Abstract
Internet is an open network environment,large-scale distributed malicious behaviors is increasing day by day on the internet.Potential relationships may exist among network security incidents which occur at different positions and time.In order to deal with those troubles,this paper presents a Coordinative Running Model(CRM) based on Universal Turing Machine.Formal mathematical definition of the model is proposed.Architecture of the model is hierarchy,and the model consists of several important components,which include storage component,interface system and coordinative running engine etc.On the basis of the above work,a Collaborative Running System(CRS) is implemented for analyzing distributed incidents of backbone network.Furthermore,this model is compared with the Security Operation Center(SOC).For three application scenarios,namely botnet tracking,correlation analysis for alerts of Distributed Denial-of-Service(DDoS) attack and relationship analysis between DDoS attack source and botnet,different types of monitoring devices of the backbone network work together through CRS.The analysis results of typical security incidents data show that CRS is efficient and effective to collaboratively analyze the relations of large-scale security incidents at different time and space,and CRS is a powerful platform for analyzing hidden danger among different incidents.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
