Monday, December 15, 2008

Threat Analysis Framework/ ThreatDB Architecture

Threat - Defining threat depends on what you are looking for and who you are. Threat is something that could stop or obstruct ones functioning or working. In other words, anything that could potentially obstruct, destruct or destroy someone or something. Well, this is not a good definition, though our plan here is not to discuss on the semantics. We are planning to work on a project to unify all our good resources for the security community [intrusion defense to start with] around the world to make use of in the process of their engineering and analysis. To start this effort, we have contacted NVD, EmergingThreats and milw0rm to use their resources to make this project happen.

Threat Analysis: Architecture

Vulnerabilities, exploits and general traffic is used for producing signatures and PCAPs. Once this is done, we would map all this into one utility to produce the threat analysis page. The backend for mapping all this data is our threatDB.

Apart from using EmergingThreats signatures, we would also be generating our own. To start with this Initiative, we would have PCAPsDB, VulnDB and ExploitDB mapping to each other and then SigDB to map with them. We already have initiated the process of generating PCAPs. We now have around 800+ PCAPs of Malicious data. We are releasing the Browser Exploit PCAPs from milw0rm listings in our next release.

We have a talked to all of the sites listed above. EmergingThreats reserves copyrights for its signatures and, milw0rm reserves copyrights for their exploits.

All questions and comments are most welcome. If you have any other questions or if you wish to participate in any of our projects, kindly contact us at contact.fingers {at}

- EF

No comments: