Publicação
Malware hash cloud
| Resumo: | Nowadays, any system on the internet can be a target of cyber-attacks. Many of these attacks, including malware installation, have some specific indicators designated IOCs (Indicators of Compromise) that can be used to detect the same attack on other systems (e.g., hash of a malicious file). The objective of this project is to build a solution that collects and analyse these IOC’s. The first stage of the solution was to research and collect open sources of information (OSINT - Open Source Intelligence), with IOCs related to malware, and also the malware itself. This information was submitted, in turn, to a management and analysis framework designated by Viper, which allows better organization of the information about crucial aspects in a cyber-security research program. In a second phase, some additional modules, designated by bots, were developed, using the IntelMQ platform (responsible for the automatization of the correlation of the information)". These bots allow us to collect and correlate the information previously collected in Viper, with online platforms (via API access) that have additional information, like the creation date of a malicious domain available in Whois service. Finally, all the information collected from a IOC during the process is stored in a database that is a central point for blacklists generation, that can be used for perimeter protection (e.g. firewall) of an organization, and also for the support in security incident analysis. |
|---|---|
| Autores principais: | Ferreira, Paulo |
| Outros Autores: | Gonçalo, Rui; Pedrosa, Tiago |
| Assunto: | IOC OSINT Malware Cybersecurity Infosec |
| Ano: | 2017 |
| País: | Portugal |
| Tipo de documento: | documento de conferência |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Instituto Politécnico de Bragança |
| Idioma: | inglês |
| Origem: | Biblioteca Digital do IPB |
| _version_ | 1863851247382036480 |
|---|---|
| author | Ferreira, Paulo |
| author2 | Gonçalo, Rui Pedrosa, Tiago |
| author2_role | author author |
| author_facet | Ferreira, Paulo Gonçalo, Rui Pedrosa, Tiago |
| author_role | author |
| contributor_name_str_mv | Biblioteca Digital do IPB |
| country_str | PT |
| creators_json_str | [{\"Person.name\":\"Ferreira, Paulo\"},{\"Person.name\":\"Gonçalo, Rui\"},{\"Person.name\":\"Pedrosa, Tiago\",\"Person.identifier.orcid\":\"0000-0003-4873-2705\"}] |
| datacite.contributors.contributor.contributorName.fl_str_mv | Biblioteca Digital do IPB |
| datacite.creators.creator.creatorName.fl_str_mv | Ferreira, Paulo Gonçalo, Rui Pedrosa, Tiago |
| datacite.date.Accepted.fl_str_mv | 2017-01-01T00:00:00Z |
| datacite.date.available.fl_str_mv | 2022-08-02T15:35:00Z |
| datacite.date.embargoed.fl_str_mv | 2022-08-02T15:35:00Z |
| datacite.rights.fl_str_mv | http://purl.org/coar/access_right/c_abf2 |
| datacite.subjects.subject.fl_str_mv | IOC OSINT Malware Cybersecurity Infosec |
| datacite.titles.title.fl_str_mv | Malware hash cloud |
| dc.contributor.none.fl_str_mv | Biblioteca Digital do IPB |
| dc.creator.none.fl_str_mv | Ferreira, Paulo Gonçalo, Rui Pedrosa, Tiago |
| dc.date.Accepted.fl_str_mv | 2017-01-01T00:00:00Z |
| dc.date.available.fl_str_mv | 2022-08-02T15:35:00Z |
| dc.date.embargoed.fl_str_mv | 2022-08-02T15:35:00Z |
| dc.format.none.fl_str_mv | application/pdf |
| dc.identifier.none.fl_str_mv | http://hdl.handle.net/10198/25802 |
| dc.language.none.fl_str_mv | eng |
| dc.publisher.none.fl_str_mv | Instituto Politécnico de Bragança |
| dc.rights.cclincense.fl_str_mv | http://creativecommons.org/licenses/by/4.0/ |
| dc.rights.none.fl_str_mv | http://purl.org/coar/access_right/c_abf2 |
| dc.subject.none.fl_str_mv | IOC OSINT Malware Cybersecurity Infosec |
| dc.title.fl_str_mv | Malware hash cloud |
| dc.type.none.fl_str_mv | http://purl.org/coar/resource_type/c_c94f |
| description | Nowadays, any system on the internet can be a target of cyber-attacks. Many of these attacks, including malware installation, have some specific indicators designated IOCs (Indicators of Compromise) that can be used to detect the same attack on other systems (e.g., hash of a malicious file). The objective of this project is to build a solution that collects and analyse these IOC’s. The first stage of the solution was to research and collect open sources of information (OSINT - Open Source Intelligence), with IOCs related to malware, and also the malware itself. This information was submitted, in turn, to a management and analysis framework designated by Viper, which allows better organization of the information about crucial aspects in a cyber-security research program. In a second phase, some additional modules, designated by bots, were developed, using the IntelMQ platform (responsible for the automatization of the correlation of the information)". These bots allow us to collect and correlate the information previously collected in Viper, with online platforms (via API access) that have additional information, like the creation date of a malicious domain available in Whois service. Finally, all the information collected from a IOC during the process is stored in a database that is a central point for blacklists generation, that can be used for perimeter protection (e.g. firewall) of an organization, and also for the support in security incident analysis. |
