SGNET: Implementation insights

Leita, Corrado;Dacier, Marc

NOMS 2008, IEEE/IFIP Network Operations and Management Symposium, April 7-11, 2008, Salvador da Bahia, Brazil

We present in this paper SGNET, a distributed framework to collect information on Internet attacks, with special attention to self-propagating malware and code injections. This framework is the result of our latest research work on the so-called ScriptGen technology. It is characterized by several unique characteristics that may allow it to provide in the future an extremely interesting perspective on the Internet attacks. In order to make it possible, we need to spread its observation points as much as possible to obtain a complete view on the different blocks of the IP space. We present here an overview of the characteristics of its design with special focus on the possibility to expand it and improve it with additional functional blocks. The SGNET is in fact an open initiative, integrating together tools produced by different research teams such as Argos (VU Amsterdam), Nepenthes, Anubis (TU Wien) and VirusTotal (Hispasec Sistemas). Everybody is welcome and encouraged to participate to this initiative, by hosting observation points and/or by extending this framework with additional modules

Detail

Document

DOI

BIBTEX

Type:

Conference

City:

Salvador da Bahia

Date:

2008-04-07

Department:

Digital Security

Eurecom Ref:

2446

© 2008 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.