Big Data is a gathering of exceptionally enormous informational collections [ 1 ] which are extremely perplexing or too huge to ever be worried about by customary information handling applications. For any data to be regarded as big data it must satisfy the 4 V’s namely Velocity, Veracity, Volume and Variety [ 3 ], [ 2 ]. With the advancement of technology in today’s world, a large amount of information is produced in various fields such as social networking sites, transaction records, data sensors, log files, etc. Due to this various source terabytes of assembled, semiassembled, and unassembled data are produced at every point of time. Therefore, if this data is not stored or pre-processed there is a chance of loss of this important data. To avoid this loss, the Hadoop framework is used with different analytics tools and they are often much quicker than conventional analytical methods of the past.

Big data is a word that is equally associated with Hadoop. As previously discussed, for any data to

2022 Copyright for this paper by its authors.

Big data accumulates all the interesting values from the data pool and many countries are operating on dominant schemes on the basis of big data. As a result of global level schemes many latest models and framework have been developed. Some frameworks were developed for providing a considerable and good amount of storage capacity, real-time data analysis, and parallel processing of data [ 5 ]. One such popular framework is Hadoop. The advantages offered by big data are very vast. The technology offers better scalability, flexibility, with fulfillment-based in a affordable rates. Subsequently recent growth in sustainable technology, the cost associated with the processing and storage section continues to decrease [ 6 ].

The recently developed technology is designed to guarantees privacy and security aspects in comparison to traditional previous technologies. But even with these advantages, they are becoming prone to negative purposes. With the recent growth in fields and organizations using this technology for storing and processing their private organization’s data, it has become prone to negative data attacks. 1.1.

Apache Hadoop provides a way to process parallelly the same distribution of very large or complex databases. The Hadoop framework provides advantages like distributed computing and parallel processing for datasets. Hadoop comprises a component such as HDFS, Map Reduce, and YARN. HDFS supervises the repository, Map Reduce supervises processing in parallelly and YARN is responsible for resource management in Hadoop’s Cluster. 1.1.1. Hadoop

During 2005 Hadoop initially appeared and was introduced at later 2011 to help spread the web searching tool scheme to Yahoo. [ 7 ]. The delivery had very little safety assist, made for people who were loyal to the Climate. Hadoop since then has emerged among the modern state-of-the-art advancements to store, process, and examine large information through utilizing bunch of out-spread climate [ 8 ]. The Framework clients subsequently unrolled from one side of the planet to the other, generally enormous organizations [ 9 ].

Hadoop distributed file system is responsible for the storage mechanism of the Hadoop framework and can operate without any hurdles. In HDFS, a big complex file is distributed over the cluster network that is comprised with multiple nodes of data and associated repository. During this cycle segments of the Node Name, the first record becomes square, 64 MB in size and repeats on various Data Nodes depending on the rules with the previous characters. Name Node additionally comes with metadata for this duplication and distribution. Every information block has been redesigned multiple times for maximum access, two from one Data Node site and one from various Data Node racks. The group Information Node stores a small portion of all text. Name Node always remembers which information block has the location where the file is located, where the information blocks are set, and where the power limits are involved. Using periodic signals, Name Node invariably knows which Data Nodes are still available. When the signal (heartbeat) is missing, the Name Node detects a Data Node failure, eliminates the Data Node bombed in the Hadoop group, and attempts to distribute the information load evenly across the current Data Node. Alternatively, the Name Node ensures that a specified number of duplicates of information is kept constant for maximum access. The diagram below (Figure 2) shows the Hadoop distribute file structure architecture

MapReduce is an equal handling structure work dependent on the expert slave guideline, like Hadoop Distributed File System. Map Reduce is mixture consists of three slave agents per slave and one expert agent in group. Map Reduce management depends equally on various calculations for direction and downtime. This works in two stages, the map function and the reduction function. This JobTracker divides the database into separate clusters called map operations and directs them into three Data Nodes naturally across all related product computers distributed across the organization for equal management.

Let us have a look at block diagram of Map reduce phases in Figure 3.

Ordinarily, the guide assignments run on a similar bunch of Data Nodes where information lives (Data area). Assuming a hub is as of now vigorously stacked, another hub that is near the information, i.e., ideally a hub in a similar rack, is chosen. Moderate outcomes are inaccessible to the client and are traded among the nodes (Shuffling), and from there on, converged by the decreased undertakings to get the outcome. The Figure 4 shown below shows the internal algorithm of Map Reduce. The Table 1. Shows the internal structure Key value pair in the Map Reduce.

