ICSL uses advanced data mining techniques to analyse data (e-mail messages, websites and other documents) to identify threats, and link related events to provide a coherent view to security, emergency response and law enforcement organisations.
Features are extracted from attacks in order to characterise, attribute and profile attacks of varying sources. We have expertise in performing profiling analysis in two major domains:
- Phishing e-mails and websites. Text based attacks can be analysed using variations of traditional text mining algorithms. We have developed a number of pioneering algorithms for this task.
- Malware, especially rootkits and botnets. In much the same way that text based attacks can be analysed, binary malware samples can too (however with greater difficulty). In addition, configuration files can be analysed using the techniques described above.
The results of these analyses are shared with ICSL members, with threat reports compiled on a regular basis based on partner needs.