An incident analysis system NICTER and its analysis engines based on data mining techniques
作者: Daisuke Inoue , Katsunari Yoshioka , Masashi Eto , Masaya Yamagata , Eisuke Nishino
DOI: 10.1007/978-3-642-02490-0_71
关键词:
摘要: Malwares are spread all over cyberspace and often lead to serious security incidents. To grasp the present trends of malware activities, there a number ongoing network monitoring projects that collect large amount data such as traffic IDS logs. These need be analyzed in depth since they potentially contain critical symptoms, an outbreak new malware, stealthy activity botnet type attack on unknown vulnerability, etc. We have been developing Network Incident analysis Center for Tactical Emergency Response (NICTER), which monitors wide range networks real-time. The NICTER deploys several engines taking advantage mining techniques order analyze monitored traffics. This paper describes brief overview NICTER, its based engines, Change Point Detector (CPD), Self-Organizing Map analyzer (SOM analyzer) Forecast engine (IF).
springer.com
elsevier.com
sci-hub.st 参考文章(12)
Robert Stone, Dug Song, Rob Malan, A Snapshot of Global Internet Worm Activity ,(2001)
David Moore, Network Telescopes: Tracking Denial-of-Service Attacks and Internet Worms Around the Globe. usenix large installation systems administration conference. ,(2003)
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Donald B. Percival, Andrew T. Walden, Wavelet Methods for Time Series Analysis ,(2006)
Fabien Pouget, Leurre.com: on the advantages of deploying a large scale distributed honeypot platform ,(2005)
Kenji Yamanishi, Jun-ichi Takeuchi, A unifying framework for detecting outliers and change points from non-stationary time series data Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '02. pp. 676- 681 ,(2002) , 10.1145/775047.775148
C. Leita, V.H. Pham, O. Thonnard, E. Ramirez-Silva, F. Pouget, E. Kirda, M. Dacier, The Leurre.com Project: Collecting Internet Threats Information Using a Worldwide Distributed Honeynet 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing. pp. 40- 57 ,(2008) , 10.1109/WISTDCS.2008.8
K. Daoudi, A.B. Frakt, A.S. Willsky, Multiscale autoregressive models and wavelets IEEE Transactions on Information Theory. ,vol. 45, pp. 828- 845 ,(1999) , 10.1109/18.761321
K. Yamanishi, J. Takeuchi, A unifying framework for detecting outliers and change points from time series IEEE Transactions on Knowledge and Data Engineering. ,vol. 18, pp. 482- 492 ,(2006) , 10.1109/TKDE.2006.54