Skip to main content

Worldwide Observatory of Malicious Behaviors and Attack Threats

Descrizione del progetto


Secure, dependable and trusted Infrastructures
The aim of WOMBAT is to provide new means to understand the existing and emerging threats that are targeting the Internet economy and the net citizens.

Why Research in Emerging Security Threats?

Today, combating cyber-crime becomes harder and harder. This is acknowledged by several recent articles from major anti-virus companies that confirm that cyber-crime scene is becoming increasingly more organized and more consolidated.

Several initiatives exist today that offer information and data that support this theory. However, the information they provide cannot be used by the research community to identify, understand and eventually defeat the cyber threats we are facing. The reasons are twofold:

  • First, due to privacy or confidentiality issues, most of these sources are not allowed to share the detailed information they hold. 
  • Second, as a result of the lack of publicly available information, no framework exists to rigorously investigate emerging attacks using different data sources and viewpoints.

Why WOMBAT?

WOMBAT aims at providing new means to understand the existing and emerging threats that are targeting the Internet economy and the net citizens. To reach this goal, the project is structured around three main objectives (see figure):

  1. Real time gathering of a diverse set of security related raw data: WOMBAT will take advantage of existing sources of information controlled by some of the partners, such as the Deepsight threat management system managed by Symantec, the worldwide distributed honeypot system operated by Eurecom, the nationwide early warning system in use by CERT Polska or the largest malware collection in the world accumulated by Hispasec. WOMBAT will also join efforts with other players in the field and explore how their dataset can be used, in order to obtain a global view of the observed phenomena. Also, some new types of sensors will be considered, especially in the domain of client-based honeypots. An important effort will be devoted to ensure interoperability among these various sources.
  2. Data enrichment by means of various analysis techniques: As the sole observation of a phenomenon does not suffice to reveal its cause(s), other elements surrounding or characterizing it must be formalized and taken into account. WOMBAT will develop new techniques to characterize the observed attacks, the collected malware, etc. This will lead to the semi-automatic generation of metadata associated with the raw data collected.
  3. Threats Analysis: WOMBAT will build upon the recognized expertise of several of its partners in correlating the data and metadata related to various events in order to identify the root cause(s) of a group of intrusions. This will make it possible to generate models of harmless, yet malicious, activities. As a result, the project will not only be able to raise alerts more accurately when new situations emerge but, more importantly, it will offer support during the decision making process for countermeasures selection. These models will help security actors to derive sound rationales for their security investments.

 

 

Invito a presentare proposte

FP7-ICT-2007-1
Vedi altri progetti per questo bando

Meccanismo di finanziamento

CP - Collaborative project (generic)

Coordinatore

ORANGE SA
Indirizzo
111 Quai Du President Roosevelt
92130 Issy Les Moulineaux
Francia
Tipo di attività
Private for-profit entities (excluding Higher or Secondary Education Establishments)
Contributo UE
€ 276 327
Contatto amministrativo
Houssem ASSADI (Mr.)

Partecipanti (9)

TECHNISCHE UNIVERSITAET WIEN
Austria
Contributo UE
€ 395 808
Indirizzo
Karlsplatz 13
1040 Wien
Tipo di attività
Higher or Secondary Education Establishments
Contatto amministrativo
Ruth FOCHTNER (Mrs)
HISPASEC SISTEMAS S.L.
Spagna
Contributo UE
€ 300 258
Indirizzo
Calle Rio Tinto 1-2-A
29700 Velez-malaga
Tipo di attività
Private for-profit entities (excluding Higher or Secondary Education Establishments)
Contatto amministrativo
Antonio Javier Roman Arrebola (Mr.)
EURECOM
Francia
Contributo UE
€ 395 216
Indirizzo
Route Des Chappes 450 Campus Sophiatech
06410 Biot
Tipo di attività
Higher or Secondary Education Establishments
Contatto amministrativo
Catherine BETRANCOURT (Mrs)
IDRYMA TECHNOLOGIAS KAI EREVNAS
Grecia
Contributo UE
€ 353 470
Indirizzo
N Plastira Str 100
70013 Irakleio
Tipo di attività
Research Organisations
Contatto amministrativo
Zinovia Papatheodorou (Mrs.)
NORTONLIFELOCK IRELAND LIMITED
Irlanda
Contributo UE
€ 315 215
Indirizzo
Barrow Street South Bank House 6Th Floor
D04TR29 Dublin
Tipo di attività
Private for-profit entities (excluding Higher or Secondary Education Establishments)
Contatto amministrativo
Tiia Raisanen (Ms.)
POLITECNICO DI MILANO
Italia
Contributo UE
€ 304 937
Indirizzo
Piazza Leonardo Da Vinci 32
20133 Milano
Tipo di attività
Higher or Secondary Education Establishments
Contatto amministrativo
Fabio Conti (Mr.)
VERENIGING VOOR CHRISTELIJK HOGER ONDERWIJS WETENSCHAPPELIJK ONDERZOEK EN PATIENTENZORG
Paesi Bassi
Contributo UE
€ 434 492
Indirizzo
De Boelelaan 1105
1081 HV Amsterdam
Tipo di attività
Higher or Secondary Education Establishments
Contatto amministrativo
Herbert Bos (Dr.Ir)
NAUKOWA I AKADEMICKA SIEC KOMPUTEROWA - PANSTWOWY INSTYTUT BADAWCZY
Polonia
Contributo UE
€ 115 072
Indirizzo
Ul Kolska 12
01 045 Warszawa
Tipo di attività
Research Organisations
Contatto amministrativo
PIOTR KIJEWSKI (MR.)
INSTITUTE FOR INFOCOMM RESEARCH
Singapore
Contributo UE
€ 0
Indirizzo
Heng Mui Keng Terrace 21
119613 Singapore
Tipo di attività
Research Organisations
Contatto amministrativo
Gerard Ang (Mr.)