Projects

Open

SISSDeN

SISSDeN will improve the cyber security posture of EU organisations and citizens through the development of increased situational awareness and the effective sharing of actionable information.

SISSDeN will deliver multiple new high-quality and trusted feeds of salient actionable security information that will be used for remediation purposes and for proactive tightening of computer defences, at no cost to the recipients. These unique new data feeds will be possible thanks to the development and deployment of a large distributed sensor network based on beyond state-of-the-art honeypot/darknet technologies, enhanced sandbox systems and the creation of a high-throughput automated data processing and sharing centre based in Europe. SISSDeN will not only provide in-depth analytics on the collected data, but will also develop metrics that will be used to establish the scale of some measurable security issues within the EU. Finally, a curated reference data set will be created and published, to provide a ground breaking, high-value resource to academia and researchers in the field, thereby encouraging future innovation and continued security research excellence in Europe.

The project consortium consists of:

    • Naukowa i Akademicka Sieć Komputerowa
    • Montimage EURL
    • CyberDefcon Ltd.
    • Universität des Saarlandes
    • Deutsche Telekom AG
    • Eclexys SAGL
    • Poste Italiane — Societa per Azioni
    • Stichting The Shadowserver Foundation Europe

Project SISSDEN has received funding from the European Union Horizon 2020 Programme (H2020-DS-2015-1) under grant agreement no. 700176.

More
Open

The three aspects of NECOMA are data collection, threat data analysis, and development of new cyberdefense mechanisms.

These three aspects were analyzed both from an infrastructure perspective (networks and large computing infrastructures) and endpoints (smartphones and browsers). The results of the NECOMA project will be showcased in demonstrators that will highlight the innovations of the project and prepare exploitation.

This research has been supported by the Strategic International Collaborative R&D Promotion Project of the Ministry of Internal Affairs and Communication, Japan, and by the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement No. 608533.

More
Open

ARAKIS 2

ARAKIS Enterpsie 2.0 is a modular early warning system which warns about network threats. The main aim of the system is finding attack’s pattern (including APT threats) through heuristic’s analysis of the network traffic which can be then aggregated and correlated with data from global sources, including distributed honeypot’s sensors. Analysis results are presented as maps, charts and diagrams and user has a powerful tool for building always up to date reports. ARAKIS Enterprise 2.0 is using cutting edge algorithms for finding repeating attacks’ patterns. Illegal network traffic is analysed in central computing cluster. Additionaly the system allows to analyse legal traffic inside corporate LAN and to analyse WWW servers’ logs as well..

Closed cyberroad

CyberROAD is a research project funded by European Commision within FP7, with the objective to identify current and future problems in tackling cybercrime and cyberterrorism, as well as development of roadmap for future research. The first steps in the project are to a picture of the current situation of technological, social, economic, political, and legal environments, which contribute to the development of cybercrime and cyberterrorism. The collected scenarios describing this situation will then be addressed in order to identify gaps, future possible developments and research priorities. As part of the research on cybercrime it was decided to focus on Poland as an example country for which a comparative analysis of this phenomenon with the other countries of Europe and the world will be made. Publicly visible activity of the project was the publication of a survey on cybercrime. CyberROAD project started in May 2014 and lasted for 24 months. It brought together 20 institutions from 11 countries, with Poland represented by NASK, and CERT Polska in particular.

The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7-SEC-2013) under grant agreement no 607642

More
Closed

ILLBuster is an automatic system for detection and evaluation of illegal Internet content. The system detects suspicious domains and analyzes web pages hosted under those suspicious domains. The contents of the web pages are analyzed whether they contain malware, phishing, child sexual abuse material, or counterfeit merchandise sale offer. The detected malicious web pages are then reported to law enforcement.

More on the project: http://illbuster-project.eu/.

More
Closed

The NISHA (Network for Information Sharing and Alerting) project continues work of previous project – FISHA (Framework for Information Sharing and Alerting). CERT Polska is again among the consortium partners, which was extended with the Foundation for National Scientific Computing (FCCN) from Portugal. Goal of the project is to create a fully functional system of sharing security-related information. The expected result is a working P2P network allowing for effective information sharing. Initially, the network will be comprised of four partner portals, and later expanded with additional ones of parties interested in joining the project. Additionally, an interface will be created allowing for easy access to NISHA information feed (so called “NISHA in a box”). The module will allow partners with already existing information portals to easily obtain data from NISHA and present it in a form usable for its users.

With financial support from the Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks Programme European Commission – Directorate-General Justice, Freedom and Security.

More
Closed

ARAKIS Agregacja, Analiza i Klasyfikacja Incydentów Sieciowych

ARAKIS is a CERT Polska (NASK) project that aims to create an early warning and information system concerning novel network threats. The system developed as part of the project focuses on detection and characterization of new automated threats with a focus primarily, though not only, on exploits used in the wild, not malware. Currently the system detects threats that propagate actively through scanning.

ARAKIS aggregates and correlates data from various sources, including honeypots, darknets, firewalls and antivirus systems. Each of these sources gives a different perspective on what is happening on the network.

More
Closed

HSN HoneySpider Network

The HoneySpider Network Project is a joint venture between NASK/CERT Polska, NCSC (formerly GOVCERT.NL) and, in the first version of the system, with SURFnet. The goal is to develop a complete client honeypot (or honeyclient) system, based on existing state-of- the-art client honeypot solutions and a novel crawler application specially tailored for the bulk processing of URLs. The system focuses primarily on attacks against, or involving the use of, Web browsers. These include the detection of drive-by downloads, malicious binaries and phishing attempts. Initially, the main area of exploration is drive-by downloads. Apart from identifying browser exploits (including 0day attacks), the system is expected to automatically obtain and analyze the attacking malware and ultimately generate its signature. The major incentive to start this project is the rapidly growing number of browser exploits involving varying degrees of user interaction. These types of attacks lie outside the scope of current monitoring systems in use by the three parties. Therefore, we view this new system as an expansion of our current monitoring and early warning abilities.

On the part of NASK, the project is carried out by CERT Polska, the Software Development Division and the Research Division.

More
Closed

WOMBAT Worldwide Observatory of Malicious Behavior and Attack Threats

The WOMBAT project aims at providing new means to understand the existing and emerging threats that are targeting the Internet economy and the net citizens. To reach this goal, the proposal includes three key workpackages: (i) real time gathering of a diverse set of security related raw data, (ii) enrichment of this input by means of various analysis techniques, and (iii) root cause identification and understanding of the phenomena under scrutiny. The acquired knowledge will be shared with all interested security actors (ISPs, CERTs, security vendors, etc.), enabling them to make sound security investment decisions and to focus on the most dangerous activities first. Special care will also be devoted to impact the level of confidence of the European citizens in the net economy by leveraging security awareness in Europe thanks to the gained expertise.

The research leading to these results has received funding from the European Community’s Seventh Framework Programme (FP7/2007-2013) under grant agreement n° 216026.

More
Closed

SPOTspam

The objective of the project was to prepare legal and technical foundation for gathering and sharing evidence against spammers. The project involved legal research to establish knowledge about legality of spam in EU member states, preparing legal framework of spam forensic data sharing, and preparing prototype of database for sharing spam report from the users.

The project was as a part of European Commission Safer Internet Programme. The participants was eco consortium, with support from Microsoft and NASK / CERT Polska.

More
Closed

CLOSER

The project was an attempt to build and integrate the CSIRT community in the former Soviet states. It was done in the form of trainings and workshops on incident response. The workshops took place in Georgia and Moldova, while the participants of the workshops came from established CSIRT-s of Armenia, Azerbaijan, Bulgaria, Georgia, Moldova, Ukraine and Uzbekistan. Other participants were representatives of academic and governement institutions form Kyrgystan, Kazakhstan and Byelarus. There were also participants from mature CSIRT teams from Poland, Czech Republic, Latvia and Poland, to allow straightforward exchange of knowledge and best practices. One of the workshops was focused on the analysis of the attacks on Georgia and Estonia.

The project ended in september 2009 and was funded by NATO Public Diplomacy Division, Network Infrastructure Grant #983081.

More
Open

n6 network security incident exchange

The n6 project was designed and developed entirely at CERT Polska as a platform for acquisition, processing and exchange of information regarding Internet threats. Within the n6 project, millions of security events are processed daily in an automated manner. The goal is efficient, reliable and fast delivery of large volumes of network incident data to interested parties: network owners, administrators and Internet Service Providers. The project disseminates information gathered from various security systems operated by security organizations, software vendors, independent researchers, etc. Most of data feeds are updated daily and some of them even more frequently. Additional source of network incident data are results from daily operations of CERT Polska and similar entities which allowed publication of their data.

The core element of n6 is its engine responsible for sorting and managing flow of data. Sorting and delivering data to appropriate parties is made possible by a flexible tagging system, which defines categories of incoming data and addresses specific interest. Original format of information is kept unchanged but all data regarding specific recipient is aggregated into one custom package.

The project is operational since February 2012.

More