Accession Number:

AD1016998

Title:

Cyber Intelligence Analysis Platform

Descriptive Note:

Technical Report

Corporate Author:

ECOLE POLYTECHNIQUE MONTREAL (QUEBEC) MONTREAL Canada

Personal Author(s):

• St-Onge,Pier-Luc
• Lemay,Antoine
• Fernandez,Jose M.

Report Date:

2014-04-01

Pagination or Media Count:

20.0

Abstract:

This is the final report for the research and development project between the Royal Canadian Mounted Police RCMP and lEcole Polytechnique de Montral. The principal objective for this project was to produce a blue-print for a Cyber Intelligence Analysis Platform CIAP, which has advanced capabilities to study sophisticated cyber threats in a secure environment. In this report, a how to guide detailing all the key steps to build a CIAP that automates the execution and analysis of complex malware samples is presented. The CIAP follows the design implemented at lEcole Polytechnique de Montrals SecSI Cyber Security Laboratory, which has been used to emulate and study real world botnets at scale in an isolated environment. In particular, the SecSIs cluster has generated a 3000 node Waledac botnet, which enable researchers to understand its complex command and control infrastructure used operate it.

Descriptors:

• CYBER DEFENSE TECHNIQUES
• malware
• VIRTUAL MACHINES

Subject Categories:

• Computer Systems Management and Standards
• Computer Programming and Software

Distribution Statement:

APPROVED FOR PUBLIC RELEASE