An incident analysis system NICTER and its analysis engines based on data mining techniques

Daisuke Inoue; Katsunari Yoshioka; Masashi Eto; Masaya Yamagata; Eisuke Nishino; Junnichi Takeuchi; Kazuya Ohkouchi; Koji Nakao

doi:10.1007/978-3-642-02490-0_71

An incident analysis system NICTER and its analysis engines based on data mining techniques

Daisuke Inoue, Katsunari Yoshioka, Masashi Eto, Masaya Yamagata, Eisuke Nishino, Junnichi Takeuchi, Kazuya Ohkouchi, Koji Nakao

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

21 Citations (Scopus)

Abstract

Malwares are spread all over cyberspace and often lead to serious security incidents. To grasp the present trends of malware activities, there are a number of ongoing network monitoring projects that collect large amount of data such as network traffic and IDS logs. These data need to be analyzed in depth since they potentially contain critical symptoms, such as an outbreak of new malware, a stealthy activity of botnet and a new type of attack on unknown vulnerability, etc. We have been developing the Network Incident analysis Center for Tactical Emergency Response (NICTER), which monitors a wide range of networks in real-time. The NICTER deploys several analysis engines taking advantage of data mining techniques in order to analyze the monitored traffics. This paper describes a brief overview of the NICTER, and its data mining based analysis engines, such as Change Point Detector (CPD), Self-Organizing Map analyzer (SOM analyzer) and Incident Forecast engine (IF).

Original language	English
Title of host publication	Advances in Neuro-Information Processing - 15th International Conference, ICONIP 2008, Revised Selected Papers
Pages	579-586
Number of pages	8
Edition	PART 1
DOIs	https://doi.org/10.1007/978-3-642-02490-0_71
Publication status	Published - Sept 21 2009
Event	15th International Conference on Neuro-Information Processing, ICONIP 2008 - Auckland, New Zealand Duration: Nov 25 2008 → Nov 28 2008

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Number	PART 1
Volume	5506 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	15th International Conference on Neuro-Information Processing, ICONIP 2008
Country/Territory	New Zealand
City	Auckland
Period	11/25/08 → 11/28/08

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-642-02490-0_71

Cite this

Inoue, D., Yoshioka, K., Eto, M., Yamagata, M., Nishino, E., Takeuchi, J., Ohkouchi, K., & Nakao, K. (2009). An incident analysis system NICTER and its analysis engines based on data mining techniques. In Advances in Neuro-Information Processing - 15th International Conference, ICONIP 2008, Revised Selected Papers (PART 1 ed., pp. 579-586). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5506 LNCS, No. PART 1). https://doi.org/10.1007/978-3-642-02490-0_71

An incident analysis system NICTER and its analysis engines based on data mining techniques. / Inoue, Daisuke; Yoshioka, Katsunari; Eto, Masashi et al.

Advances in Neuro-Information Processing - 15th International Conference, ICONIP 2008, Revised Selected Papers. PART 1. ed. 2009. p. 579-586 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5506 LNCS, No. PART 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Inoue, D, Yoshioka, K, Eto, M, Yamagata, M, Nishino, E, Takeuchi, J, Ohkouchi, K & Nakao, K 2009, An incident analysis system NICTER and its analysis engines based on data mining techniques. in Advances in Neuro-Information Processing - 15th International Conference, ICONIP 2008, Revised Selected Papers. PART 1 edn, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. PART 1, vol. 5506 LNCS, pp. 579-586, 15th International Conference on Neuro-Information Processing, ICONIP 2008, Auckland, New Zealand, 11/25/08. https://doi.org/10.1007/978-3-642-02490-0_71

Inoue D, Yoshioka K, Eto M, Yamagata M, Nishino E, Takeuchi J et al. An incident analysis system NICTER and its analysis engines based on data mining techniques. In Advances in Neuro-Information Processing - 15th International Conference, ICONIP 2008, Revised Selected Papers. PART 1 ed. 2009. p. 579-586. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 1). doi: 10.1007/978-3-642-02490-0_71

Inoue, Daisuke ; Yoshioka, Katsunari ; Eto, Masashi et al. / An incident analysis system NICTER and its analysis engines based on data mining techniques. Advances in Neuro-Information Processing - 15th International Conference, ICONIP 2008, Revised Selected Papers. PART 1. ed. 2009. pp. 579-586 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 1).

