roberto.tanara's blog

KYE paper: Bots keep talking to us

Analysis of 24 Hours Internet Attacks: A Brief Overview of Malicious Traffic Targeting Featureless Servers on the Web.

HoneyNED chapter had a busy 2017

This is a contribute by HoneyNED chapter from the Netherlands about all their 2017 activities. Read more »

The Honeynet Project will bring GSoC students to the annual workshop in Canberra

The Honeynet Project annual workshop is just few days away, members and security folks from all over the world will gather in Canberra, Australia November 15th-17th. Every year the Honeynet Project, with the support of Google, funds a bunch of students that were admitted to the Google Summer of Code program and successfully completed their project assignments. They will have a chance to travel to the workshop and meet face to face with honeynet members and grown up experts in the security field. Read more »

GSoC 2017 Project Summary: Glutton improvements, the new “all eating honeypot”

Student Mohammad Bilal contributed this post as a project summary of his GSoC2017 experience. 

Read more »

GSoC 2017 Summary: ReDroid toolbox

This is a contribution by GSoC student Ziyue Yang, find him on Github yzygitzh. Read more »

Dionaea honeypot: from Conficker to WannaCry + SambaCry CVE 2017-7494

This is a contribution by Tan Kean Siong, follow him on Twitter @gento_ .

  Read more »

Meet Lukas Rist, our new Chief Research Officer

Back in November, the Honeynet Project announced the appointment of a new Chief Research Officer: Lukas Rist took the role after a long and successful tenure by David Watson. The research office will also be supported by Maximilian Hils and Cornelius Aschermann. Read more »

A new and improved version of Rumal

Thug is a client honeypot that emulates a real web browser, fetches and executes any internal or external JavaScript, follows all redirects, downloadable files just like any browser would do, and collects the results in a mongodb collection. The purpose of this tool is to study, analyse and locate exploit kits and malicious websites. Thug’s analysis can be difficult to navigate or understand and this is where Rumal comes in. Rumal’s function is to be Thug’s GUI, providing users with trees, graphs, maps, tables and intuitive representations of Thug’s data. Read more »

Introduction to CuckooML: Machine Learning for Cuckoo Sandbox

CuckooML is a GSOC 2016 project by Kacper Sokol that aims to deliver the possibility to find similarities between malware samples based on static and dynamic analysis features of binaries submitted to Cuckoo Sandbox. By using anomaly detection techniques, such mechanism is able to cluster and identify new types of malware and can constitute an invaluable tool for security researchers.

It's all about data..

Malware datasets tend to be relatively large and sparse. They are mostly made of categorical and string data, hence there is a strong need for good feature extraction approaches to obtain numerical vectors that can be feed into machine learning algorithms [e.g. Back to the Future: Malware Detection with Temporally Consistent Labels; Miller B., et al.]. Another common problem is concept drift, the continuous variation of malware statistical properties caused by never ending arms race between malware and antivirus developers. Unfortunately, this makes fitting the clusters even harder and requires the chosen approach to be either easy to re-train or be adaptable to the drift, with the latter option being more desirable. Read more »

Syndicate content