SEYARN: Enhancing Security of YARN Clusters Based on Health Check Service

Hadoop serves as an essential tool in the rise of big data, it has insufficient security model. The internal attacks can bypass current Hadoop security mechanism, and compromised Hadoop components can be used to threaten overall Hadoop. This paper studies the vulnerabilities of Health Check Service in Hadoop/YARN and the threat of denial-of-service to a YARN cluster with multi-tenancy. We use theoretical analysis and numerical simulations to demonstrate the effectiveness of this DDoS attack based on health check service (DDHCS). Our experiments show that DDHCS is capable of causing significant impacts on the performance of a YARN cluster in terms of high attack broadness (averagely 85.6%), high attack strength (more than 80%). In addition, we developed a security enhancement for YARN, named SEYARN. We have implemented the SEYARN model, and demonstrated that SEYARN fixes the above vulnerabilities with extending 95% accuracy and minimal run-time overhead, and effectively resists related attacks.