An incident analysis system NICTER and its analysis engines based on data mining techniques

Authors:
Daisuke Inoue;Katsunari Yoshioka;Masashi Eto;Masaya Yamagata;Eisuke Nishino;Jun'ichi Takeuchi;Kazuya Ohkouchi;Koji Nakao
Affiliations:
National Institute of Information and Communications Technology;Yokohama National University;National Institute of Information and Communications Technology;NEC Corp.;Kyushu University;Kyushu University;Hitachi, Ltd.;National Institute of Information and Communications Technology
Venue:
ICONIP'08 Proceedings of the 15th international conference on Advances in neuro-information processing - Volume Part I
Year:
2008

Citing 6
Cited 3

A unifying framework for detecting outliers and change points from non-stationary time series data

Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
A Unifying Framework for Detecting Outliers and Change Points from Time Series

IEEE Transactions on Knowledge and Data Engineering
The SANS Internet Storm Center

WISTDCS '08 Proceedings of the 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing
The Leurre.com Project: Collecting Internet Threats Information Using a Worldwide Distributed Honeynet

WISTDCS '08 Proceedings of the 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing
nicter: An Incident Analysis System Toward Binding Network Monitoring with Malware Analysis

WISTDCS '08 Proceedings of the 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing
Multiscale autoregressive models and wavelets

IEEE Transactions on Information Theory

BURN: baring unknown rogue networks

Proceedings of the 8th International Symposium on Visualization for Cyber Security
Botnet detection based on non-negative matrix factorization and the MDL principle

ICONIP'12 Proceedings of the 19th international conference on Neural Information Processing - Volume Part V
Behavior analysis of long-term cyber attacks in the darknet

ICONIP'12 Proceedings of the 19th international conference on Neural Information Processing - Volume Part V

Quantified Score

Hi-index	0.01

Visualization

Abstract

Malwares are spread all over cyberspace and often lead to serious security incidents. To grasp the present trends of malware activities, there are a number of ongoing network monitoring projects that collect large amount of data such as network traffic and IDS logs. These data need to be analyzed in depth since they potentially contain critical symptoms, such as an outbreak of new malware, a stealthy activity of botnet and a new type of attack on unknown vulnerability, etc. We have been developing the Network Incident analysis Center for Tactical Emergency Response (NICTER), which monitors a wide range of networks in real-time. The NICTER deploys several analysis engines taking advantage of data mining techniques in order to analyze the monitored traffics. This paper describes a brief overview of the NICTER, and its data mining based analysis engines, such as Change Point Detector (CPD), Self-Organizing Map analyzer (SOM analyzer) and Incident Forecast engine (IF).