Dagobert: Design, Application and Governance Of a Botnet dEtection and pRofiling sysTem (2018-2020)
The Dagobert-project aims at improving internet security. It addresses the fight against botnets, which are networks of computers infected with malicious software that subsequently can be controlled remotely by cybercriminals to perform malicious activities.

Cybercrime due to botnets imposes a major threat with large economical and societal impact. The goal of the Dagobert-project is to develop and evaluate an automated system that accurately detects botnets at a national scale by real-time analysis of high-volume streams of real-life network traffic (in particular DNS) at internet infrastructure providers such as domain name registries and ISPs. We intend to achieve this by applying advanced machine learning and deep learning techniques on monitored network data to derive profiles of both known and unknown botnets. Besides these technical aspects, the Dagobert-project also looks into governance aspects when integrating and applying the botnet profiling and detection system in the operational environments of internet infrastructure providers. These governance aspects address how risk management and strategic processes in these organisations are impacted, what measures are required to handle this impact, and how law enforcement is involved.

Supported by: OU LIRS (Learning and Innovation in Resilient Systems); SURFnet, Tesorion, SIDN Labs
Participating CS members: Harald Vranken, Hassan Alizadeh
project website