MapReduce was split into two categories: Yet Another Resource Negotiator and Map Reduce [ 7 ]. Yet another Resource Negotiator primary rule is to isolate the assets of the executives and occupation planning functionalities into independent daemons. An asset administrator refers assets among framework implementations, with hub chief assistance. The asset director has two fundamental parts: application supervisor and scheduler. scheduler assigns assets to different operating systems and books depending on the asset requirements of the applications. The asset director acknowledges work entries, and each occupation is distributed to the application supervisor. The diagram below figure 5 represents the YARN log file architecture.

This section reviews and provide an analysis of different vulnerabilities on the Hadoop framework. Generally, our concerned area lies in the Map-Reduce functionalities provided by the Apache Hadoop framework. There has been numerous tools and method defined to tackle the problem of vulnerabilities but every tools is able to provide one functionality while leaving several other holes in the system. The use of Kerberos system with proper authorization is suggested to tackle multiple problems responsible for vulnerabilities.

In a report [ 10 ], the vulnerability is categorized as data privacy, infrastructure security, and data management. These classifications are further classified into three different categories: Dimensional modeling, architecture dimension, and information flow. The life cycle of data comprises data in transit and data privacy comprises data at rest.

As per another report [ 11 ], the big data security and privacy issues are categorized into five types namely, Hadoop Security, Key management, anonymization, monitoring, and auditing. The author also proposed some algorithms concerning security and monitoring aspects of sensitive information like the Bull eye algorithm.

As per another report [ 12 ] on cloud security, a security model with some proposed cloud infrastructure layered was designed. This model was then further classified into four categories: logical, basic, governance, and value-added security. This report specifies the infrastructure policy framework of Hadoop.

As per another report [ 13 ], the author specifies different types of attacks that have taken place in the Hadoop framework. The attacks namely comprised of Denial of Service, Man in the Middle, impersonation, repudiation and replay attacks. According to the author, because of the distributed nature of the Map-Reduce component of Hadoop possible wide range of attacks were possible leading it to a vulnerable state. The ideal Map Reduce component would be comprised of proper authentication control, access control, authorization, confidentiality of data, and lastly data availability for Map and reducer class of Map-reduce. For better authentication control the author recommends the use of Kerberos protocol.

From one more report [ 14 ], the security and privacy aspects faced challenges that were categorized in different model names namely access control, access control policy, Data confidentiality, and lastly smart objects. This report puts forwards the challenges of research faced in regards to comprehensive solutions for securing security and privacy aspects.

Another report [ 15 ] lists out the challenges faced when the privacy and security aspects are needed to be ensured to be safe. The challenges were broadly classified into Risks concerning privacy, Credibility of data, lacking of recent technologies, and threats. To cope with these challenges author introduces supervising data, protection mechanism, protection agency, and quality of data.

As per another report [ 16 ], different categories of security and privacy aspects and the connection between them were discussed briefly. The aspects were classified as Confidentiality, analytics, integrity, privacy, stream processing, data format and lastly visualization.

This report [ 17 ], has showcased an investigation with the corporate perspectives relying on big data aspects simply and most effectively. Accordingly based on this corporate perspectives economic perspective, investment decisions, fighting cybercrimes, and cyber insurance. The Table 2 represents the vulnerabilities reported in online databases as shown below.

Cross-Site Scripting 7 6 9 6 5 17 22 9 14 16 10 3.1.

There are numerous online databases currently available all over the internet, that are mainly responsible for exposing the possible security vulnerabilities on numerous products and hardware. There are numerous such online databases namely, Common Vulnerabilities and exposures, Computer emergency readiness team, National Vulnerability databases, and Open-Source Vulnerability databases.

The CVEs uniquely identify the vulnerabilities based on an identification number. Based on CVE the list of vulnerabilities encountered in Hadoop has been shown in the tabular format below [ 19 ]. The Table 3. shows different vulnerability reported in CVE.

Patch management is a mechanism for detecting and eliminating the vulnerabilities before any attackers try to exploit them. The throughput is directly proportional to the fast detection of vulnerabilities, rectified, compressed with some methods like scanning and testing for reviewing of code. As per the report from 2017, the application of scanning methods has been gradually rising internationally [ 20 ]. 3.3.

