大数据环境下威胁的协作式检测综述

恶意的不法分子采用直接或间接的方法攻击个人、机构、国家,从而使其遭受不同程度的威胁。此类信息的形式多种多样,数据量巨大,而且需要被高速地处理。因此,首先对5种典型的协作式检测模型Esper,Hadoop,Agilis,Storm和Spark进行分析、比较,阐述不同模型所适用的网络环境；然后对网络环境中常用的攻击手段DDoS,MITM,APT进行分析,说明检测这些攻击适合采用的模型；最后给出威胁的协作式检测架构模型部署方案,该方案包括发送和接收处理两个组件,并指出可根据实际需要进行不同模型的架构部署；特别地,给出了对等 网络、分等级的安全域网络、分层结构网络中架构模型的部署方案。

Review of Collaborative Detection of Threat in Big Data

Some malicious and illegal persons take advantage of direct or indirect methods to attack some person,organization and nation,so that they suffer from different degrees of threats.The type of information is various,volume of data is large and it needs to be processed at high speed.Therefore,we firstly analyzed five typical collaborative detection models which are Esper model,Hadoop model,Agilis model,Storm model and Spark model.Moreover,we made comparison of them and expatiated the network environment for different models.Then,we analyzed common attack methodsin the network which are DDoS attack,MITM attack and APT attack,and explained detection models for these attacks.Finally,we provided the deployment scheme of collaborative detection of architecture model for threats.The scheme includes two components which are sending component and receiving processing component.Then we pointed out that the architecture of different models can be deployed according to practical requirements.Especially,we provided the deployment scheme of architecture model in peer to peer network,ranked security domain network,and hierarchical structure network.