More details»
WAPI, or WOMBAT API, is a SOAP-based API built in the context of the project to facilitate the remote access and exploration of security-related datasets.
WAPI, or WOMBAT API, is a SOAP-based API built in the context of the project to facilitate the remote access and exploration of security-related datasets.
Building Analysis Datasets and Gathering Experience Returns for Security
Workshop on development of large scale security-related data collection and analysis initiatives
The WOMBAT consortium will organise its second open workshop in Salzburg, Austria, on April 10. The BADGERS workshop is co-located with the EuroSys 2011 conference. Check the conference page for up-to-date info.
The BADGERS workshop is intended to encourage the development of large scale security-related data collection and analysis initiatives. It will provide an environment to describe already existing real-world, large-scale datasets, and to share with the systems community the return on experiences acquired by analyzing such collected data. Furthermore, novel approaches to collect and study such data sets are welcome.
In contrast to the systems community, security researchers have only recently started collecting and looking at large-scale, real-world data (e.g., the EU WOMBAT and the US PREDICT initiatives). It is well known that experimental work is often hampered by concerns such as confidentiality, privacy, and liability. However, the threat landscape is rapidly changing and this represents a growing concern for individuals and organisations. To address these issues appropriately, there is a dire need to better understand the modus operandi and the motivations of the attackers. This can only be achieved by getting access to large-scale, real-world data, and by designing techniques to mine relevant knowledge out of it.
This workshop aims at bringing together people (e.g., researchers, practitioners, system administrators, system programmers) active in the emerging domain of security-related data collection and analysis. By giving visibility to existing solutions, we expect that the workshop will promote and encourage the better sharing of data and knowledge.
By co-locating the BADGERS workshop with EuroSys, we wish to create a bridge between the well-established systems community and the members of the security community who are interested in experimental systems work.
The BADGER workshop solicits two kinds of submissions: Regular papers and work in progress papers. Regular papers should not exceed 8 pages, excluding well-marked appendixes. Work in progress papers should not exceed two pages.
The WOMBAT consortium will organise its first open workshop in St
Malo, France, on September 22-23 (from Tuesday 12:00 - Wednesday 12:00).
The workshop is conveniently co-located with RAID and organised just before the main conference. The workshop will be practical and hands-on. Attendance will be limited to 45 researchers. Registration should be made through the RAID registration site by selecting the RAID+WOMBAT option.
By means of presentations, participants will learn what sources of
information Wombat makes available to analysts, security experts and researchers. These sources include malware repositories and attack related databases such as those of Anubis, Symantec, HoneySpider, VirusTotal, Noah, SGNet, and several others. Moreover, participants will be allowed to get hands-on experience in an exciting tutorial session in which the participant uses a variety of sensors and databases to analyse different security incidents.
We believe that the availability of a large set of databases and a way to access all of them conveniently will be crucial for any security expert. By means of a simple API, WOMBAT allows users to do so in an intuitive manner, while allowing the data owners to keep control over exactly what data can be shared and how.
M. Corrado LEITA will publicly defend his UNS Doctoral Thesis
on Thursday, December 4th 2008 at 2:00 pm, in the Amphitheater MARCONI at EURECOM.
Topic of the Thesis:
"SGNET: automated protocol learning for the observation of malicious threats"
Jury members :
One of the main prerequisites for the development of reliable defenses to protect a network resource consists in the collection of quantitative data on Internet threats. This attempt to "know your enemy" leads to an increasing interest in the collection and exploitation of datasets providing intelligence on network attacks. The creation of these datasets is a very challenging task. The challenge derives from the need to cope with the spatial and quantitative diversity of malicious activities. The observations need to be performed on a broad perspective, since the activities are not uniformly distributed over the IP space. At the same time, the data collectors need to be sophisticated enough to extract a sufficient amount of information on each activity and perform meaningful inferences. How to combine the simultaneous need to deploy a vast number of data collectors with the need of sophistication required to make meaningful observations? This work addresses this challenge by proposing a protocol learning technique based on bioinformatics algorithms. The proposed technique allows to automatically generate low-cost protocol responders starting from a set of samples of network interaction. Its characteristics are exploited in a distributed honeypot deployment that collected information on Internet attacks for a period of 8 months in 23 different networks distributed all over the world (Europe, Australia, United States). This information is organized in a central dataset enriched with contextual information from a number of sources and analysis tools. Simple data mining techniques proposed in this work allow the generation of a valuable overview on the propagation techniques employed by nowadays malware.