Cyberattacks Countermeasures and Prevention

网络攻击对策与预防

• 批准号: 539938-2019
• 负责人: Jourdan, GuyVincent
• 金额: $ 14.42万
• 依托单位: University of Ottawa
• 依托单位国家: 加拿大
• 项目类别: Collaborative Research and Development Grants
• 财政年份: 2020
• 资助国家: 加拿大
• 起止时间: 2020-01-01 至 2021-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=699563
• 关键词: Cyberattacks; Countermeasures; Prevention

This research project is a comprehensive overview of cyberattacks detection and protection from a series of different and complementary angles, looking at both client and server sides and mixing analytical work and machine learning. As a starting point for this project, we have access to a unique database of actual attacks in almost real time as well as a much less common dataset: thousands of "phishing kits", the code used server side by the attackers. Our database is constantly updated. Our immediate research goals are split between "client side" (the web site that the victim of the phishing attack sees) and "server side" (the web server hosting the phishing site). Client side, our aim is to put together a new and comprehensive attack detection network that will innovate on several fronts: phishing attack detection, scale, target detection and active search. On the server side, we will develop a new approach to reconstruct the evolution and genealogy of attack code using static analysis and machine learning. We are also planning on moving beyond phishing attacks and include other type of attacks such as malware distributions but also large scale "scam" such as the "support service scam" and many others.

该研究项目从一系列不同和互补的角度全面概述了网络攻击检测和保护，着眼于客户端和服务器端，并将分析工作和机器学习相结合。 作为该项目的起点，我们可以访问几乎真实的时间内的实际攻击的唯一数据库以及一个不太常见的数据集：数千个“网络钓鱼工具包”，攻击者在服务器端使用的代码。我们的数据库不断更新。 我们的直接研究目标分为“客户端”（网络钓鱼攻击的受害者看到的网站）和“服务器端”（托管网络钓鱼网站的Web服务器）。在客户端，我们的目标是建立一个新的、全面的攻击检测网络，该网络将在以下几个方面进行创新：网络钓鱼攻击检测、规模、目标检测和主动搜索。在服务器端，我们将开发一种新的方法，使用静态分析和机器学习来重建攻击代码的演化和谱系。 我们还计划超越钓鱼攻击，包括其他类型的攻击，如恶意软件分发，但也包括大规模的“骗局”，如“支持服务骗局”和许多其他。