Warning: Creating default object from empty value in /home/ict-forward/www-apps/wp-svn/wp-includes/ms-load.php on line 138
1st WOMBAT Workshop sum-up « The FORWARD project blog

1st WOMBAT Workshop sum-up

On the 21st and 22nd of April, the 1st WOMBAT workshop took place at the premises of Vrije University in Amsterdam, Netherlands. Due to a consortium overlap between WOMBAT and FORWARD, many people from FORWARD attended the workshop. Its aim was twofold: Bring together parties that collect network security alerts, and facilitate the discussion on sharing these alert data. Issues to be resolved included how data exchange can take place, the necessary infrastructure, privacy issues, etc.

The first day of the workshop started with an introduction by Brian Witten from Symantec. After the introduction, four presentations followed. The first one was given by Corrado Leita who presented the Leurre.com project. Maarten Van Horenbeeck followed with the presentation of SANS Internet Storm Center and then David Watson gave an overview of the Honeynet Project and the data collection mechanisms used.  The final presentation of the day was about cooperation of intelligent honeypots to detect unknown malicious codes and was given by Hiroki Takakura from Academic Center for Computing and Media Studies, Kyoto University. The first day of the workshop was concluded with a roundtable discussion around what type of data do we need and want to share.

The agenda of the second day included six presentations. First speaker was Joel Hatton  from AusCERT who presented the data collected by AusCERT relating to Internet attacks. Second was Spiros Antonatos from FORTH/ICS, who presented the Honey@home tool for monitoring unused address space at home computers. Dr. Inoue from  Japan’s National Institute of Information and Communication Technology presented NICTER, a very interesting incident analysis system towards binding network monitoring with malware analysis. A description of the Honeyclient project by Piotr Kijewski of NASK/CERT Polska followed and gave to the attendees the opportunity to discuss the  kind of  mutual agreements required in order to share computer-security related data. Two more technical presentations followed, the one by Alain Esterle presenting ENISA‘s work against European IT security threats and the other by Thomas Holt of UNCC Honeynet Project titled “Techcrafters and Makecrafters: A Comparison of Two Populations of Hacker”. The workshop was finalized with a roundtable discussion about what are the technical requirements and infrastructure we need to share data.

Overall, it was a very interesting event where we the attendees had the opportunity to interact with the members of the WOMBAT consortium as well as with members of other related project from around the globe. More importantly, issues concerning sharing of computer security related data were discussed from many different points of view. Given the  existing consortium overlap between  FORWARD and WOMBAT, we expect further exchange of opinions and expertise.

Tags: , , ,

Leave a Reply