Ook in Europees verband werkt Nederland aan oplossingen. Het ACDC project is een samenwerking tussen 14 europese landen en beoogd het toenemende gevaar van botnets te keren en deze waar mogelijk onschadelijk te maken.
2. Quick
Facts
ACDC
–
Advanced
Cyber
Defence
Centre
• Project
type:
European
Pilot
Project
under
CIP-‐PSP
programme
• Project
duraMon:
30
months
(Feb
2013
-‐
Jul
2015)
• Project
Volume:
15,5M
EUR,
co-‐funded
by
the
European
Commission.
• 28
Partners
from
14
European
Countries
• Project
Lead:
eco
e.V.
-‐
AssociaMon
of
the
German
Internet
Industry
• Unique
consorMum
unites:
• CERTs
• Internet
Service
Providers
• AnMvirus
and
IT-‐Security
Companies
• Academia
and
Research
• Industry
(CriMcal
Infrastructure
Providers,
Financial
InsMtuMons)
• Law
Enforcement
ACDC
General
Overview
2
3. Project
Goals
• Cross-‐border
fight
against
Botnets
(and
other
threats)
• End-‐to-‐End
approach
against
Botnets
• 1
Central
Database
(Centralized
Data
Clearing
House)
• 1
Community
Portal
• 8
NaMonal
AnM-‐Botnet-‐Support
Centre
• 5
Experiments
as
a
Proof
of
Concept
• Open
ACDC
Community
for
external
Stakeholders
and
Partners
• Sustainability
Plan
for
ConMnuaMon
of
the
Project
• PrevenMon
strategies
&
Awareness
raising
to
End-‐users
• Free
MiMgaMon
tools
and
service
for
End-‐users
across
Europe
ACDC
General
Overview
3
4. ACDC
–
a
service
approach
Detec1on
Spam
campaign
Stolen
credenMals
Drive-‐by-‐
download
DDoS
traffic
detected
Centralised
reports
of
botnet
behaviour
Centralised
Data
Clearing
House
Support
–
no1fying
affected
customer
Mi1ga1on
–
helping
affected
customer
Security
vendor
HosMng
provider
Mobile
network
provider
Bank
of
customer
Standardized
report
findings
Redirect
to
boBree.eu
5. Internet
Service
Providers
ACDC
–
central
Data
Clearing
House
Central
Data
Clearing
House
Sensor
Sensor
Concentrator
Concentrator
Sensor
Sensor
Sensor
Sensor
Sensor
Sensor
ACDC
NaMonal
Support
Centres
Anonymisa1on
Research
Industry
Law
Enforcement
Agencies
Detec1on
Suppor1ng
6. ACDC
–
Central
Data
Clearing
House
Central
Data
Clearing
House
Sensor
Sensor
Concentrator
Concentrator
Sensor
Sensor
Sensor
Sensor
Sensor
Sensor
Detec1on
ü Sensors
delivering
data
directly
or
through
concentrators
ü Sensors
can
request
addiMonal
feeds
to
work
with
ü Data
input
in
any
format
ü Data
output
in
JSON
or
YAML
ü Central
Clearing
House
facility
correlates
data
ü Data
flagging
for
special
purposes
q Experiments,
q Research
or
q InvesMgaMons
7. ACDC
Community
Portal
ACDC
General
Overview
7
• Entry
point
to
ACDC
• Handling
of
Data
Sharing
Policies
• Connects
users
to
soluMons
• Inter-‐connecMng
stakeholders
to
fight
botnets
• Plahorm
to
create
and
deploy
soluMons
• Open
Knowledge
Exchange
Plahorm
• Open
RegistraMon
to
intl.
stakeholders
https://communityportal.acdc-project.eu
8. (NaMonal)
Support
Centres
ACDC
General
Overview
8
• Bohree.eu
as
central
point
of
entry
• 8
NaMonal
End-‐User
Support
Centres
• DE,
BE,
IT,
ES,
RO,
PT,
HR,
FR
• Three
columns
of
support
• Prevent
• Clean
• Inform
• Free
miMgaMon
tools
like
• EU-‐Cleaner
by
Avira
• Check-‐and-‐Secure.com
• Twijer,
Blogs,
Forum,
Email-‐Support
9. Does
it
really
help?
ACDC
General
Overview
9
• Similar
intervenMons
are
being
tried
everywhere:
• naMonal
support
centers
• data
clearing
houses
• ISP
customer
noMficaMons
• global
C&C
takedowns
• Resources
are
limited
in
Mme
and
magnitude
• Which
of
these
measures
are
most
effecMve?
• This
requires
robust
compara1ve
botnet
metrics
and
careful
staMsMcal
analysis
• Metrics
also
inform
all
stakeholders
how
well
(or
poorly)
network
operators
are
performing
in
miMgaMng
botnet
threats
• Metrics
incenMvize
miMgaMon
and
reward
the
efforts
of
good
ISPs