Abstract
The WOMBAT project is a collaborative European funded research project that aims at providing new means to understand the existing and emerging threats that are targeting the Internet economy and the net citizens. The approach carried out by the partners include a data collection effort as well as some sophisticated analysis techniques. In this chapter, we present one of the threats-related data collection system in use by the project, as well as some of the early results obtained when digging into these data sets.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ALMODE Security. Home page of disco at at http://www.altmode.com/disco/.
P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F. Freiling. The Nepenthes Platform: An Efficient Approach to Collect Malware. Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID), September 2006.
U. Bayer, C. Kruegel, and E. Kirda. TTAnalyze: A Tool for Analyzing Malware. PhD thesis, Master’s Thesis, Technical University of Vienna, 2005.
I. Bomze, M. Budinich, P. Pardalos, and M. Pelillo. The maximum clique problem. In Handbook of Combinatorial Optimization, volume 4. Kluwer Academic Publishers, Boston, MA, 1999.
F. M. C. R. Center. Web security trends report q1/2008, http://www.finjan.com/content.aspx?id=827, sep 2008.
CERT. Advisory CA-2003-20 W32/ Blaster worm, August 2003.
Z. Chen, L. Gao, and K. Kwiat. Modeling the spread of active worms. In Proceedings of IEEE INFOCOM, 2003.
M. P. Collins, T. J. Shimeall, S. Faber, J. Janies, R. Weaver, M. D. Shon, and J. Kadane. Using uncleanliness to predict future botnet addresses. In IMC ’07: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, pages 93–104, New York, NY, USA, 2007. ACM.
E. Cooke, M. Bailey, Z. M. Mao, D. Watson, F. Jahanian, and D. McPherson. Toward understanding distributed blackhole placement. In WORM ’04: Proceedings of the 2004 ACM workshop on Rapid malcode, pages 54–64, New York, NY, USA, 2004. ACM Press.
J. Crandall, S. Wu, and F. Chong. Experiences using Minos as a tool for capturing and analyzing novel worms for unknown vulnerabilities. Proceedings of GI SIG SIDAR Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), 2005.
M. Dacier, F. Pouget, and H. Debar. Attack processes found on the internet. In NATO Symposium IST-041/RSY-013, Toulouse, France, April 2004.
M. Dacier, F. Pouget, and H. Debar. Honeypots, a practical mean to validate malicious fault assumptions. In Proceedings of the 10th Pacific Ream Dependable Computing Conference (PRDC04), Tahiti, February 2004.
M. Dacier, F. Pouget, and H. Debar. Leurre.com: On the advantages of deploying a large scale distributed honeypot platform. In Proceedings of the E-Crime and Computer Conference 2005 (ECCE’05), Monaco, March 2005.
DShield. Distributed Intrusion Detection System, www.dshield.org, 2007.
F-Secure. Malware information pages: Allaple.a, http://www.f-secure.com/v-descs/allaplea.shtml, December 2006.
A. Jain and R. Dubes. Algorithms for Clustering Data. Prentice-Hall advanced reference series, 1988.
C. Leita and M. Dacier. Sgnet: a worldwide deployable framework to support the analysis of malware threat models. In Proceedings of the 7th European Dependable Computing Conference (EDCC 2008), May 2008.
C. Leita and M. Dacier. SGNET: Implementation Insights. In IEEE/IFIP Network Operations and Management Symposium, April 2008.
C. Leita, M. Dacier, and F. Massicotte. Automatic handling of protocol ependencies and reaction to 0-day attacks with ScriptGen based honeypots. In RAID 2006, 9th International Symposium on Recent Advances in Intrusion Detection, September 20-22, 2006, Hamburg, Germany - Also published as Lecture Notes in Computer Science Volume 4219/2006, Sep 2006.
C. Leita, K. Mermoud, and M. Dacier. Scriptgen: an automated script generation tool for honeyd. In Proceedings of the 21st Annual Computer Security Applications Conference, December 2005.
