Towards Distributed Threat Intelligence in Real-Time

Meyer, Philipp; Hiesgen, Raphael; Schmidt, Thomas C.; Nawrocki, Marcin; Wählisch, Matthias

doi:10.1145/3123878.3131992

Verlagslink DOI:	10.1145/3123878.3131992
Titel:	Towards Distributed Threat Intelligence in Real-Time
Sprache:	Englisch
Autorenschaft:	Meyer, Philipp Hiesgen, Raphael Schmidt, Thomas C. Nawrocki, Marcin Wählisch, Matthias
Schlagwörter:	Internet security; threat detection; network forensic
Erscheinungsdatum:	22-Aug-2017
Verlag:	Association for Computing Machinery (ACM)
Buchtitel:	Proceedings of the 2017 SIGCOMM Posters and Demos
Teil der Schriftenreihe:	ACM Conferences
Anfangsseite:	76
Endseite:	78
Konferenz:	ACM SIGCOMM Conference 2017
Zusammenfassung:	In this demo, we address the problem of detecting anomalies on the Internet backbone in near real-time. Many of today's incidents may only become visible from inspecting multiple data sources and by considering multiple vantage points simultaneously. We present a setup based on the distributed forensic platform VAST that was extended to import various data streams from passive measurements and incident reporting at multiple locations, and perform an effective correlation analysis shortly after the data becomes exposed to our queries.
URI:	http://hdl.handle.net/20.500.12738/2128
ISBN:	978-1-4503-5057-0
Begutachtungsstatus:	Diese Version hat ein Peer-Review-Verfahren durchlaufen (Peer Review)
Einrichtung:	Department Informatik Fakultät Technik und Informatik
Dokumenttyp:	Konferenzveröffentlichung
Enthalten in den Sammlungen:	Publications without full text