An incident analysis system NICTER and its analysis engines based on data mining techniques

Daisuke Inoue, Katsunari Yoshioka, Masashi Eto, Masaya Yamagata, Eisuke Nishino, Junnichi Takeuchi, Kazuya Ohkouchi, Koji Nakao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Citations (Scopus)

Abstract

Malwares are spread all over cyberspace and often lead to serious security incidents. To grasp the present trends of malware activities, there are a number of ongoing network monitoring projects that collect large amount of data such as network traffic and IDS logs. These data need to be analyzed in depth since they potentially contain critical symptoms, such as an outbreak of new malware, a stealthy activity of botnet and a new type of attack on unknown vulnerability, etc. We have been developing the Network Incident analysis Center for Tactical Emergency Response (NICTER), which monitors a wide range of networks in real-time. The NICTER deploys several analysis engines taking advantage of data mining techniques in order to analyze the monitored traffics. This paper describes a brief overview of the NICTER, and its data mining based analysis engines, such as Change Point Detector (CPD), Self-Organizing Map analyzer (SOM analyzer) and Incident Forecast engine (IF).

Original languageEnglish
Title of host publicationAdvances in Neuro-Information Processing - 15th International Conference, ICONIP 2008, Revised Selected Papers
Pages579-586
Number of pages8
EditionPART 1
DOIs
Publication statusPublished - Sep 21 2009
Event15th International Conference on Neuro-Information Processing, ICONIP 2008 - Auckland, New Zealand
Duration: Nov 25 2008Nov 28 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 1
Volume5506 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other15th International Conference on Neuro-Information Processing, ICONIP 2008
CountryNew Zealand
CityAuckland
Period11/25/0811/28/08

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Inoue, D., Yoshioka, K., Eto, M., Yamagata, M., Nishino, E., Takeuchi, J., ... Nakao, K. (2009). An incident analysis system NICTER and its analysis engines based on data mining techniques. In Advances in Neuro-Information Processing - 15th International Conference, ICONIP 2008, Revised Selected Papers (PART 1 ed., pp. 579-586). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5506 LNCS, No. PART 1). https://doi.org/10.1007/978-3-642-02490-0_71