Join us for the Honeynet Workshop 2024: May 27th–29th, Copenhagen, Denmark

Italian Chapter updates

16 Dec 2009 Marco Riccardi botnets dorothy visualization

Folks,

I would like to inform you all about our recent activities that we are attempting to achieve.

First of all, we have totally rebuilt our web site. This new ones aim to be a central repository of all the (external/internal) news concerning botnets (mainly) and malwares (secondary).
We will use the blog for posting about our project developments, and for commenting/reporting interesting news concerning the field that we are currently treating, so you can now add a new entry to your feeds reader :)
The repository section aims to maintain a complete library of all the publications redacted (by us or others) until today about botnets. Each one can be tagged and classified for giving an easy way for searching what a researcher needs. If you have a paper/doc about botnets, we will be proud to upload it here!
The Dorothy section is the web GUI of the framework developed by me about irc-botnet tracking through interactive visualization. Maybe you have seen it before (I’ve posted the link in this mailing list some months ago), since that I’ve improved the GUI adding a “malwares” task for each C&C, and providing an afterglow graph for each malware and for each C&C .
We are also maintaining a Wiki, here you can find all information about our tools/activities: you are all invited to contribute on it. The wiki has been recently “plugged” with the GUI giving the possibility to create a new page for each C&C, in this way, every researcher can write about his own investigation about it.

Then I would like to introduce two new chapter members: Emanuele Goldoni , and Davide Cavalca.
I’ve ask them to join in our team after reading their research work regarding a development of an automated framework for malware analysis and irc/web botnet tracking.
Their tool “HIVE” is really similar to the ones developed by me , but present a more robust data architecture. Dorothy and HIVE was developed to achieve the same goal, whereas the first ones focus on the visualization methods as its straight point, the second treats the acquisition process in a more engineering manner: the data repository has been designed for being capable for receiving data for a wide sensor deployment.
We are currently defining the details of a possible collaboration between the Information Technology Department of the University of Milan and the Networking Lab of the University of Pavia (where Emanuele works as researcher) . Both universities are current offering their graduating students for conducting their diploma thesis about the improvement of our framework. Currently, we are following the work of three students: one is developing a new multiplatform drone for irc botnet tracking, and the others are developing a dedicated framework for malware analysis (static and dynamic).
Currently, me and Davide are developing a new integrated framework (Dorothive) that inherit all the goodness of our previous tools.
Thanks to Davide and Emanuele’s contribution, our chapter is growing fast, they are a very skilled people and they are so motivated as me to make our chapter more interesting as possible: working with them is a real pleasure.

I ask you all to view our new site, for accessing to the private sections (wiki, Dorothy) you need to register.
Currently registrations are not open to the wide public, so if you want an account please let me know and I will provide you one.

Please to give us your feeds/comments/suggestions/criticisms/anything , we will consider it as a treasure !

Best Regars,

m4rco-