TY - GEN
T1 - A SOC framework for ISP federation and attack forecast by learning propagation patterns
AU - Takemori, Keisuke
AU - Miyake, Yutaka
AU - Ishida, Chie
AU - Sasase, Iwao
PY - 2007
Y1 - 2007
N2 - A security operation center (SOC), which monitors network traffic on each domain, has been established to detect cyber attacks. However, there have been ever increasing worms and distributed denial of service (DDoS) attacks on the Internet and the number of unknown attacks is increasing day by day. It is hard to defend network infrastructure via the SOC, which is operated by an internet service provider (ISP). It is thus important to predict new security threats and share incidents that occur with related ISPs. In the case of Japan, the Telecom Information Sharing and Analysis Center (Telecom-ISAC) Japan is established for a federation scheme with ISP operators against serious security incidents. In this research, we design a federation SOC framework that monitors wide-area networks and analyzes multi-point traffic using statistical approaches. It can suggest anomalous ISPs and traffic parameters automatically. Moreover, we propose an attack forecast technique to ensure a swift response to regular and new attacks. The technique depicts an attack map and learns attack propagation patterns by using the Bayesian inference. We implement the system and evaluate integrated scale of the ISPs and forecast correct rate.
AB - A security operation center (SOC), which monitors network traffic on each domain, has been established to detect cyber attacks. However, there have been ever increasing worms and distributed denial of service (DDoS) attacks on the Internet and the number of unknown attacks is increasing day by day. It is hard to defend network infrastructure via the SOC, which is operated by an internet service provider (ISP). It is thus important to predict new security threats and share incidents that occur with related ISPs. In the case of Japan, the Telecom Information Sharing and Analysis Center (Telecom-ISAC) Japan is established for a federation scheme with ISP operators against serious security incidents. In this research, we design a federation SOC framework that monitors wide-area networks and analyzes multi-point traffic using statistical approaches. It can suggest anomalous ISPs and traffic parameters automatically. Moreover, we propose an attack forecast technique to ensure a swift response to regular and new attacks. The technique depicts an attack map and learns attack propagation patterns by using the Bayesian inference. We implement the system and evaluate integrated scale of the ISPs and forecast correct rate.
UR - http://www.scopus.com/inward/record.url?scp=34748887202&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34748887202&partnerID=8YFLogxK
U2 - 10.1109/isi.2007.379551
DO - 10.1109/isi.2007.379551
M3 - Conference contribution
AN - SCOPUS:34748887202
SN - 1424413303
SN - 9781424413300
T3 - ISI 2007: 2007 IEEE Intelligence and Security Informatics
SP - 172
EP - 179
BT - ISI 2007
PB - IEEE Computer Society
T2 - ISI 2007: 2007 IEEE Intelligence and Security Informatics
Y2 - 23 May 2007 through 24 May 2007
ER -