The SecGrid Project

The project focuses on researching and developing an open-source platform for extracting, processing, and analyzing cyberattacks traffic and its impacts on companies and society. For that, SecGrid implements a set of extensible miners and visualizations that allows non-experts users to have insights about behaviors of cyberattacks. Also, the project supports a set of tools and features built on the top of the SecGrid architecture for machine learning analysis and classification of cyberattacks, information sharing, and cybersecurity planning.

General Information

Reference: Research Project
Source of funding: UZH and CONCORDIA H2020
Project Duration: Since 01.09.2019

Demo

  • The first video shows the general usage of SecGrid, running DDoSGrid as its instance. 

Classification of Attacks

  • The second video shows the different features for the classification of attacks using machine learning, including the manual and automatic classification of DDoS attacks.

Information Sharing: Economic Impacts

  • The third video shows the module called SHINE implemented by SecGrid to enable the information sharing and analysis of companies regarding the economic impacts, in specific sectors, of different cyberattacks

Integration with External Solutions

  • The fourth video shows DDoSGrid, an instance of SecGrid, acting as a visualization tool integrated with the DDoS Clearing House

Platform Access

A running prototype of the platform is available here. Please use the follow credentials to log-in:

Username: eval
password: evalcV0@32

* For a better experience and demonstration for the users, the upload of new files are disabled with this credential. Feel free to test the different features using the sample datasets provided. If you want to have credentials for full access (i.e., upload new files) to the platform, please send a message to franco@ifi.uzh.ch

Source Code:

  • Platform: Link
  • ML Classification: Link

ML Training Dataset: Link

* A file with all PCAP files used for the training and evaluation of the ML classification is available here.

Publications

  • [Demo] Jan von der Assen, Muriel Franco, Bruno Rodrigues, Burkhard Stiller: Analysis and Classification of Cyberattack Traffic Using the SecGrid Platform; IEEE 46th Conference on Local Computer Networks (LCN) - Demo Session, Edmond, Canada, October 2021, pp 1–3.
  • [Full Paper] Muriel Franco, Jan Von der Assen, Luc Boillat, Christian Killer, Bruno Rodrigues, Eder John Scheid, Lisandro Granville, Burkhard Stiller: SecGrid: A Visual System for the Analysis and ML-Based Classification of Cyberattack Traffic; IEEE 46th Conference on Local Computer Networks (LCN 2021), Edmonton, Canada, Virtually, October 2021, pp 1–8. 
  • [Poster] Muriel Franco, Jan von der Assen, Luc Boillat, Christian Killer, Bruno Rodrigues, Eder John Scheid, Lisandro Granville, Burkhard Stiller: DDoSGrid: a Platform for the Post-mortem Analysis and Visualization of DDoS Attacks; IFIP Networking 2021, Espoo, Finland, Virtually, June 2021, pp 1–3. URL: http://dl.ifip.org/db/conf/networking/networking2021/1570716595.pdf
  • [Master Project] Chao Feng, Qiaowen Wang, Xianxiao Xu, Muriel Franco: SHINE: a Collaborative System for Sharing Insights and Information of Economic Impacts of Cyberattacks; Universität Zürich, Communication Systems Group, Department of Informatics, Zürich, Switzerland, May 2021, URL: https://files.ifi.uzh.ch/CSG/staff/franco/extern/theses/MAP-SHINE.pdf
  • [Master Thesis] Luc Boillat, Muriel Franco: DDoSGrid-Mining: Analyzing and Classifying DDoS Attack Traffic; Universität Zürich, Communication Systems Group, Department of Informatics, Zürich, Switzerland, March 2021, URL: https://files.ifi.uzh.ch/CSG/staff/franco/extern/theses/MA-L-Boillat.pdf
  • [Master Thesis] Jan von der Assen, Muriel Franco: DDoSGrid 2.0: Integrating and Providing Visualizations for the European DDoS Clearing House; Universität Zürich, Communication Systems Group, Department of Informatics, Zürich, Switzerland, February 2021, URL: https://files.ifi.uzh.ch/CSG/staff/franco/extern/theses/MA-J-von-der-assen.pdf
  • [Master Project] Luc Boillat, Jan von der Assen, Muriel Franco: A Tool for Visualization and Analysis of Distributed Denial-of-Service (DDoS) Attacks; Universität Zürich, Communication Systems Group, Department of Informatics, Zürich, Switzerland, April 2020, URL: https://files.ifi.uzh.ch/CSG/staff/franco/extern/theses/MAP-Jan-Luc.pdf