Intro to Upstream Intelligence
Upstream Intelligence is a relatively new concept, that helps ISPs and government organizations data-mine and profile traffic. The concept is relatively simple: grab huge data sets at high traffic choke points, and analyze this for 'shady' behavior. Hopefully, this network level traffic analysis can help spot DoS, and DDoS type of attacks, as well as Botnet command flow, and zombie responses to hacker servers/databases. In this manner, UI will be able to spot threat agents, allowing government to start taking action against organized hackers. This is the flip side to patching vulns, actually catching the bad guys :D UI is already being carried out by the large internet providers, the Cybersecurity Act of 2009, and the newly created US Cyber Command. You can read about this in IAnewsletter, Vol 13, No3. More articles will be written soon in IA, with great detail on upstream intelligence. So if you were unaware previously, they are watching. Although, upstream intelligence's inherent downfall exists in the anonymity of a single user's traffic. The concept is intended to gather large sets of data, and draw correlations between reoccurring trends, to single out high profile threats.