C. Leita, V. Pham, . Thonnard, E. Ramirez-Silva, F. Pouget, E. Kirda, and M. Dacier. The Leurre.com Project: Collecting Internet Threats Information using a Worldwide Distributed Honeynet. In 1st WOMBAT open workshop, April 2008.
Maxmind Product. Home page ot the maxmind company at http://www.maxmind.com.
D. Moore, C. Shannon, G. Voelker, and S. Savage. Network telescopes: Technical report. CAIDA, April, 2004.
S. Needleman and C. Wunsch. A general method applicable to the search for similarities in the amino acid sequence of two proteins. J Mol Biol. 48(3):443-53, 1970.
Netgeo Product. Home page of the netgeo company at http://www.netgeo.com/.
V.-H. Pham and M. Dacier. Honeypot traces forensics: The observation view point matters. Technical report, EURECOM, 2009.
V.-H. Pham, M. Dacier, G. Urvoy Keller, and T. En Najjary. The quest for multi-headed worms. In DIMVA 2008, 5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 10-11th, 2008, Paris, France, Jul 2008.
G. Portokalidis, A. Slowinska, and H. Bos. Argos: an emulator for fingerprinting zero-day attacks. Proc. ACM SIGOPS EUROSYS, 2006.
F. Pouget, M. Dacier, and V. H. Pham. Understanding threats: a prerequisite to enhance survivability of computing systems. In IISW’04, International Infrastructure Survivability Workshop 2004, in conjunction with the 25th IEEE International Real-Time Systems Symposium (RTSS 04) December 5-8, 2004 Lisbonne, Portugal, Dec 2004.
T. C. D. Project. http://www.cymru.com/darknet/.
N. Provos. A virtual honeypot framework. In Proceedings of the 12th USENIX Security Symposium, pages 1–14, August 2004.
M. Rajab, J. Zarfoss, F. Monrose, and A. Terzis. A multifaceted approach to understanding the botnet phenomenon. In ACM SIGCOMM/USENIX Internet Measurement Conference, October 2006.
E. Ramirez-Silva and M. Dacier. Empirical study of the impact of metasploit-related attacks in 4 years of attack traces. In 12th Annual Asian Computing Conference focusing on computer and network security (ASIAN07), December 2007.
J. Riordan, D. Zamboni, and Y. Duponchel. Building and deploying billy goat, a worm detection system. In Proceedings of the 18th Annual FIRST Conference, 2006.
I. M. Sensor. http://ims.eecs.umich.edu/.
TCPDUMP Project. Home page of the tcpdump project at http://www.tcpdump.org/.
The Metasploit Project. www.metasploit.org, 2007.
O. Thonnard and M. Dacier. A framework for attack patterns’ discovery in honeynet data. DFRWS 2008, 8th Digital Forensics Research Conference, August 11- 13, 2008, Baltimore, USA, 2008.
O. Thonnard and M. Dacier. Actionable knowledge discovery for threats intelligence support using a multi-dimensional data mining methodology. In ICDM’08, 8th IEEE International Conference on Data Mining series, December 15-19, 2008, Pisa, Italy, Dec 2008.
L. van der Maaten and G. Hinton. Visualizing data using t-sne. Journal of Machine Learning Research, 9:2579–2605, November 2008.
T. Werner. Honeytrap. http://honeytrap.mwcollect.org/.
M. Zalewski. Home page of p0f at http://lcamtuf.coredump.cx/p0f.shtml.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag US
About this chapter
Cite this chapter
Dacier, M., Leita, C., Thonnard, O., Van Pham, H., Kirda, E. (2010). Assessing Cybercrime Through the Eyes of the WOMBAT. In: Jajodia, S., Liu, P., Swarup, V., Wang, C. (eds) Cyber Situational Awareness. Advances in Information Security, vol 46. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-0140-8_6
Download citation
DOI: https://doi.org/10.1007/978-1-4419-0140-8_6
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-0139-2
Online ISBN: 978-1-4419-0140-8
eBook Packages: Computer ScienceComputer Science (R0)