Grant No. 61232005, and the Science and Technology Program of Shen Zhen, China under Grant No. JSGG20140516162852628. Specially thanks to Ziyao Zhu and Wenjun Qian for the support of experiments.

Author information

Authors and Affiliations

  1. School of Software and Microelectronics, MoE Key Lab of Network and Software Assurance, Peking University, Beijing, China

    Wenting Li, Qingni Shen, Chuntao Dong, Yahui Yang & Zhonghai Wu

Authors
  1. Wenting Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qingni Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chuntao Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yahui Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhonghai Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qingni Shen .

Editor information

Editors and Affiliations

  1. MODESTE/ESEO, Angers, France

    Olivier Camp

  2. Plymouth University, Plymouth, United Kingdom

    Steven Furnell

  3. Consiglio Nazionale delle Ricerche, Pisa, Italy

    Paolo Mori

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Li, W., Shen, Q., Dong, C., Yang, Y., Wu, Z. (2017). SEYARN: Enhancing Security of YARN Clusters Based on Health Check Service. In: Camp, O., Furnell, S., Mori, P. (eds) Information Systems Security and Privacy. ICISSP 2016. Communications in Computer and Information Science, vol 691. Springer, Cham. https://doi.org/10.1007/978-3-319-54433-5_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-54433-5_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-54432-8

  • Online ISBN: 978-3-319-54433-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation