Scaling Big Data Mining Infrastructure: The Smart Protection Network Experience

Size: px

Start display at page:

Download "Scaling Big Data Mining Infrastructure: The Smart Protection Network Experience"

Theodora Louise Stokes
10 years ago
Views:

1 Scaling Big Data Mining Infrastructure: The Smart Protection Network Experience 黃振修 (Chris Huang) SPN 主動式雲端截毒技術架構師

8 Collaboration in the underground

14 網路威脅呈現爆炸性的成長各式各樣的變種病毒垃圾郵件不明的下載來源等等, 這些來自網路上的威脅, 躲過傳統安全防護系統的偵測, 一直持續呈現爆炸性的成長, 形成嚴重的資安威脅 New Unique Malware Discovered 1M unique Malwares every month

15 Reality Check Skyrocketing Volume Dangerous Risks Avoiding Detection New Unique Threats per Hour (worldwide estimate*) NEW Threat Every 0.28 Seconds DANGER Threats Found in Enterprises (Real-world data from 150+ assessments*) Network Worms Data-Stealing Malware IRC Bots 42% 56% 77% COMPLEXITY Targeting Malware 100% 52% of companies failed to report or remediate a cyber breach in SAIC, 2011 Two new pieces of malwares are created every second. --- Trend Micro, 2012 A cyber intrusion occurs every 5 minutes. ---US CERT 2012

Bots 42% 56% 77% 2007 2008 2009 2010 2011 COMPLEXITY Targeting Malware 100% 52% of companies failed to report or remediate a cyber breach in

16 Traditional approach is no more sufficient!

18 New approach for cyber threat solution CDN / xsp Researcher Intelligence Honeypot Web Crawler Trend Micro Mail Protection Trend Micro Web Protection 3+ Billion Worldwide Sensors Trend Micro Endpoint Protection

Micro Mail Protection Trend Micro Web Protection 3+

19 SPN: Smart Protection Network BIG DATA ANALYTICS (Data Mining, Machine Learning, Modeling, Correlation) Collects Identifies Protects DAILY STATS: 7.2 TB data correlated 1B IP addresses 90K malicious threats identified 100+M good files 9/10/2013 Confidential Copyright 2013 TrendMicro Inc. 19

20 SPN High Level Architecture Service Delivery SPN Feedback Honey Pot CDN/xSP Log API Server/Portal Data Sourcing Receiver Service Platform MySPN Platform Hadoop Distributed File System (HDFS) Solr Cloud Adhoc-Query (Pig) MapReduce Oozie HBase APP 1 APP 2 Trend Message Exchange (Message Bus) 9/10/2013 Confidential Copyright 2013 TrendMicro Inc. 20

Distributed File System (HDFS) Solr Cloud Adhoc-Query (Pig) MapReduce Oozie HBase APP

21 MySPN Ecosystem Need Solution Data Catalogue backed-by SPN Infrastructure TopCVE Service APT KB Service Census FB Logs Login Customer Develop Solution Access SSO Portal & API Single Entry-Point Dispatcher All My Guard Threat Connect Dashboard Service Catalog Census Profile MySPN Market Place New App Alert VE DB APT KB Publish Monitor Service Platform SDK New App Trender Operate Implement OPS RD / Team

22 SPN Solution Architecture Sourcing Processing & Analysis Validate & Create Solution Quality Assurance Solution Distribution Solution Adoption File Web / URL Domain IP File Reputation Service Web Reputation Service Reputation Service Smart Protection Customer SPN Correlation Community Intelligence (Feedback loop)

24 Case Study: Web Reputation Services 200K+ new URL created every day 1. Intercept URL 4. Access page Internet Web Server SPN Cloud 9/10/

for Known Threats Unknown & Prefilter Page Download Threat Analysis 8 billions/day 4.

25 8+ billions URL process daily Technology Process Operation Trend Micro Products / Technology CDN Cache High Throughput Web Service Hadoop Cluster Web Crawling Machine Learning Data Mining User Traffic / Sourcing CDN vender Rating Server for Known Threats Unknown & Prefilter Page Download Threat Analysis 8 billions/day 4.8 billions/day 860 millions/day 40% filtered 82% filtered 99.98% filtered 25,000 malicious URL /day Block malicious URL within 15 minutes once it goes online!

26 WRS Architecture Overview

28 How to Scale? Un-structure data first If you really need structure data Use Google Protocol Buffers or JSON string Purify your data before processing Leverage HBase more Well design row key to prevent hot-spot Use MapReduce to create Lucene index Leverage SolrCloud for complex real-time use cases 9/10/2013 Confidential Copyright 2013 TrendMicro Inc. 28

29 Our Learning Has clear strategy first Start small, scale quickly Chose right solution for right problem

Search and Real-Time Analytics on Big Data

Search and Real-Time Analytics on Big Data Sewook Wee, Ryan Tabora, Jason Rutherglen Accenture & Think Big Analytics Strata New York October, 2012 Big Data: data becomes your core asset. It realizes its