By Topic

A SOC Framework for ISP Federation and Attack Forecast by Learning Propagation Patterns

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Takemori, K. ; KDDI R&D Labs., Kamifukuoka ; Miyake, Y. ; Ishida, C. ; Sasase, Iwao

A security operation center (SOC), which monitors network traffic on each domain, has been established to detect cyber attacks. However, there have been ever increasing worms and distributed denial of service (DDoS) attacks on the Internet and the number of unknown attacks is increasing day by day. It is hard to defend network infrastructure via the SOC, which is operated by an internet service provider (ISP). It is thus important to predict new security threats and share incidents that occur with related ISPs. In the case of Japan, the Telecom Information Sharing and Analysis Center (Telecom-ISAC) Japan is established for a federation scheme with ISP operators against serious security incidents. In this research, we design a federation SOC framework that monitors wide-area networks and analyzes multi-point traffic using statistical approaches. It can suggest anomalous ISPs and traffic parameters automatically. Moreover, we propose an attack forecast technique to ensure a swift response to regular and new attacks. The technique depicts an attack map and learns attack propagation patterns by using the Bayesian inference. We implement the system and evaluate integrated scale of the ISPs and forecast correct rate.

Published in:

Intelligence and Security Informatics, 2007 IEEE

Date of Conference:

23-24 May 2007