| Presentation | 2004/2/26 Modeling Techniques about Statistical Theory of Attack Events Keisuke TAKEMORI, Yutaka MIYAKE, Toshiaki TANAKA, Iwao SASASE, |
|---|---|
| PDF Download Page | PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Recently, many security threats affect network systems. Security operation centers (SOC) are established against cyber-terrorisms, which monitor network traffics by using intrusion detection systems (IDS). Anomaly events caused by worms and viruses are identified by the SOC operators. But subjective alarms are not reliable enough. In this research, we collect plenty number of IDS logs and propose modeling techniques about attack events. We consider three attack parameters, event counts, event arrival ratio and event vast length, which indicate anomaly issues. Experimental results with some audit data show that the event counts can be modeled into Poisson distribution, arrival ratio and event length can be modeled into Exponential distribution. The SOC reports will be more reliable by the modeling techniques. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Cyber-terrorism / IDS Log / Anomaly Detection / Attack Traffic |
| Paper # | NS2003-286,IN2003-241 |
| Date of Issue |
| Conference Information | |
| Committee | NS |
|---|---|
| Conference Date | 2004/2/26(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Network Systems(NS) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Modeling Techniques about Statistical Theory of Attack Events |
| Sub Title (in English) | |
| Keyword(1) | Cyber-terrorism |
| Keyword(2) | IDS Log |
| Keyword(3) | Anomaly Detection |
| Keyword(4) | Attack Traffic |
| 1st Author's Name | Keisuke TAKEMORI |
| 1st Author's Affiliation | Dept. of Info.& Computer Science, Keio University:KDDI R&D Laboratories Inc.() |
| 2nd Author's Name | Yutaka MIYAKE |
| 2nd Author's Affiliation | KDDI R&D Laboratories Inc. |
| 3rd Author's Name | Toshiaki TANAKA |
| 3rd Author's Affiliation | KDDI R&D Laboratories Inc. |
| 4th Author's Name | Iwao SASASE |
| 4th Author's Affiliation | Dept. of Info.& Computer Science, Keio University |
| Date | 2004/2/26 |
| Paper # | NS2003-286,IN2003-241 |
| Volume (vol) | vol.103 |
| Number (no) | 689 |
| Page | pp.pp.- |
| #Pages | 4 |
| Date of Issue | |