It is known that Hadoop was designed primarily for a performance basis and not on security basis. The Developers decided that security functionalities will be added over time to increase the framework efficiency. Due to this the security mechanism of Hadoop was very weak and prone to many attacks. Hadoop was mainly designed with a focus on improving efficiency. But due to recent attacks researchers are now focusing on the security aspects of Hadoop. However, presently there does not exist any evaluation method for the security policies of Hadoop.

Due to the recent growth of Big Data, the security policies available are not up to the benchmark to be even considered for evaluation. The ecosystem of Hadoop comprises a collection of different applications, where every application requires some security mechanism to function accordingly for Big Data.

Out of all the models proposed previously to work with big data, Hadoop was uniquely identified because of its distribution system with parallel processing but was lacking in the security policies. Whereas, the distributed nature of Hadoop was favored previously, now the distributed nature of computing is posing a set of new vulnerabilities for professional and security managers [ 21 ]. 3.4.

Any possible danger for the information system can be referred to as a threat. A threat is basically what an attacker tries to identify and use as an attack against any company or organization [ 22 ]. Also are already familiar with the CIA triad. For any system to be regarded as secure it must satisfy Confidentiality, integrity, and Availability also known as CIA triads. To comply with confidentiality, an authenticated server can be implemented that can access the whole system.

This type of attack occurs when an attacker tries to impersonate the registered or legitimate authority for accessing the resources. The attackers can make use of different sets of tools and methods to steal sensitive information attacks directly on the Hadoop Clusters leaving the system vulnerable. To perform an impersonation attacks an attacker can try to replay the acknowledgement received from Kerberos protocol. At last, when the attackers gain access to the Hadoop framework, performing actions like leaking and throttling the processing time of Map Reduce.

A Denial-of-Service [ 23 ] is a type of attack where an attacker floods the system with an enormous request which makes the system unable to allocate resources to legitimate users. As per the report, more than 11247 attacks have been taken place among which 5 attacks were able to breach the security. Denial of Service attacks is basically where a system is flooded with large request or traffic causing the system servers to crash or halt all the operations. Denial of Services can be initiated in two ways: by crashing the services, flooding the services. The Hadoop Component like Name Node and the authentication server is prone to Denial-of-Service attacks. A simple Denial of Service attack on Name Node is enough to halt all the operations of Map Reduce and stop the read-write operation of the Hadoop Distributed file system.

Cross-site Scripting [ 24 ] is a type of attack where malicious code is injected into any web application that is vulnerable. Cross-Site scripting is different from other attacks such in a way not intended for the implementation in question. But actually, the users of web applications are at risk here. The Cross-site script attacks can be categorized into two types: stored, reflected. Stored attacks also go by the name persistent and are more damaging than the reflected attacks as it is directly injected into the vulnerable web applications. Whereas in reflected, the malicious script is reflected directly onto the user web browser.

The Hadoop framework due to its open ports and IP address has always been an object of attacks by all the attackers, due to which around 5307 of Hadoop Cluster has been exposed with the vulnerable security settings that attackers use to exploit the framework [ 25 ]. There was an online search engine designed to show all the details of the servers and all peripheral devices connected to them over the internet, its name was shodan2. The advantages of shodan2 were that it was possible to recommend any security policy but the disadvantage is that it was used by attackers to exploit the system. To tackle this attack and stop stealing some strategies with high high-security policies must be implemented.

Here, is the following table. 4 that gives a comparative analysis of attacks that had been taken at Hadoop.

This paper and the research behind it were only possible because of the guidance of my guide Dr. Deepak Singh Tomar, Associate Professor at MANIT Bhopal. His attention to detail and helping to keep my work on track from the first encounter.

I would also like to thank my other Supervisor Dr. R K Pateriya, Professor at MANIT Bhopal for their encouragement and guidance in carrying out the project work. I also thank MANIT Bhopal for giving me the opportunity to embark on this project.

In this study, an analysis of big data vulnerabilities, security threats, and possible attacks was reviewed for a popular framework like Hadoop. Although it was observed that Hadoop was designed in mind to provide maximum efficiency but with the exponential growth of big data has led to Hadoop being left vulnerable to possible attacks, lack of security policies, mechanisms, proper access control, etc. To make Hadoop a more reliable and secure framework a proper authentication server with authorization and auditing is required. At the same time, some mechanism to ensure data protection will be what an ideal framework would be.