Navigation auf uzh.ch

Suche

Department of Informatics - Communication Systems Group

The SecGrid Project

The project focuses on researching and developing an open-source platform for extracting, processing, and analyzing cyberattacks traffic and its impacts on companies and society. For that, SecGrid implements a set of extensible miners and visualizations that allows non-experts users to have insights about behaviors of cyberattacks. Also, the project supports a set of tools and features built on the top of the SecGrid architecture for machine learning analysis and classification of cyberattacks, information sharing, and cybersecurity planning.

If you have any question contact Muriel Figueredo Franco or Jan von der Assen

General Information

Reference: Research Project
Source of funding: UZH and CONCORDIA H2020
Project Duration: from 2019 to 2022

Demo

  • The first video shows the general usage of SecGrid, running DDoSGrid as its instance. 

Classification of Attacks

  • The second video shows the different features for the classification of attacks using machine learning, including the manual and automatic classification of DDoS attacks.

Information Sharing: Economic Impacts

  • The third video shows the module called SHINE implemented by SecGrid to enable the information sharing and analysis of companies regarding the economic impacts, in specific sectors, of different cyberattacks

Integration with External Solutions

  • The fourth video shows DDoSGrid, an instance of SecGrid, acting as a visualization tool integrated with the DDoS Clearing House

Platform Access

A running prototype of the platform is available here. Please use the follow credentials to log-in:

Username: eval
password: evalcV0@32

* For a better experience and demonstration for the users, the upload of new files are disabled with this credential. Feel free to test the different features using the sample datasets provided. If you want to have credentials for full access (i.e., upload new files) to the platform, please send a message to franco@ifi.uzh.ch

Source Code:

  • Platform: Link
  • ML Classification: Link

ML Training Dataset: Link

* A file with all PCAP files used for the training and evaluation of the ML classification is available here.

Publications

  • [Tutorial] Alberto Huertas, Pedro Sánchez, Muriel Franco, Gérôme Bovet, Gregorio Martínez Pérez, Burkhard Stiller: Theoretical and Practical Intelligent Behavioral Fingerprinting; IEEE/IFIP Network Operations and Management Symposium (NOMS 2022), Budapest, Hungary, April 2022.
  • [Tutorial] Alberto Huertas, Pedro Sánchez, Muriel Franco, Bruno Rodrigues, Gérôme Bovet, Gregorio Martínez, Burkhard Stiller: Intelligent Behavioral Fingerprinting - From Theory to Practice; 17th International Conference on Network and Service Management (CNSM 2021), Izmir, Turkey, Virtually, Izmir, Turkey, October 2021.
  • [Demo] Jan von der Assen, Muriel Franco, Bruno Rodrigues, Burkhard Stiller: Analysis and Classification of Cyberattack Traffic Using the SecGrid Platform; IEEE 46th Conference on Local Computer Networks (LCN) - Demo Session, Edmond, Canada, October 2021, pp 1-3. URL: Link.
  • [Full Paper] Muriel Franco, Jan Von der Assen, Luc Boillat, Christian Killer, Bruno Rodrigues, Eder John Scheid, Lisandro Granville, Burkhard Stiller: SecGrid: A Visual System for the Analysis and ML-Based Classification of Cyberattack Traffic; IEEE 46th Conference on Local Computer Networks (LCN 2021), Edmonton, Canada, Virtually, October 2021, pp 1-8. URL: Link
  • [Poster] Muriel Franco, Jan von der Assen, Luc Boillat, Christian Killer, Bruno Rodrigues, Eder John Scheid, Lisandro Granville, Burkhard Stiller: DDoSGrid: a Platform for the Post-mortem Analysis and Visualization of DDoS Attacks; IFIP Networking 2021, Espoo, Finland, Virtually, June 2021, pp 1–3. URL: Link

Student's Thesis

  • [Bachelor Thesis] David Stalder: Machine-learning based Detection of Malicious DNS-over-HTTPS (DoH) Traffic Based on Packet Captures; Universität Zürich, Communication Systems Group, Department of Informatics, Zürich, Switzerland, April 2022
  • [Bachelor Thesis] Kyrill Hux: Design and Implementation of a Traffic Sinkhole for Cyberattack Analysis; Universität Zürich, Communication Systems Group, Department of Informatics, Zürich, Switzerland, March 2022
  • [Bachelor Thesis] Marion Dübendorfer: Distributed Analysis of Cyberattacks in a Collaborative Setting; Universität Zürich, Communication Systems Group, Department of Informatics, Zürich, Switzerland, March 2022
  • [Master Project] Sandro Padovan, Michael Nadig, Christian Birchler: DDoSGrid 3.0: Enabling the Real-time Processing and Analysis of Cyber Attacks Traffic; Universität Zürich, Communication Systems Group, Department of Informatics, Zürich, Switzerland, February 2022, URL: Link
  • [Master Project] Chao Feng, Qiaowen Wang, Xianxiao Xu: SHINE: a Collaborative System for Sharing Insights and Information of Economic Impacts of Cyberattacks; Universität Zürich, Communication Systems Group, Department of Informatics, Zürich, Switzerland, May 2021, URL: Link
  • [Master Thesis] Luc Boillat: DDoSGrid-Mining: Analyzing and Classifying DDoS Attack Traffic; Universität Zürich, Communication Systems Group, Department of Informatics, Zürich, Switzerland, March 2021, URL: Link
  • [Master Thesis] Jan von der Assen: DDoSGrid 2.0: Integrating and Providing Visualizations for the European DDoS Clearing House; Universität Zürich, Communication Systems Group, Department of Informatics, Zürich, Switzerland, February 2021, URL: Link
  • [Master Project] Luc Boillat, Jan von der Assen: A Tool for Visualization and Analysis of Distributed Denial-of-Service (DDoS) Attacks; Universität Zürich, Communication Systems Group, Department of Informatics, Zürich, Switzerland, April 2020, URL: Link