System Architecture
- Mata Elang is an Intrusion Detection System (IDS) for the protected networks
- A defense center system architecture for a cloud environment was developed to process and analyze gathering reports from the sensors in the different networks (See Figure 1.)
- The sensors or base modules are designed to run in the cloud computing environment. The sensors can be installed in the networks from the core module (central defense system)
The system architecture diagram of Mata Elang, including the defense center, the data source was described in the following Figure 1.
Figure 1. System Architecture Diagram
| Group | Service | Explanation |
|---|---|---|
| Data Source | Snort | In this version of Mata Elang, the sensor use Snort™ as the core IDS engine. Soon we plan to use various IDS engines e.g Suricata, Wazuh, etc. |
| Defence Center | Mosquitto | In the process of Kafka, the data will be received and processed by the MQTT server. In MQTT the data will be processed by coding and simplification using Kafka Avro. Then it will be connected to the confluent so that the data is ready to proceed to spark via Apache Kafka. |
| - | Kafka | The data collection process is a continuation stage after the sensor receives data attacks that occur on a network. In conducting data collection, the system uses Apache Kafka. Kafka here is a bridge between the sensor and spark as the primary data processors. |
| - | Spark | Data processing in the Mata Elang system uses Apache Spark. The Apache Spark feature used in data processing is a streaming feature that can record and process data in live time. In streaming processing, a Spark will stream brokers to Kafka. |
| - | Hadoop | Hadoop Distributed File System is used in Mata Elang. A large amount of data received from Spark that does not fit in the storage of one server is divided into several servers and managed. |
| - | MongoDB | Mongo DB is a database. The stream job process serves real-time monitoring information to MongoDB. |
| - | Cassandra | Cassandra is a database. The batch job process saves analytical data in Cassandra. |
| - | Kaspa Dashboard | A tool for displaying the data stored in Cassandra as a time-series graph. |
| - | Stevia | A tool for displaying the data stored in MongoDB as a map. |