Defending oneself against prevalent cyber-threats is a challenge in the face of potential attacks by malware, botnets and other sources. Small businesses can be particularly vulnerable as they may lack the know-how to defend themselves.
The EU-funded SISSDEN (Secure Information Sharing Sensor Delivery Event Network)project is working on a data collection and sharing system that can identify potential threats, make information on those available and tell people how to deal with them. Although there are services offering to this already, SISSDEN will make all this information available for free.
In order to gather all the necessary information together, the project is currently developing a large, distributed sensor network based on state-of-the-art honeypot/darknet technologies. It is also using enhanced sandbox systems and the creation of a high-throughput automated data processing and sharing centre, based in Europe. This centre will be deployed as the project evolves but positive steps have already been taken in getting it operational.
One practical example of how the project is combining with law enforcement is the Criminal Use of Information Hiding Initiative, which includes involvement by EUROPOL. Information hiding is one technique used to hide the existence of malware and confidential data extraction. Hammertoss, Stegoloader, Regin and Duqu are all examples of malicious software that use information hiding techniques, or steganography. This technique has been exploited by spies (the Russian spy ring discovered in America in 2010), and terrorists (the arrest of one of al Qaeda’s members in Berlin revealed his use of video files containing hidden information in 2012).
The project has built on the experience of Shadowserver, a non-profit network known in the security community, that alerts victims of botnet and malware propagation free of charge. Along with helping individuals protect their data, the project is also gathering together a reference dataset to form a valuable research tool and intends to offer in-depth analytics on the collected data.
The work now being carried out by SISSDEN will also enable, ‘The development of metrics that can be used to establish the scale of some measurable security issues within the EU,’ explains the project. SISSDEN’s research is building up a curated reference data set which the project will publish. Researchers hope this will provide a ground breaking, high-value resource to academia and researchers in the field. Such a move should, the project believes, encourage future innovation and continued security research excellence in Europe.
Cordis source: Based on project information and media reports