CNR's CyberSecurity Osservatorio



The Cyber Security Osservatorio of the CNR Institute of Informatics and Telematics (IIT-CNR) was created with the aim of informing and raising awareness in small and medium-sized enterprises, professionals and the public on the importance of information security.

Identifying levels of vulnerability, threat characteristics, studying, refining and implementing techniques and methodologies of network, systems and information security in order to increase the reliability and resilience of the systems are just some of the activities of the Cyber Security Laboratory that contains within it the skills and projects that embrace the various areas of research on the topic.

The observatory makes available to all interested parties the skills and the result of the Laboratory activities through the publication of constantly updated information, documents and services useful for knowing, understanding and reacting to cyber security threats.


Data collection & storage system

The Cybersecurity Osservatorio collects and gathers heterogeneous data related to cybersecurity topics. These data are updated daily and they grow as time passes. It hosts different databases exploited by various services offered by the website. Among these data sources, it stores databases of CVEs, CWEs, Exploits, Malwares, Spam emails, and tweets which contain cybersecurity keywords.


Services provided

Threat detection tools:

The cybersecurity Osservatorio provides a set of tools for security analysis of different sources. Namely, a spam email detector, a ransomware classifier, and a network logs analyser.

The spam email service analyses a set of email file in .eml format to identify the unsolicited ones (SPAM). Furthermore, it divides the spam email in different spam classes.

The ransomware detector service identifies typical ransomware behaviours such as file ciphering. This service is able to identify also malware whose signature is not available yet.

The network logs analyser scans a DNS request log (CEF format) and detects if there are domain names which can be generated by a Domain Generating Algorithm (DGA). These domains are exploited by malware to register new domain names aimed at avoiding the dependency between the malware and a static domain or IP address, which would be easily blocked.

Social media analysis:

The cybersecurity social media analysis services, as well as offering tools for the visualization of aggregation statistics related to cybersecurity tweets, offer analysis tools for the verification of the counterfeit phenomena in social media. The Fake Follower Detection system on Twitter, is integrated into the Cybersecurity Osservatorio as a service that allows to detect the percentage of “Fake Followers” of a particular Twitter user.

Cyber risk analysis:

The cyber risk analysis tool provides a simple and quick tool for cyber risk self-assessment. The tool requires two types of input: information about security measures and information about key assets of the enterprise. When all inputs are provided, the tool estimates the expected annual losses for every relevant threat and a total one. The targets for this service are small/medium companies, it provides them an overview on how much they are complying with security policies.

Cybersecurity terminology representation:

The cybersecurity Osservatorio, provides services aims at offering a term representation of the Cybersecurity domain knowledge through (i) the creation of a controlled vocabulary, the thesaurus, that contains the terms belonging to the cybersecurity and a series of semantic relationships that exist between the them and (ii) An ontology representation of the knowledge domain which explains the semantic relations existing between the various concepts.

Threat visualization:

The threat visualization services, provide an interactive representation of the most important cyber threats as spam email and network attacks. A 3D representation of the network traffic related to attacks on a honeypot located in Pisa is showed. It presents on the map each attack path from the source to the target honeypot and the attack category detected. As well as the attack map, a spam email attack map is provided. It shows the spam email traffic representation, highlighting on the map the source, the destination of the attack and the type of the spam provided by a spam email clustering system.

Vulnerability analysis:

The vulnerability and exploit service, collecting daily public domain information related to vulnerabilities, exploits, attack pattern and mitigations, performs a data analysis to find a correlation between the information collected. The service offers a visualization tool, which, as well as, showing a general description of the vulnerabilities, offers a global view on these latter providing the hardware and software platforms implicated, the “attack pattern”, the existent possible exploits used on the specific vulnerability and the existent mitigations to address the attacks.


Current Usage

The main resource is the website, which gathers all the available services and projects and make them public to companies, professionals, and internet users. There are not any past projects removed and unavailable anymore, and all the live projects were listed in the services paragraph 1.37.2 above.


Keywords

Cyber threats, risk assessment, malware detection, CVE, CWE, cyber security, spam analysis, security reports


Services

  • Threat detection tools: spam email detector (analyses a set of email file in .eml format to identify the unsolicited ones (SPAM) and divides them in different classes), ransomware classifier (identifies typical ransomware behaviours such as file ciphering and identifies malware whose signature is not available), and network logs analyser (scans a DNS request log and detects if there are domain names which can be generated by a Domain Generating Algorithm).

  • Social media analysis: offers tools for the visualization of aggregation statistics related to cybersecurity tweets and analysis tools for the verification of the counterfeit phenomena in social media. The Fake Follower Detection system on Twitter, is integrated into the Cybersecurity Osservatorio as a service that allows to detect the percentage of “Fake Followers” of a particular Twitter user.

  • Cyber risk analysis: estimates the expected annual losses for every relevant threat and a total one. The targets for this service are small/medium companies, it provides them an overview on how much they are complying with security policies.

  • Cybersecurity terminology representation: offers a term representation of the Cybersecurity domain knowledge through (i) the creation of a controlled vocabulary, the thesaurus, that contains the terms belonging to the cybersecurity and a series of semantic relationships that exist between the them and (ii) An ontology representation of the knowledge domain which explains the semantic relations existing between the various concepts.

  • Threat visualization: interactive representation of the most important cyber threats as spam email and network attacks. A 3D representation of the network traffic related to attacks on a honeypot located in Pisa is showed. It presents on the map each attack path from the source to the target honeypot and the attack category detected.

  • Vulnerability analysis: collects daily public domain information related to vulnerabilities, exploits, attack pattern and mitigations, performs a data analysis to find a correlation between the information collected. Visualization tool, which, as well as showing a general description of the vulnerabilities, offers a global view on these latter providing the hardware and software platforms implicated, the “attack pattern”, the existent possible exploits used on the specific vulnerability and the existent mitigations to address the attacks.


Technical equipment

None


Use request

Non-profit

www.cybersecurityosservatorio.it