Lessons learned from the collection and analysis of malware related data in the context of the WOMBAT project

Marc Dacier
Institut Eurécom

This presentation aims at sharing with the audience the lessons we have learned over the last five years with a worldwide distributed system of honeypots named Leurrecom. A multi view point analysis technique has been implemented to extract meaningful information, i.e. actionable knowledge, out of the large amount of traces we have stored in a centralized database. The method will be presented as well as some very recent results. Furthermore, in the course of this year, a new version of this distributed system has been implemented and deployed in the context of the larger European WOMBAT project. We will briefly present WOMBAT's objectives as well as the new data collection system. Most importantly, we will present recent controversial issues that have emerged from the observation of these data, thanks to the collaboration with the other members of the WOMBAT consortium. An invitation to participate to the WOMBAT project and its worldwide data collection and analysis system will conclude the presentation.

Back to Workshop II: Applications of Internet MRA to Cyber-Security