Tracking Attacks Data Through Log Files Using MapReduce

  • Yassine AziziEmail author
  • Mostafa Azizi
  • Mohamed Elboukhari
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 111)


In this paper, we propose a methodology of security analysis that aims to apply Big Data techniques, such as MapReduce, over several system log files in order to locate and extract data probably related to attacks. These data will lead, through a process of analysis, to identify attacks or detect intrusions. We have illustrated this approach through a concrete case study on exploiting access log files of web apache servers to detect SQLI and DDOS attacks. The obtained results are promising; we are able to extract malicious indicators and events that characterize the intrusions, which help us to make an accurate diagnosis of the system security.


Big Data Security Attacks Log files MapReduce SQL injection DDOS 


  1. 1.
    Miranda, M.: S. Big Brother au Big Data. In: Conférence de Big Data, Université Sophia Antipolis (2015)Google Scholar
  2. 2.
    Savitha, K., Vijaya, M.S.: Mining of web server logs in a distributed cluster using Big Data technologies. IJACSA 5(3), 137–142 (2014)Google Scholar
  3. 3.
    Salama, S.E., Marie, M.I., El-Fangary, L.M., Helmy, Y.K.: Web server logs preprocessing for web intrusion detection. Comput. Inf. Sci. 4(4), 123–133 (2011)Google Scholar
  4. 4.
    Saravanan, S., Uma Maheswari, B.: Analyzing large web log files in a Hadoop distributed cluster environment. Int. J. Comput. Technol. Appl. (IJCTA) 5(5), 1677–1681 (2014)Google Scholar
  5. 5.
    Müller, A., Miinz, G., Carle, G.: Collecting router information for error diagnosis and troubleshooting in home networks. In: IEEE 36th Conference on Local Computer Networks (LCN), pp. 764–769. IEEE, October 2011Google Scholar
  6. 6.
    Amar, M.M., Lemoudden, M., El Ouahidi, B.: Log file’s centralization to improve cloud security. In: International Conference on Cloud Computing Technologies and Applications, CloudTech 2016, pp. 178–183 (2016)Google Scholar
  7. 7.
    Moh, M., et al.: Detecting web attacks using multi-stage log analysis. In: IEEE 6th International Conference on Advanced Computing (IACC). IEEE (2016)Google Scholar
  8. 8.
    Halfond, W.G., Viegas, J., Orso, A.: A classification of SQL-injection attacks and countermeasures. In: Proceedings of the IEEE International Symposium on Secure Software Engineering, vol. 1, pp. 13–15. IEEE, March 2006Google Scholar
  9. 9.
    Alwan, Z.S., Younis, M.F.: Detection and prevention of SQL injection attack: a survey (2017)Google Scholar
  10. 10.
    Balakrishnan, H.P., Moses, J.C.: A survey on defense mechanism against DDOS attacks. Int. J. 4(3) (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Yassine Azizi
    • 1
    Email author
  • Mostafa Azizi
    • 1
  • Mohamed Elboukhari
    • 1
  1. 1.Lab. MATSI, ESTOUniversity Mohammed 1stOujdaMorocco

Personalised recommendations