Accumulo/Hadoop, MongoDB, and Elasticsearch Performance for Semi Structured Intrusion Detection (IDS) Data

Abstract

NoSQL data stores are highly recognized for their ability to easily scale and store vast amounts of information. When considering converting to a NoSQL data store, a fact-based analysis should be applied to address the issues inherent in such an architectural-based, critical, core component change. As such, we evaluate Hadoop, MongoDB, and Elasticsearch as a replacement for data stored in a custom intrusion detection system infrastructure. In this type of environment, the number of records is voluminous, the records contain semi-structured data of varying data types, and both across-the-board analytics and surgical queries must be supported.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2016
Accession Number
AD1022300

Entities

People

  • Ralph P. Ritchey

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Central Processing Units
  • Database Management Systems
  • Databases
  • Detection
  • Environment
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Military Research
  • Operating Systems
  • Performance Tests
  • Relational Database Management Systems
  • Relational Databases

Readers

  • Aerodynamics/Aeronautics.
  • Distributed Systems and Data Platform Development
  • Systems Analysis and Design