As the popularity of the Internet increases, so does the number of miscreants who abuse the net for their nefarious purposes. Malicious actors come in many guises, terrorists, enemy states, organized crime, even petty criminals and script kiddies. In the past illegal activities involved fast spreading worms taking over thousands of systems or large-scale, synchronized attacks against popular sites such as Amazon or Microsoft. Nowadays this has changed.
The profiles and motives of attackers have changed. They now employ stealthy techniques, aimed at avoiding detection, quietly stealing or manipulating information, for profit or other, more sinister goals. The European Internet, European information systems, European countries, and ultimately, Europe's citizens are targets and victims of such illegal activities.
In our ongoing quest to secure our networks and systems we must first be able to detect and understand illegal actions as they happen and discover the attack infrastructures the miscreants are using, but also analyze and dissect the results of compromised systems.
The project aims to develop digital forensics tools that will: (i) identify, (ii) analyze and (iii) visualize illegal activities on the Internet. The objectives of this project are: (i) to design and prototype a toolkit that will detect illegal activities both proactively and after-the-fact, (ii) to identify the source and perpetrators of the illegal activities, both in terms of virtual/network and, as much as possible, physical location, (iii) to profile the expertise and motive of the attackers, (iv) to present the relevant information in a way that will be usable by investigating authorities, and (v) to maximize the impact of the project through aggressive and effective dissemination of the project's results.