DeWorm

Project leader: prof. dr. ir. Herbert Bos, VU (1 April 2005 till 1 June 2009)

    >  related interview

    >  download pdf

The Project DeWorm aims to develop an automatic response system that can detect zero-day worms on the Internet. The system must also be able to generate signatures of these attacks and subsequently be able to use these signatures to prevent further attacks from the same worm.

 

Project results
During the project the focus shifted from security of Internet and e-mail servers to individual systems. The project has yielded several successful security systems. The first and most important is Argos, a security system intended for security experts that functions as a honey pot for malicious attacks. Argos has proved to be very popular among professional users. It has been downloaded almost 9000 times, SURFnet and Symantec have integrated it in their own systems, and new updates are still being issued. With the addition Eudaemon, Argos can also be used for the security of production machines. In addition to this various forms of signature generators have also been delivered and security methods for mobile phones are also being worked on. A prototype named Marvin is already being produced for Android smartphones.
 

Follow-up activities
The Argos platform is being developed further in various follow-up projects. In particular, the FP7 programmes Noah and Wombat have continued where the Sentinels project left off. Argos is still being developed further. The latest release will soon appear on the market, which, as one of the first meta-analysis systems, will be suitable for the latest operating system of Windows.
 

Universities and partners involved

  •     VU University Amsterdam
  •     University Twente
  •     GOVCERT.nl
  •     SURFnet
  •     TNO ICT
  •     NBV