Recently in Symantec Category

Lecture at ZISC by Marc Dacier from Symantec

By
Hervé Debar
on January 20, 2009 1:49 PM |
Marc Dacier from symantec has presented a one hour lecture at the ZISC Information Security colloquium (http://www.zisc.ethz.ch/events/infseccolloquium_FS2009) including pointers to WOMBAT.

In order to assure accuracy and realism of resilience assessment methods and tools, it is essential to have access to field data that are unbiased and representative. Several initiatives are taking place that offer access to malware samples for research purposes. Papers are published where techniques have been assessed thanks to these samples. Definition of benchmarking datasets is the next step ahead. In this presentation, we report on the lessons learned while collecting and analyzing malware samples in a large scale collaborative effort. Three different environments are described and their integration used to highlight the open issues that remain with such data collection. Three main lessons are offered to the reader. First, creation of representative malware samples datasets is probably an impossible task. Second, false negative alerts are not what we think they are. Third, false positive alerts exist where we were not used to see them. These three lessons have to be taken into account by those who want to assess the resilience of techniques with respect to malicious faults.

These are the results of a joint work carried out in the context of the European funded WOMBAT project, together with partners from Hispasec Systemas, EURECOM institute and Symantec Research Labs Europe (see http://wombat-project.eu/ for more on the WOMBAT project). Zurich_ZISC_presentation.pdf

WOMBAT participation at the ICT 2008 Conference in Lyon

By
Hervé Debar
on November 25, 2008 1:27 PM |
The WOMBAT project will be represented by the following people at the ICT 2008 Conference:
  • Vincent Boutroux, France Télécom R&D/Orange Labs
  • Marc Dacier, Symantec

PhD Defense of Corrado Leita

By
Hervé Debar
on November 25, 2008 9:44 AM | 
M. Corrado LEITA will publicly defend his UNS Doctoral Thesis 
on Thursday, December 4th 2008 at 2:00 pm, in the Amphitheater MARCONI at EURECOM.

Topic of the Thesis:

"SGNET: automated protocol learning for the observation of malicious threats"

Jury members :

  • Marc DACIER (Symantec)
  • Vern PAXSON (ICSI)
  • Hervé DEBAR (France Télécom R&D/Orange Labs)
  • Engin KIRDA (Eurecom)
  • Christopher KRUEGEL (UCSB)
  • Mohamed KAANICHE (LAAS CNRS)
  • Sotiris IOANNIDIS (FORTH)

One of the main prerequisites for the development of reliable defenses to protect a network resource consists in the collection of quantitative data on  Internet threats. This attempt to "know your enemy" leads to an increasing interest in the collection and exploitation of datasets providing intelligence on network attacks. The creation of these datasets is a very challenging task. The challenge derives from the need to cope with the spatial and quantitative diversity of malicious activities. The observations need to be performed on a broad perspective, since the activities are not uniformly distributed over the IP space. At the same time, the data collectors need to be sophisticated enough to extract a sufficient amount of information on each activity and perform meaningful inferences. How to combine the simultaneous need to deploy a vast number of data collectors with the need of sophistication required to make meaningful observations? This work addresses this challenge by proposing a protocol learning technique based on bioinformatics algorithms. The proposed technique allows to automatically generate low-cost protocol responders starting from a set of samples of network interaction. Its characteristics are exploited in a distributed honeypot deployment that collected information on Internet attacks for a period of 8 months in 23 different networks distributed all over the world (Europe, Australia, United States). This information is organized in a central dataset enriched with contextual information from a number of sources and analysis tools. Simple data mining techniques proposed in this work allow the generation of a valuable overview on the propagation techniques employed by nowadays malware.

Symantec announces participation to the WOMBAT project

By
Hervé Debar
on April 4, 2008 1:31 PM |
Symantec announces its participation in the WOMBAT project (local pdf copy).

The news has been relayed by the press, see Computing (UK) (local pdf copy), IT Week (UK) (local pdf copy), CNN Money (US) (local pdf copy), FOX Business (US) (local pdf copy) and Trading Markets.com (local pdf copy).
« Politecnico di Milano | Main Index | Archives | Technical University Vienna »