Enhancing Telecom Security Through Big Data Analytics and Cloud-Based Threat Intelligence

Abstract

Negative effects of cyber-attacks against telecom operators are imposed not only on the telecom operators but also on their users. Even worse, negative effects could be imposed on national economies and on public safety. This situation happens because telecom operators are the primary communications infrastructure providers used by enterprises and people for their day-to-day operations. In the network-cloud era, telecom operators face cyber threats from both established and new attack sources. In addition, telecom operators deliver numerous services over general-purpose COTS hardware and software for lower COST, which ultimately results in larger surfaces of attack. These challenges require enhanced telecom security that can effectively improve detection, prevention, response, and recovery capabilities against advanced, massive, and patchy threats targeting telecom networks and services.

Although real-time threat detection and forensic investigation can be efficiently performed using state-of-the-art techniques such as big data analytics based on statistics or machine learning models, it is challenging to understand unknown threats. This results in having to deal with an unknown threat, which is more costly than known threats. The recently proposed cloud-based threat intelligence service can fill this gap by providing threat information regarding new attack sources, tactics, methods used, signatures, and patch solutions. Such service can leverage a large telecom security consortium where a group of telecom operators share the information of their security logs and shares the cost of the threat intelligence service, which usually charges COSTs based on the size of ingested logs. The consortium must protect its ingested logs and extracted intelligence in the service from being compromised by users in the cloud.