@inproceedings{9601993240024334bd537f182edde38b,

title = "An incident analysis system NICTER and its analysis engines based on data mining techniques",

abstract = "Malwares are spread all over cyberspace and often lead to serious security incidents. To grasp the present trends of malware activities, there are a number of ongoing network monitoring projects that collect large amount of data such as network traffic and IDS logs. These data need to be analyzed in depth since they potentially contain critical symptoms, such as an outbreak of new malware, a stealthy activity of botnet and a new type of attack on unknown vulnerability, etc. We have been developing the Network Incident analysis Center for Tactical Emergency Response (NICTER), which monitors a wide range of networks in real-time. The NICTER deploys several analysis engines taking advantage of data mining techniques in order to analyze the monitored traffics. This paper describes a brief overview of the NICTER, and its data mining based analysis engines, such as Change Point Detector (CPD), Self-Organizing Map analyzer (SOM analyzer) and Incident Forecast engine (IF).",

author = "Daisuke Inoue and Katsunari Yoshioka and Masashi Eto and Masaya Yamagata and Eisuke Nishino and Junnichi Takeuchi and Kazuya Ohkouchi and Koji Nakao",

year = "2009",

month = sep,

day = "21",

doi = "10.1007/978-3-642-02490-0_71",

language = "English",

isbn = "3642024890",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

number = "PART 1",

pages = "579--586",

booktitle = "Advances in Neuro-Information Processing - 15th International Conference, ICONIP 2008, Revised Selected Papers",

edition = "PART 1",

note = "15th International Conference on Neuro-Information Processing, ICONIP 2008 ; Conference date: 25-11-2008 Through 28-11-2008",

}

TY - GEN

T1 - An incident analysis system NICTER and its analysis engines based on data mining techniques

AU - Inoue, Daisuke

AU - Yoshioka, Katsunari

AU - Eto, Masashi

AU - Yamagata, Masaya

AU - Nishino, Eisuke

AU - Takeuchi, Junnichi

AU - Ohkouchi, Kazuya

AU - Nakao, Koji

PY - 2009/9/21

Y1 - 2009/9/21

N2 - Malwares are spread all over cyberspace and often lead to serious security incidents. To grasp the present trends of malware activities, there are a number of ongoing network monitoring projects that collect large amount of data such as network traffic and IDS logs. These data need to be analyzed in depth since they potentially contain critical symptoms, such as an outbreak of new malware, a stealthy activity of botnet and a new type of attack on unknown vulnerability, etc. We have been developing the Network Incident analysis Center for Tactical Emergency Response (NICTER), which monitors a wide range of networks in real-time. The NICTER deploys several analysis engines taking advantage of data mining techniques in order to analyze the monitored traffics. This paper describes a brief overview of the NICTER, and its data mining based analysis engines, such as Change Point Detector (CPD), Self-Organizing Map analyzer (SOM analyzer) and Incident Forecast engine (IF).

AB - Malwares are spread all over cyberspace and often lead to serious security incidents. To grasp the present trends of malware activities, there are a number of ongoing network monitoring projects that collect large amount of data such as network traffic and IDS logs. These data need to be analyzed in depth since they potentially contain critical symptoms, such as an outbreak of new malware, a stealthy activity of botnet and a new type of attack on unknown vulnerability, etc. We have been developing the Network Incident analysis Center for Tactical Emergency Response (NICTER), which monitors a wide range of networks in real-time. The NICTER deploys several analysis engines taking advantage of data mining techniques in order to analyze the monitored traffics. This paper describes a brief overview of the NICTER, and its data mining based analysis engines, such as Change Point Detector (CPD), Self-Organizing Map analyzer (SOM analyzer) and Incident Forecast engine (IF).

UR - http://www.scopus.com/inward/record.url?scp=70349145395&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70349145395&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-02490-0_71

DO - 10.1007/978-3-642-02490-0_71

M3 - Conference contribution

AN - SCOPUS:70349145395

SN - 3642024890

SN - 9783642024894

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 579

EP - 586

BT - Advances in Neuro-Information Processing - 15th International Conference, ICONIP 2008, Revised Selected Papers

T2 - 15th International Conference on Neuro-Information Processing, ICONIP 2008

Y2 - 25 November 2008 through 28 November 2008

ER -

An incident analysis system NICTER and its analysis engines based on data mining techniques

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this