| dirty | 0 |
| eu_rights_str_mv | openAccess |
| format | conferenceObject |
| fulltext.url.fl_str_mv | https://bibliotecadigital.ipb.pt/bitstreams/7c86279a-b4bb-476c-97a5-83ca82f41eae/download |
| id | ipb_1637c7c14fce31761451ea01024ee467 |
| identifier.url.fl_str_mv | http://hdl.handle.net/10198/25802 |
| instacron_str | ipb |
| institution | Instituto Politécnico de Bragança |
| instname_str | Instituto Politécnico de Bragança |
| language | eng |
| network_acronym_str | ipb |
| network_name_str | Biblioteca Digital do IPB |
| oai_identifier_str | oai:bibliotecadigital.ipb.pt:10198/25802 |
| organization_str_mv | urn:organizationAcronym:ipb |
| person_str_mv | Ferreira, Paulo Gonçalo, Rui Pedrosa, Tiago Pedrosa, Tiago https://www.ciencia-id.pt/B81E-0583-AEDF B81E-0583-AEDF http://orcid.org/0000-0003-4873-2705 0000-0003-4873-2705 |
| publishDate | 2017 |
| publisher.none.fl_str_mv | Instituto Politécnico de Bragança |
| reponame_str | Biblioteca Digital do IPB |
| repository_id_str | urn:repositoryAcronym:ipb |
| service_str_mv | urn:repositoryAcronym:ipb |
| spelling | engInstituto Politécnico de Bragançapt_PTNowadays, any system on the internet can be a target of cyber-attacks. Many of these attacks, including malware installation, have some specific indicators designated IOCs (Indicators of Compromise) that can be used to detect the same attack on other systems (e.g., hash of a malicious file). The objective of this project is to build a solution that collects and analyse these IOC’s. The first stage of the solution was to research and collect open sources of information (OSINT - Open Source Intelligence), with IOCs related to malware, and also the malware itself. This information was submitted, in turn, to a management and analysis framework designated by Viper, which allows better organization of the information about crucial aspects in a cyber-security research program. In a second phase, some additional modules, designated by bots, were developed, using the IntelMQ platform (responsible for the automatization of the correlation of the information)". These bots allow us to collect and correlate the information previously collected in Viper, with online platforms (via API access) that have additional information, like the creation date of a malicious domain available in Whois service. Finally, all the information collected from a IOC during the process is stored in a database that is a central point for blacklists generation, that can be used for perimeter protection (e.g. firewall) of an organization, and also for the support in security incident analysis.application/pdfpt_PTMalware hash cloudFerreira, PauloGonçalo, RuiPersonalPedrosa, TiagoDSpacehttp://dspace.org/items/fee2835e-2230-4414-a58e-bcba895d1f0bDSpacehttp://dspace.org/items/fee2835e-2230-4414-a58e-bcba895d1f0bPedrosaTiagoCiência IDhttps://www.ciencia-id.ptB81E-0583-AEDFORCIDhttp://orcid.org0000-0003-4873-2705Researcher IDhttps://www.researcherid.comG-2249-2011Scopus Author IDhttps://www.scopus.com35318153700HostingInstitutionOrganizationalBiblioteca Digital do IPBe-mailmailto:dspace@ipb.ptdspace@ipb.ptISSNIsPartOf978-972-745-235-42022-08-02T15:35:00Z20172017-01-01T00:00:00ZHandlehttp://hdl.handle.net/10198/25802http://purl.org/coar/access_right/c_abf2open accessIOCOSINTMalwareCybersecurityInfosec117527 bytesother research producthttp://purl.org/coar/resource_type/c_c94fconference object2017http://creativecommons.org/licenses/by/4.0/http://purl.org/coar/access_right/c_abf2application/pdffulltexthttps://bibliotecadigital.ipb.pt/bitstreams/7c86279a-b4bb-476c-97a5-83ca82f41eae/downloadV Encontro de Jovens Investigadores do Instituto Politécnico de Bragança: livro de resumos111Bragança |
| spellingShingle | Malware hash cloud Ferreira, Paulo IOC OSINT Malware Cybersecurity Infosec |
| subject.fl_str_mv | IOC OSINT Malware Cybersecurity Infosec |
| title | Malware hash cloud |
| title_full | Malware hash cloud |
| title_fullStr | Malware hash cloud |
| title_full_unstemmed | Malware hash cloud |
| title_short | Malware hash cloud |
| title_sort | Malware hash cloud |
| topic | IOC OSINT Malware Cybersecurity Infosec |
| topic_facet | IOC OSINT Malware Cybersecurity Infosec |
| url | http://hdl.handle.net/10198/25802 |
| visible | 1 |