Projects
 |
ARAKIS
|
ARAKIS is a CERT Polska (NASK) project that aims to create an early warning and information system concerning novel network threats. The system developed as part of the project focuses on detection and characterization of new automated threats with a focus primarily, though not only, on exploits used in the wild, not malware. Currently the system detects threats that propagate actively through scanning.
ARAKIS aggregates and correlates data from various sources, including honeypots, darknets, firewalls and antivirus systems. Each of these sources gives a different perspective on what is happening on the network.
 |
HSN
|
The HoneySpider Network Project is a joint venture between NASK/CERT Polska, GOVCERT.NL and SURFnet. The goal is to develop a complete client honeypot (or honeyclient) system, based on existing state-of- the-art client honeypot solutions and a novel crawler application specially tailored for the bulk processing of URLs. The system focuses primarily on attacks against, or involving the use of, Web browsers. These include the detection of drive-by downloads, malicious binaries and phishing attempts. Initially, the main area of exploration is drive-by downloads. Apart from identifying browser exploits (including 0day attacks), the system is expected to automatically obtain and analyze the attacking malware and ultimately generate its signature. The major incentive to start this project is the rapidly growing number of browser exploits involving varying degrees of user interaction. These types of attacks lie outside the scope of current monitoring systems in use by the three parties. Therefore, we view this new system as an expansion of our current monitoring and early warning abilities.
On the part of NASK, the project is carried out by CERT Polska, the Software Development Division and the Research Division.
 |
WOMBAT
|
The goal of the WOMBAT project is to create a global system of monitoring and analysis of online threats, with particular focus on malicious software, which in recent years has become a powerful tool in the hands of cybercriminals. The project started in January 2008 within the 7th Framework Program of the European Union and will last until the end of 2010. The project is developed by IT security experts from renowned companies and research institutions, involved in the monitoring activities and increasing the security of the Internet.
The research within the WOMBAT project will concentrate on the creation of new methods of analysing the threats appearing on the Internet on a mass scale, the identification of their sources and reasons for their occurrence. The necessity of ensuring privacy of data has so far made it impossible to share and use for such research the details of data possessed by different subjects dealing with security. The project is intended to break this barrier. Also, as trends of threats are changing, there is a special need for novel sources of data, collecting all over the world and analysing in a wide context. To this end, used, among others, will be information registered by the global dispersed system of honeypots Leurre.com serviced by the Eurecom Institute, data from the world’s biggest collection of malicious software gathered by Hispasec Company (within the framework of Virustotal project), data made available by the CERT Polska team originating from the ARAKIS early warning system and from the HoneySpider Network honeyclient system as well as information from the global Symantec DeepSight Threat Management System.
On behalf of NASK, the CERT Polska team, supported by the NASK Scientific Department, is the main participant in the project.
 |
FISHA
|
The goal of the FISHA project is to develop a prototype of the European Information Sharing and Alerting System (EISAS). EISAS system is intended to operate on the basis of existing national and private sector information and alert sharing systems. The major purpose of EISAS is to raise awareness on IT security issues among home users and staff of small and medium-sized enterprises.
One of the project main tasks is to design a prototype of a dedicated web portal, addressed to those target groups. Ultimately, it is planned that each EU Member State will have its own, national portal where up-to-date and easy-to-understand information on various IT computer security aspects, collected under EISAS, will be published. In addition to portals, special information and education campaigns are planned to effectively reach those particular communities.
The project started in February 2009 and is being developed under the special “Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks” Program of the European Commission. The project is scheduled for two years and created in collaboration between NASK, CERT-Hungary and the Institute for Internet Security at the University of Gelsenkirchen.
