Skip to main content
SpringerLink
Log in

Assessing Cybercrime Through the Eyes of the WOMBAT

  • Chapter
  • First Online:
Cyber Situational Awareness

Part of the book series: Advances in Information Security ((ADIS,volume 46))

Abstract

The WOMBAT project is a collaborative European funded research project that aims at providing new means to understand the existing and emerging threats that are targeting the Internet economy and the net citizens. The approach carried out by the partners include a data collection effort as well as some sophisticated analysis techniques. In this chapter, we present one of the threats-related data collection system in use by the project, as well as some of the early results obtained when digging into these data sets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ALMODE Security. Home page of disco at at http://www.altmode.com/disco/.

  2. P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F. Freiling. The Nepenthes Platform: An Efficient Approach to Collect Malware. Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID), September 2006.

    Google Scholar 

  3. U. Bayer, C. Kruegel, and E. Kirda. TTAnalyze: A Tool for Analyzing Malware. PhD thesis, Master’s Thesis, Technical University of Vienna, 2005.

    Google Scholar 

  4. I. Bomze, M. Budinich, P. Pardalos, and M. Pelillo. The maximum clique problem. In Handbook of Combinatorial Optimization, volume 4. Kluwer Academic Publishers, Boston, MA, 1999.

    Google Scholar 

  5. F. M. C. R. Center. Web security trends report q1/2008, http://www.finjan.com/content.aspx?id=827, sep 2008.

  6. CERT. Advisory CA-2003-20 W32/ Blaster worm, August 2003.

    Google Scholar 

  7. Z. Chen, L. Gao, and K. Kwiat. Modeling the spread of active worms. In Proceedings of IEEE INFOCOM, 2003.

    Google Scholar 

  8. M. P. Collins, T. J. Shimeall, S. Faber, J. Janies, R. Weaver, M. D. Shon, and J. Kadane. Using uncleanliness to predict future botnet addresses. In IMC ’07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pages 93–104, New York, NY, USA, 2007. ACM.

    Google Scholar 

  9. E. Cooke, M. Bailey, Z. M. Mao, D. Watson, F. Jahanian, and D. McPherson. Toward understanding distributed blackhole placement. In WORM ’04: Proceedings of the 2004 ACM workshop on Rapid malcode, pages 54–64, New York, NY, USA, 2004. ACM Press.

    Google Scholar 

  10. J. Crandall, S. Wu, and F. Chong. Experiences using Minos as a tool for capturing and analyzing novel worms for unknown vulnerabilities. Proceedings of GI SIG SIDAR Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), 2005.

    Google Scholar 

  11. M. Dacier, F. Pouget, and H. Debar. Attack processes found on the internet. In NATO Symposium IST-041/RSY-013, Toulouse, France, April 2004.

    Google Scholar 

  12. M. Dacier, F. Pouget, and H. Debar. Honeypots, a practical mean to validate malicious fault assumptions. In Proceedings of the 10th Pacific Ream Dependable Computing Conference (PRDC04), Tahiti, February 2004.

    Google Scholar 

  13. M. Dacier, F. Pouget, and H. Debar. Leurre.com: On the advantages of deploying a large scale distributed honeypot platform. In Proceedings of the E-Crime and Computer Conference 2005 (ECCE’05), Monaco, March 2005.

    Google Scholar 

  14. DShield. Distributed Intrusion Detection System, www.dshield.org, 2007.

  15. F-Secure. Malware information pages: Allaple.a, http://www.f-secure.com/v-descs/allaplea.shtml, December 2006.

  16. A. Jain and R. Dubes. Algorithms for Clustering Data. Prentice-Hall advanced reference series, 1988.

    Google Scholar 

  17. C. Leita and M. Dacier. Sgnet: a worldwide deployable framework to support the analysis of malware threat models. In Proceedings of the 7th European Dependable Computing Conference (EDCC 2008), May 2008.

    Google Scholar 

  18. C. Leita and M. Dacier. SGNET: Implementation Insights. In IEEE/IFIP Network Operations and Management Symposium, April 2008.

    Google Scholar 

  19. C. Leita, M. Dacier, and F. Massicotte. Automatic handling of protocol ependencies and reaction to 0-day attacks with ScriptGen based honeypots. In RAID 2006, 9th International Symposium on Recent Advances in Intrusion Detection, September 20-22, 2006, Hamburg, Germany - Also published as Lecture Notes in Computer Science Volume 4219/2006, Sep 2006.

    Google Scholar 

  20. C. Leita, K. Mermoud, and M. Dacier. Scriptgen: an automated script generation tool for honeyd. In Proceedings of the 21st Annual Computer Security Applications Conference, December 2005.

    Google Scholar 

  21. C. Leita, V. Pham, . Thonnard, E. Ramirez-Silva, F. Pouget, E. Kirda, and M. Dacier. The Leurre.com Project: Collecting Internet Threats Information using a Worldwide Distributed Honeynet. In 1st WOMBAT open workshop, April 2008.

