Security Monitoring of the Cyber Space

TL;DR

This paper provides a comprehensive overview of trap-based cyber space monitoring systems, their taxonomy, current research, practical implementations, and related policies, aiming to enhance Internet threat detection and analysis.

Contribution

It defines cyberspace trap-based monitoring systems, reviews state-of-the-art techniques, identifies research gaps, and discusses practical case studies and legal issues.

Findings

Overview of trap-based monitoring systems and their taxonomy.

Analysis of current research contributions and technological tools.

Identification of gaps and future directions in cyber monitoring.

Abstract

Adversaries are abusing Internet security and privacy services to execute cyber attacks. To cope with these threats, network operators utilize various security tools and techniques to monitor the cyber space. An efficient way to infer Internet threat activities is to collect information from trap-based monitoring sensors. As such, this chapter primarily defines the cyberspace trap-based monitoring systems and their taxonomies. Moreover, it presents the state-of-the-art in terms of research contributions and techniques, tools and technologies. Furthermore, it identifies gaps in terms of science and technology. Additionally, it presents some case studies and practical approaches corresponding to large-scale cyber monitoring systems such as Nicter. We further present some related security policies and legal issues for network monitoring. This chapter provides an overview on Internet monitoring and offers a guideline for readers to help them understand the concepts of observing, detecting and analyzing cyber attacks through computer network traps.