TERENA> News> LOBSTER’s catch offers security research opportunity

›13 July 2007

LOBSTER’s catch offers security research opportunity

A selection of files is now available to researchers interested in evaluating cyber-attack detection methods, or in studying data from real life attacks.

The attack trace files can be downloaded from a website created as a spin-off of the LOBSTER pilot project, which has been monitoring Internet traffic across Europe since October 2004.

LOBSTER has captured more than 40,000 Internet attacks using 36 passive monitoring sensors deployed in nine different countries. It was a step towards an advanced European infrastructure that will improve our understanding of the Internet and help solve performance and security problems.

The full details of these thousands of attacks cannot be made public because of privacy issues. A very small sample has been carefully anonymised, using software developed by the LOBSTER team, in order to remove sensitive information that could identify either the source or the destination of each attack. This sample is accessible through the LOBSTER attack trace repository.

Each file on this website corresponds to one single attack. The LOBSTER team hopes to add further anonymised files to this list in the future. Information about the remaining attacks is stored by the various organisations which host LOBSTER’s sensors around Europe.

Michalis Polychronakis is a member of the Distributed Computing Systems Laboratory at the Foundation for Research and Technology – Hellas’s Institute of Computer Science (FORTH-ICS), based in Greece, and is one of the LOBSTER team. He explained that the respository was not one of the original goals of the project, but he and his colleagues “came up with the idea as soon as the deployed sensors started to capture lots of attacks”.

Mr Polychronakis added that there is a general lack of real-life attack data available to the security research community and, “so we wanted to contribute in that direction”.

Additional Information

LOBSTER’s sensors, operating at up to gigabit speeds, are together able to monitor traffic across 2.3 million IP addresses at any one time, using four applications developed during the project.

The LOBSTER infrastructure is unique in Europe and one of only three similar infrastructures that exist in the world today.

The project is comprised of nine partners including research organisations, commercial partners and National Research and Education Networks (NRENs).

The LOBSTER pilot project officially concluded at the end of June 2007, but the system of sensors is continuing to monitor Internet traffic.

LINKS

The LOBSTER attack trace repository.

The LOBSTER home page.

The FORTH home page.