Security Monitoring of the Cyber Space

Security Monitoring of the Cyber Space

Claude Fachkha (Concordia University, Canada)
Copyright: © 2015 |Pages: 22
DOI: 10.4018/978-1-4666-8456-0.ch004
OnDemand PDF Download:
No Current Special Offers


Adversaries are abusing Internet security and privacy services to execute cyber attacks. To cope with these threats, network operators utilize various security tools and techniques to monitor the cyber space. An efficient way to infer Internet threat activities is to collect information from trap-based monitoring sensors. As such, this chapter primarily defines the cyberspace trap-based monitoring systems and their taxonomies. Moreover, it presents the state-of-the-art in terms of research contributions and techniques, tools and technologies. Furthermore, it identifies gaps in terms of science and technology. Additionally, it presents some case studies and practical approaches corresponding to large-scale cyber monitoring systems such as Nicter. We further present some related security policies and legal issues for network monitoring. This chapter provides an overview on Internet monitoring and offers a guideline for readers to help them understand the concepts of observing, detecting and analyzing cyber attacks through computer network traps.
Chapter Preview

1. Introduction

As of 2014, the Internet, the network of networks, provides information sharing and communication systems to more than 7 billion users (Internet Word Stats, 2014). This number is dramatically increasing as humans are becoming more dependent on social media/networks, mobiles, telecommunication, gaming, dating websites in addition to various cloud services and facilities. This increase rises the size of information sharing and hence created the term Big Data. This term has become the focus, the challenge and the exclamation mark for Internet Service Providers (ISPs), organizations, law enforcements and government agencies. For example, the questions are how to handle such large amount of information? How to analyze the traffic and how to secure and control such big data?

In regard to privacy, security and control, this cyberspace challenge takes an appeal of a continuous conflict due to the fact that computer attack tools and techniques are becoming more intelligently designed and hackers are capable of launching worldwide impacting attacks for various reasons such as large-scale Denial-of-Service (CloudFlare, 2014), cyber-terrorism, information theft, hate crimes, defamation, bullying, identity theft and fraud. For instance, the Flame code, the most complex malware ever found, is a new generation of malware discovered in 2012 that aims to target nuclear power plants machines (Nakashima, Miller, and Tate, 2012). This obviously open the door of a new cyber war impacting the whole world including critical physical infrastructure such as power plants, nuclear, and more. Furthermore, the existence of widely available encryption and anonymizing techniques makes the surveillance and the investigation of cyber attacks much harder problem. In this context, the availability of relevant cyber threat collecting and monitoring systems is of paramount importance.

In this content, we attempt in this chapter to find answers to the following questions:

  • How do we investigate large-scale cyber events?

  • What is the state of the art of cyber security monitoring systems?

  • Who has the capability to monitor the cyberspace?

  • What are the privacy and security policies behind security analysis and deployment?

Answering the above questions can help security operators to understand the objectives of network monitoring technologies, their corresponding pros and cons, their deployments, their traffic analysis processes, their embedded threats, the difference among them as well as their research gaps. Moreover, the readers can have an overview on the security policies and legal issues that mostly unknown for network operators and even adversaries.

The rest of this chapter is organized as follows. Section II presents the background information on various network monitoring concepts and cyber threats. Section III provides the state of the art of trap-based monitoring tools. Section IV discusses the security policies and legal issues in network monitoring. Section V presents the trend and the future research directions. Finally, Section V summaries and concludes with a discussion on the monitoring systems and research.


2. Background

This section provides an overview on the major elements of this chapter, namely, the trap-based monitoring systems and their embedded cyber threats.

Complete Chapter List

Search this Book: