Loading…
SGNET: Implementation insights
We present in this paper SGNET, a distributed framework to collect information on Internet attacks, with special attention to self-propagating malware and code injections. This framework is the result of our latest research work on the so-called ScriptGen technology. It is characterized by several u...
Saved in:
Main Authors: | , |
---|---|
Format: | Conference Proceeding |
Language: | English |
Subjects: | |
Online Access: | Request full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | We present in this paper SGNET, a distributed framework to collect information on Internet attacks, with special attention to self-propagating malware and code injections. This framework is the result of our latest research work on the so-called ScriptGen technology. It is characterized by several unique characteristics that may allow it to provide in the future an extremely interesting perspective on the Internet attacks. In order to make it possible, we need to spread its observation points as much as possible to obtain a complete view on the different blocks of the IP space. We present here an overview of the characteristics of its design with special focus on the possibility to expand it and improve it with additional functional blocks. The SGNET is in fact an open initiative, integrating together tools produced by different research teams such as Argos (VU Amsterdam), Nepenthes, Anubis (TU Wien) and VirusTotal (Hispasec Sistemas). Everybody is welcome and encouraged to participate to this initiative, by hosting observation points and/or by extending this framework with additional modules. |
---|---|
ISSN: | 1542-1201 2374-9709 |
DOI: | 10.1109/NOMS.2008.4575282 |