TY  - JOUR
T1  - Evaluation of Distributed Intrusion Detection System Based on MongoDB
AU  - Han, HyoJoon 
AU  - Kim, HyukHo 
AU  - Kim, Yangwoo 
JO  - KIPS Transactions on Computer and Communication Systems
PY  - 2019
DA  - 2019/1/30
DO  - 10.3745/KTCCS.2019.8.12.287
KW  - Big Data
KW  - Intrusion Dectection System
KW  - MongoDB
KW  - Cloud Computing
KW  - Distributed Processing
AB  - Due to the development and increased usage of Internet services such as IoT and cloud computing, a large number of packets are being generated on the Internet. In order to create a safe Internet environment, malicious data that may exist among these packets must be processed and detected quickly. In this paper, we apply MongoDB, which is specialized for unstructured data analysis and big data processing, to intrusion detection system for rapid processing of big data security events. In addition, building the intrusion detection system(IDS) using some of the private cloud resources which is the target of protection, elastic and dynamic reconfiguration of the IDS is made possible as the number of security events increase or decrease. In order to evaluate the performance of MongoDB – based IDS proposed in this paper, we constructed  prototype systems of IDS based on MongoDB as well as existing relational database, and compared their performance. Moreover, the number of virtual machine has been increased to find out the performance change as the IDS is distributed. As a result, it is shown that the performance is improved as the number of virtual machine is increased to make IDS distributed in MongoDB environment but keeping the overall system performance unchanged. The security event input rate based on distributed MongoDB was faster as much as 60%, and distributed MongoDB-based intrusion detection rate was faster up to 100% comparing to the IDS based on relational database.