Community Research and Development Information Service - CORDIS

FP7 WOMBAT Logo

WOMBAT

Project reference: 216026
Funded under

Worldwide Observatory of Malicious Behaviors and Attack Threats

From 2008-01-01 to 2011-04-30

Project details

Total cost:

EUR 4 401 578

EU contribution:

EUR 2 890 795

Coordinated in:

France

Call for proposal:

FP7-ICT-2007-1See other projects for this call

Funding scheme:

CP - Collaborative project (generic)

The aim of WOMBAT is to provide new means to understand the existing and emerging threats that are targeting the Internet economy and the net citizens.

Why Research in Emerging Security Threats?

Today, combating cyber-crime becomes harder and harder. This is acknowledged by several recent articles from major anti-virus companies that confirm that cyber-crime scene is becoming increasingly more organized and more consolidated.

Several initiatives exist today that offer information and data that support this theory. However, the information they provide cannot be used by the research community to identify, understand and eventually defeat the cyber threats we are facing. The reasons are twofold:

  • First, due to privacy or confidentiality issues, most of these sources are not allowed to share the detailed information they hold. 
  • Second, as a result of the lack of publicly available information, no framework exists to rigorously investigate emerging attacks using different data sources and viewpoints.

Why WOMBAT?

WOMBAT aims at providing new means to understand the existing and emerging threats that are targeting the Internet economy and the net citizens. To reach this goal, the project is structured around three main objectives (see figure):

  1. Real time gathering of a diverse set of security related raw data: WOMBAT will take advantage of existing sources of information controlled by some of the partners, such as the Deepsight threat management system managed by Symantec, the worldwide distributed honeypot system operated by Eurecom, the nationwide early warning system in use by CERT Polska or the largest malware collection in the world accumulated by Hispasec. WOMBAT will also join efforts with other players in the field and explore how their dataset can be used, in order to obtain a global view of the observed phenomena. Also, some new types of sensors will be considered, especially in the domain of client-based honeypots. An important effort will be devoted to ensure interoperability among these various sources.
  2. Data enrichment by means of various analysis techniques: As the sole observation of a phenomenon does not suffice to reveal its cause(s), other elements surrounding or characterizing it must be formalized and taken into account. WOMBAT will develop new techniques to characterize the observed attacks, the collected malware, etc. This will lead to the semi-automatic generation of metadata associated with the raw data collected.
  3. Threats Analysis: WOMBAT will build upon the recognized expertise of several of its partners in correlating the data and metadata related to various events in order to identify the root cause(s) of a group of intrusions. This will make it possible to generate models of harmless, yet malicious, activities. As a result, the project will not only be able to raise alerts more accurately when new situations emerge but, more importantly, it will offer support during the decision making process for countermeasures selection. These models will help security actors to derive sound rationales for their security investments.

 

 

Objective

The WOMBAT project aims at providing new means to understand the existing and emerging threats that are targeting the Internet economy and the net citizens. To reach this goal, the proposal includes three key workpackages: (i) real time gathering of a diverse set of security related raw data, (ii) enrichment of this input by means of various analysis techniques, and (iii) root cause identification and understanding of the phenomena under scrutiny. The acquired datasets and knowledge will be shared with all interested security actors (ISPs, CERTs, security vendors,etc.), enabling them to make sound security investment decisions and to focus on the most dangerous activities first. Special care will also be devoted to impact the level of confidence of the European citizens in the net economy by leveraging computer security awareness in Europe thanks to the gained expertise.

Related information

Coordinator

FRANCE TELECOM SA
France

EU contribution: EUR 276 327


rue des coutures BP6243 42
14066 Caen
France
Administrative contact: Houssem ASSADI
Tel.: +33231759295
Fax: +33 231378343
E-mail

Participants

TECHNISCHE UNIVERSITAET WIEN
Austria

EU contribution: EUR 395 808


Karlsplatz
1040 WIEN
Austria
Administrative contact: Ruth FOCHTNER
Tel.: +4315880118311
Fax: +4315880118391
E-mail
HISPASEC SISTEMAS S.L.
Spain

EU contribution: EUR 300 258


CALLE RIO TINTO 1-2-A
29700 VELEZ-MALAGA
Spain
Administrative contact: Antonio Javier Roman Arrebola
Tel.: +34 902 161 025
Fax: +34 952 028 694
E-mail
EURECOM
France

EU contribution: EUR 395 216


ROUTE DES CRETES - SOPHIA ANTIPOLIS
06560 VALBONNE
France
Administrative contact: Catherine BETRANCOURT
Tel.: +33 493008105
Fax: +33 493008200
E-mail
FOUNDATION FOR RESEARCH AND TECHNOLOGY HELLAS
Greece

EU contribution: EUR 353 470


N PLASTIRA STR
70013 HERAKLION
Greece
Administrative contact: Zinovia Papatheodorou
Tel.: +30 2810 391522
Fax: +30 2810 391555
E-mail
SYMANTEC LIMITED
Ireland

EU contribution: EUR 315 215


Barrow street, South Bank House
DUBLIN 4
Ireland
Administrative contact: Tiia Raisanen
Tel.: +353 1 886 4859
Fax: +353 1 820 4055
E-mail
POLITECNICO DI MILANO
Italy

EU contribution: EUR 304 937


PIAZZA LEONARDO DA VINCI
20133 MILANO
Italy
Administrative contact: Fabio Conti
Tel.: +390223993431
Fax: +390223993437
E-mail
VERENIGING VOOR CHRISTELIJK HOGER ONDERWIJS WETENSCHAPPELIJK ONDERZOEK EN PATIENTENZORG
Netherlands

EU contribution: EUR 434 492


De Boelelaan
1081 HV AMSTERDAM
Netherlands
Administrative contact: Herbert Bos
Tel.: +31 20 5987746
Fax: +31 20 5987483
E-mail
NAUKOWA I AKADEMICKA SIEC KOMPUTEROWA
Poland

EU contribution: EUR 115 072


UL. WAWOZOWA 18 LOK 010
02-796 WARSZAWA
Poland
Administrative contact: PIOTR KIJEWSKI
Tel.: +48 22 3808 199
Fax: +48 22 3808 399
E-mail
INSTITUTE FOR INFOCOMM RESEARCH
Singapore

EU contribution: EUR 0


21 HENG MUI KENG TERRACE
119613 SINGAPORE
Singapore
Administrative contact: Gerard Ang
Tel.: +65 6874 6143
Fax: +65 67768109
E-mail
Record Number: 85315 / Last updated on: 2016-04-01