Cyberscope: towards the timely detection of and effective response to Internet-based cyberattacks

Over the last few years we have been witnessing an ever-increasing amount of computer attacks on the Internet. These attacks, which in the colorful language of computers are called computer viruses, computer worms, or simply Internet epidemics, have demonstrated that they can compromise a very large number of computers within just a few minutes.

This project aims to contribute towards the timely detection, accurate fingerprinting, and effective prevention of previously unknown Internet attacks, without any human intervention, by designing and developing mechanisms based on the combination of honeypots and passive network monitoring.

Publications

Journals

  • Spiros Antonatos, Periklis Akritidis, Evangelos P. Markatos and Kostas G. Anagnostakis. Defending against Hitlist Worms using Network Address Space Randomization In Computer Networks, vol. 51, no.12, pp. 3471-3490, August 2007 (pdf)
  • Michalis Polychronakis, Kostas G. Anagnostakis, and Evangelos P. Markatos. Network-level Polymorphic Shellcode Detection using Emulation.In Journal in Computer Virology, vol. 2, no. 4, pp. 257-274, February 2007 (pdf)

Conferences

  • Antonis Theocharides, Demetris Antoniades, Michalis Polychronakis, Elias Athanasopoulos, and Evangelos P. Markatos. Topnet: A network-aware top(1). In Proceedings of the 22nd Large Installation System Administration Conference (LISA 2008). November 2008, San Diego, California, US. (to appear)
  • Giorgos Vasiliadis, Spiros Antonatos, Michalis Polychronakis, Evangelos P. Markatos and Sotiris Ioannidis. Gnort: High Performance Network Intrusion Detection Using Graphics Processors. In Proceedings of the 11th International Symposium On Recent Advances In Intrusion Detection (RAID). September 2008, Boston, MA, USA (pdf)
  • Michalis Polychronakis, Kostas G. Anagnostakis, and Evangelos P. Markatos. Real-World Polymorphic Attack Detection using Network-Level Emulation. In Proceedings of the Cyber Security and Information Intelligence Research Workshop (CSIIRW). May 2008, Oak Ridge, TN (pdf)
  • S. Antonatos, M. Athanatos, G. Kondaxis, J. Velegrakis, N. Hatzibodozis, S. Ioannidis and E. P. Markatos. Honey@home: A New Approach to Large-Scale Threat Monitoring. In Proceedings of the 1st WOMBAT workshop, April 2008, Amsterdam, Netherlands. (pdf)
  • Michalis Polychronakis,Panayiotis Mavrommatis, and Niels Provos. Ghost Turns Zombie: Exploring the Life Cycle of Web-based Malware. In Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). April 2008, San Francisco, CA. (pdf)
  • Demetris Antoniades, Michalis Polychronakis, Nick Nikiforakis, Evangelos P. Markatos, Yiannis Mitsos Monitoring three National Research Networks for Eight Weeks: Observations and Implications. In Proceedings of the 6th IEEE Workshop on End-to-End Monitoring Techniques and Services (E2EMon). April 2008, Salvador, Bahia, Brazil. (pdf)
  • Demetres Antoniades, Michalis Polychronakis, Antonis Papadogiannakis, Panagiotis Trimintzios, Sven Ubik, Vladimir Smotlacha, Arne Øslebø and Evangelos P. Markatos. LOBSTER: A European Platform for Passive Network Traffic Monitoring. In proceedings of the 4th International Conference on Testbeds and Research Infrastructures for the Development of Networks & Communities (TRIDENTCOM). March 2008, Innsbruck, Austria. (pdf)
  • Antonis Papadogiannakis, Demetres Antoniades, Michalis Polychronakis, and Evangelos P. Markatos. Improving the Performance of Passive Network Monitoring Applications using Locality Buffering. In Proceedings of15th Annual Meeting of the IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS). October 2007, Istanbul, Turkey. (pdf)
  • Spiros Antonatos, Kostas G. Anagnostakis and Evangelos P. Markatos. Honey@home: A New Approach to Large-scale Threat Monitoring. In Proceedings of the 5th ACM Workshop on Recurring Malware (WORM'07), November 2007, Alexandria, VA, USA (pdf)
  • Michalis Polychronakis, Kostas G. Anagnostakis, and Evangelos P. Markatos. Emulation-based Detection of Non-self-contained Polymorphic Shellcode. In Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection (RAID). September 2007, Queensland, Australia. (pdf)
  • Elias Athanasopoulos and Spiros Antonatos. Enhanced CAPTCHAs: Using Animation To Tell Humans And Computers Apart . In Proceedings of the 10th IFIP Open Conference on Communications and Multimedia Security (CMS'06) (pdf)
  • Dimitris Koukis, Spiros Antonatos and Kostas G . Anagnostakis. On The Privacy Risks of Publishing Anonymized IP Network Traces. In Proceedings of the 10th IFIP Open Conference on Communications and Multimedia Security (CMS'06) (pdf)
  • Spiros Antonatos and Kostas G. Anagnostakis. TAO: Protecting against Hitlist Worms using Transparent Address Obfuscation. In Proceedings of the 10th IFIP Open Conference on Communications and Multimedia Security (CMS'06) (pdf)
  • Michalis Polychronakis, Kostas G. Anagnostakis, and Evangelos P. Markatos. Network-level Polymorphic Shellcode Detection using Emulation. In Proceedings of the GI/IEEE SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). July 2006, Berlin, Germany. (pdf)
  • D. Koukis, S. Antonatos, D. Antoniades, P. Trimintzios, E.P. Markatos. A Generic Anonymization Framework for Network Traffic. In Proceedings of the IEEE International Conference on Communications (ICC 2006) June 2006, Istanbul, Turkey. (pdf)
  • Panos Trimintzios, Michalis Polychronakis, Antonis Papadogiannakis, Michalis Foukarakis, Evangelos P. Markatos, and Arne Øslebø. DiMAPI: An Application Programming Interface for Distributed Network Monitoring. In Proceedings of the 10th IEEE/IFIP Network Operations and Management Symposium (NOMS). April 2006, Vancouver, Canada. (pdf)

Members

Funding

  • The project Cyberscope is funded by the the General Secretariat of Research and Development through PENED under contract number 03ED440. Duration: 2006-2008.