    Google Scholar 

  22. Maxmind Product. Home page ot the maxmind company at http://www.maxmind.com.

  23. D. Moore, C. Shannon, G. Voelker, and S. Savage. Network telescopes: Technical report. CAIDA, April, 2004.

    Google Scholar 

  24. S. Needleman and C. Wunsch. A general method applicable to the search for similarities in the amino acid sequence of two proteins. J Mol Biol. 48(3):443-53, 1970.

    Article  Google Scholar 

  25. Netgeo Product. Home page of the netgeo company at http://www.netgeo.com/.

  26. V.-H. Pham and M. Dacier. Honeypot traces forensics: The observation view point matters. Technical report, EURECOM, 2009.

    Google Scholar 

  27. V.-H. Pham, M. Dacier, G. Urvoy Keller, and T. En Najjary. The quest for multi-headed worms. In DIMVA 2008, 5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 10-11th, 2008, Paris, France, Jul 2008.

    Google Scholar 

  28. G. Portokalidis, A. Slowinska, and H. Bos. Argos: an emulator for fingerprinting zero-day attacks. Proc. ACM SIGOPS EUROSYS, 2006.

    Google Scholar 

  29. F. Pouget, M. Dacier, and V. H. Pham. Understanding threats: a prerequisite to enhance survivability of computing systems. In IISW’04, International Infrastructure Survivability Workshop 2004, in conjunction with the 25th IEEE International Real-Time Systems Symposium (RTSS 04) December 5-8, 2004 Lisbonne, Portugal, Dec 2004.

    Google Scholar 

  30. T. C. D. Project. http://www.cymru.com/darknet/.

  31. N. Provos. A virtual honeypot framework. In Proceedings of the 12th USENIX Security Symposium, pages 1–14, August 2004.

    Google Scholar 

  32. M. Rajab, J. Zarfoss, F. Monrose, and A. Terzis. A multifaceted approach to understanding the botnet phenomenon. In ACM SIGCOMM/USENIX Internet Measurement Conference, October 2006.

    Google Scholar 

  33. E. Ramirez-Silva and M. Dacier. Empirical study of the impact of metasploit-related attacks in 4 years of attack traces. In 12th Annual Asian Computing Conference focusing on computer and network security (ASIAN07), December 2007.

    Google Scholar 

  34. J. Riordan, D. Zamboni, and Y. Duponchel. Building and deploying billy goat, a worm detection system. In Proceedings of the 18th Annual FIRST Conference, 2006.

    Google Scholar 

  35. I. M. Sensor. http://ims.eecs.umich.edu/.

  36. TCPDUMP Project. Home page of the tcpdump project at http://www.tcpdump.org/.

  37. The Metasploit Project. www.metasploit.org, 2007.

  38. O. Thonnard and M. Dacier. A framework for attack patterns’ discovery in honeynet data. DFRWS 2008, 8th Digital Forensics Research Conference, August 11- 13, 2008, Baltimore, USA, 2008.

    Google Scholar 

  39. O. Thonnard and M. Dacier. Actionable knowledge discovery for threats intelligence support using a multi-dimensional data mining methodology. In ICDM’08, 8th IEEE International Conference on Data Mining series, December 15-19, 2008, Pisa, Italy, Dec 2008.

    Google Scholar 

  40. L. van der Maaten and G. Hinton. Visualizing data using t-sne. Journal of Machine Learning Research, 9:2579–2605, November 2008.

    Google Scholar 

  41. T. Werner. Honeytrap. http://honeytrap.mwcollect.org/.

  42. M. Zalewski. Home page of p0f at http://lcamtuf.coredump.cx/p0f.shtml.

Download references

Author information

Authors and Affiliations

  1. Symantec, Sophia Antipolis, Please Provide City, France

    Marc Dacier & Corrado Leita

  2. Eurecom, Sophia Antipolis, Please Provide City, France

    Olivier Thonnard, Hau Van Pham & Engin Kirda

Authors
  1. Marc Dacier
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Corrado Leita
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Olivier Thonnard
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hau Van Pham
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Engin Kirda
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marc Dacier .

Editor information

Editors and Affiliations

  1. Ctr. Secure Information Systems, George Mason University, Fairfax, 22030-4444, U.S.A.

    Sushil Jajodia

  2. College of Information Sciences &, Pennsylvania State University, University Park, 16802-6823, U.S.A.

    Peng Liu

  3. MITRE Corporation, Colshire Dr. 7515, McLean, 22102-7508, U.S.A.

    Vipin Swarup

  4. Computing and Information Science Div., US Army Research Office, Research Triangle Park, 27709-2211, U.S.A.

    Cliff Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag US

About this chapter

Cite this chapter

Dacier, M., Leita, C., Thonnard, O., Van Pham, H., Kirda, E. (2010). Assessing Cybercrime Through the Eyes of the WOMBAT. In: Jajodia, S., Liu, P., Swarup, V., Wang, C. (eds) Cyber Situational Awareness. Advances in Information Security, vol 46. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-0140-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-1-4419-0140-8_6

  • Published:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4419-0139-2

  • Online ISBN: 978-1-4419-0140-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation