A SOC framework for ISP federation and attack forecast by learning propagation patterns

Keisuke Takemori, Yutaka Miyake, Chie Ishida, Iwao Sasase

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

A security operation center (SOC), which monitors network traffic on each domain, has been established to detect cyber attacks. However, there have been ever increasing worms and distributed denial of service (DDoS) attacks on the Internet and the number of unknown attacks is increasing day by day. It is hard to defend network infrastructure via the SOC, which is operated by an internet service provider (ISP). It is thus important to predict new security threats and share incidents that occur with related ISPs. In the case of Japan, the Telecom Information Sharing and Analysis Center (Telecom-ISAC) Japan is established for a federation scheme with ISP operators against serious security incidents. In this research, we design a federation SOC framework that monitors wide-area networks and analyzes multi-point traffic using statistical approaches. It can suggest anomalous ISPs and traffic parameters automatically. Moreover, we propose an attack forecast technique to ensure a swift response to regular and new attacks. The technique depicts an attack map and learns attack propagation patterns by using the Bayesian inference. We implement the system and evaluate integrated scale of the ISPs and forecast correct rate.

Original languageEnglish
Title of host publicationISI 2007: 2007 IEEE Intelligence and Security Informatics
Pages172-179
Number of pages8
Publication statusPublished - 2007
EventISI 2007: 2007 IEEE Intelligence and Security Informatics - New Brunswick, NJ, United States
Duration: 2007 May 232007 May 24

Other

OtherISI 2007: 2007 IEEE Intelligence and Security Informatics
CountryUnited States
CityNew Brunswick, NJ
Period07/5/2307/5/24

Fingerprint

Internet service providers
Wide area networks
Internet
Denial-of-service attack

ASJC Scopus subject areas

  • Computer Science(all)
  • Control and Systems Engineering

Cite this

Takemori, K., Miyake, Y., Ishida, C., & Sasase, I. (2007). A SOC framework for ISP federation and attack forecast by learning propagation patterns. In ISI 2007: 2007 IEEE Intelligence and Security Informatics (pp. 172-179). [4258692]

A SOC framework for ISP federation and attack forecast by learning propagation patterns. / Takemori, Keisuke; Miyake, Yutaka; Ishida, Chie; Sasase, Iwao.

ISI 2007: 2007 IEEE Intelligence and Security Informatics. 2007. p. 172-179 4258692.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Takemori, K, Miyake, Y, Ishida, C & Sasase, I 2007, A SOC framework for ISP federation and attack forecast by learning propagation patterns. in ISI 2007: 2007 IEEE Intelligence and Security Informatics., 4258692, pp. 172-179, ISI 2007: 2007 IEEE Intelligence and Security Informatics, New Brunswick, NJ, United States, 07/5/23.
Takemori K, Miyake Y, Ishida C, Sasase I. A SOC framework for ISP federation and attack forecast by learning propagation patterns. In ISI 2007: 2007 IEEE Intelligence and Security Informatics. 2007. p. 172-179. 4258692
Takemori, Keisuke ; Miyake, Yutaka ; Ishida, Chie ; Sasase, Iwao. / A SOC framework for ISP federation and attack forecast by learning propagation patterns. ISI 2007: 2007 IEEE Intelligence and Security Informatics. 2007. pp. 172-179
@inproceedings{cd2b24dfa7a846e8af1f353417cba872,
title = "A SOC framework for ISP federation and attack forecast by learning propagation patterns",
abstract = "A security operation center (SOC), which monitors network traffic on each domain, has been established to detect cyber attacks. However, there have been ever increasing worms and distributed denial of service (DDoS) attacks on the Internet and the number of unknown attacks is increasing day by day. It is hard to defend network infrastructure via the SOC, which is operated by an internet service provider (ISP). It is thus important to predict new security threats and share incidents that occur with related ISPs. In the case of Japan, the Telecom Information Sharing and Analysis Center (Telecom-ISAC) Japan is established for a federation scheme with ISP operators against serious security incidents. In this research, we design a federation SOC framework that monitors wide-area networks and analyzes multi-point traffic using statistical approaches. It can suggest anomalous ISPs and traffic parameters automatically. Moreover, we propose an attack forecast technique to ensure a swift response to regular and new attacks. The technique depicts an attack map and learns attack propagation patterns by using the Bayesian inference. We implement the system and evaluate integrated scale of the ISPs and forecast correct rate.",
author = "Keisuke Takemori and Yutaka Miyake and Chie Ishida and Iwao Sasase",
year = "2007",
language = "English",
isbn = "1424413303",
pages = "172--179",
booktitle = "ISI 2007: 2007 IEEE Intelligence and Security Informatics",

}

TY - GEN

T1 - A SOC framework for ISP federation and attack forecast by learning propagation patterns

AU - Takemori, Keisuke

AU - Miyake, Yutaka

AU - Ishida, Chie

AU - Sasase, Iwao

PY - 2007

Y1 - 2007

N2 - A security operation center (SOC), which monitors network traffic on each domain, has been established to detect cyber attacks. However, there have been ever increasing worms and distributed denial of service (DDoS) attacks on the Internet and the number of unknown attacks is increasing day by day. It is hard to defend network infrastructure via the SOC, which is operated by an internet service provider (ISP). It is thus important to predict new security threats and share incidents that occur with related ISPs. In the case of Japan, the Telecom Information Sharing and Analysis Center (Telecom-ISAC) Japan is established for a federation scheme with ISP operators against serious security incidents. In this research, we design a federation SOC framework that monitors wide-area networks and analyzes multi-point traffic using statistical approaches. It can suggest anomalous ISPs and traffic parameters automatically. Moreover, we propose an attack forecast technique to ensure a swift response to regular and new attacks. The technique depicts an attack map and learns attack propagation patterns by using the Bayesian inference. We implement the system and evaluate integrated scale of the ISPs and forecast correct rate.

AB - A security operation center (SOC), which monitors network traffic on each domain, has been established to detect cyber attacks. However, there have been ever increasing worms and distributed denial of service (DDoS) attacks on the Internet and the number of unknown attacks is increasing day by day. It is hard to defend network infrastructure via the SOC, which is operated by an internet service provider (ISP). It is thus important to predict new security threats and share incidents that occur with related ISPs. In the case of Japan, the Telecom Information Sharing and Analysis Center (Telecom-ISAC) Japan is established for a federation scheme with ISP operators against serious security incidents. In this research, we design a federation SOC framework that monitors wide-area networks and analyzes multi-point traffic using statistical approaches. It can suggest anomalous ISPs and traffic parameters automatically. Moreover, we propose an attack forecast technique to ensure a swift response to regular and new attacks. The technique depicts an attack map and learns attack propagation patterns by using the Bayesian inference. We implement the system and evaluate integrated scale of the ISPs and forecast correct rate.

UR - http://www.scopus.com/inward/record.url?scp=34748887202&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34748887202&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:34748887202

SN - 1424413303

SN - 9781424413300

SP - 172

EP - 179

BT - ISI 2007: 2007 IEEE Intelligence and Security Informatics

ER -