About the Project

NEMESYS aims to gather and analyse information about the nature of vulnerabilities found on mobile devices which are due to the heterogeneity of wireless interfaces and offered services, to adopt the honeypot scheme for a number of smart phones and devices, to develop an infrastructure to gather, detect and provide early warning of attacks on mobile devices and, eventually, to understand the modus operandi of cyber-criminals that target mobile devices and by correlating the extracted information with known patterns of attacks extracted form wireline networks to reveal the possible shift in the way that cyber-criminals launch attacks against mobile devices.

First, the security threats against mobile devices will be analysed and a virtualized honeypot along with a corresponding lightweight and energy-efficient anomaly detection algorithm will be built for each mobile platform examined in the framework of the NEMESYS project. These two steps will allow us to gather significant information about attacks against mobile devices.

Then, a data collection infrastructure will be developed that will combine existing information sources with data related to the mobile ecosystem and data collected by a high-interaction honeyclient. These data will be available to an upper layer where it will be processed using various analytical and visual analytics techniques and tools. Eventually, the developed NEMESYS data collection infrastructure will combine control plane (accounting and billing) and data plane (attack fingerprints and malware) information, while special attention to femtocell systems is drawn.

The network information will be further processed so as to extract its semantic content and provide interpretability measures and tools for complex network information. Emphasis will be laid on the detection of abnormal events and network activity and on the correlation of heterogeneous information sources. Real-time network analysis will be also performed and will focus on the analysis of the dynamic behaviour of network traffic. At the NEMESYS top layer, the NEMESYS scalable and interactive visualization tools will be developed that will comprise the NEMESYS visual analytics framework integrating all lower level systems and modules and will serve as the ultimate network traffic and events representation and presentation interface.

The NEMESYS architecture

The NEMESYS architecture

Last Update: 21/11/2014 14:42