Miscellanous Projects

• SE-Clamav project. Securing the source code of Clamav and developping new AV technlogies around it to provide a free, open source antivirus software. This project is now maintained as a part of the DAVFI project.
• Malwarebehavioralautomata. The project is divided between different tools:
  • The trace and script analyzers to abstract a trace of events.
  • The detection automata for parsing the abstracted trace.
  • The correlation tool to classify malware according to the detected behaviors.
  • Two related papers can be found here and here.
• Andromede library. This library has been developped practically from scratch to implement bittorrent protocol and to secure it with the Perseus technology (see libperseus code google page). It has been developped in C language primarily for Windows systems but it works also fine under GNU/Linux. The main features (at the present development status) are :
  • Bittorrent extensions management.
  • Use of polarssl to manage libperseus secret quantities.
  • Use of the pthread library for the multi-threading.
• PDFstructazer. Tool to analyze PDF files at the PDF code level directly. Enable also “to program” in PDF language directly. Available upon request.
• DeepBlue. Operational platform to analyze, attack and geolocate any Bluetooth device. With suitable yet portable antenna, it is possible to detect Bluetooth traffic up to a few kilometers. Non public software (available upon request for official entities only).
• Whizz. Operational platform to simulate, to analyze and to attack VoIP communications. Available upon request.
• SuWast (SuperWorm analysis and simulation tool). Worm and botnet large scale simulation platform. A heterogeneous network of nearly 60,000 hosts can be simulated on a 2 Gb computer. It enables to test and play a lot of different attack and propagation scenarii in different network conditions. The reference paper is here. The platform is non public.