Security
The research activity focusses on researching methods, tools and algorithms to collect and analyze security threats. Closely followed by research on mitigation methodologies with emphasis on automation for incident notification and handling in the multi-domain environment.
Focus of research:
- Detecting new threats by Honeypot deployment, filling lists of C&C botnet servers
- Detecting malicious traffic based on fractal geometry anomaly detection algorithms
- Collecting information about anomalous behaviour in a centralized information-database system
- Establish a standard format for notifying about security related issues
- Studying automated methods to notify about problems over Geant multi-domain services
- Research automated methods to open security incidents in a multi-domain environment
- Research on existing and new features of network devices and protocols to support anomaly and malware detection and mitigation.
Results
- An overview of the research areas is provided in Deliverable 2.4.1
- First results in anomaly detection algorithm based on geometrical characteristics of address (and port) distribution - fractal and similar dimensions
- Botnet Detection Using Internet Alerts
- A Literature Survey About Recent Botnet Trends
- Inspecting DNS Flow Traffic for Purposes of Botnet Detection
- X-ARF: A Reporting and Exchange Format for the Data Exchange of Netflow and Honeypot Data
- Presentation held in Rome 30 January 2012: Update on X-ARF format
