Archived website.
Project ended 2014.
Slideshow Image 1 Slideshow Image 3 Slideshow Image 4 Slideshow Image 5 Slideshow Image 7 Slideshow Image 8 Slideshow Image 9 Slideshow Image 10 Slideshow Image 11 Slideshow Image 15 Slideshow Image 16 Slideshow Image 17 Slideshow Image 18 Slideshow Image 20 Slideshow Image 23 Slideshow Image 24 Slideshow Image 25 Slideshow Image 26 Slideshow Image 27 Slideshow Image 28 Slideshow Image 29 Slideshow Image 30 Slideshow Image 31 Slideshow Image 32 Slideshow Image 33

Open Source Software

Adagio: Structural Analysis and Detection of Android Malware

Adagio is a collection of Python modules for analyzing and detecting Android malware. These modules allow to extract labeled call graphs from Android APKs or DEX files and apply an explicit feature map that captures their structural relationships. Additional modules provide classes for designing binary or multiclass classification experiments and applying machine learning for detection of malicious structure.

Salad: A Content Anomaly Detector based on n-Grams

Letter Salad, or Salad for short, is an efficient and flexible implementation of the well-known anomaly detection method Anagram. The method uses n-grams (substrings of length n) maintained in a Bloom filter for efficiently detecting anomalies in large sets of string data. Salad extends the original method by supporting n-grams of bytes and words as well as training with two classes.

Prisma: Protocol Inspection and State Machine Analysis

PRISMA is an R package for processing and analyzing huge text corpora. In combination with the tool Sally the package provides testing-based token selection and replicate-aware, highly tuned non-negative matrix factorization and principal component analysis. PRISMA allows for analyzing very big data sets even on desktop machines.

Derrick: A Simple Network Stream Recorder

Derrick is a simple tool for recording data streams of TCP and UDP traffic. It shares similarities with other network recorders, such as tcpflow and wireshark, where it is more advanced than the first and clearly inferior to the latter. In contrast to other tools, Derrick logs network payloads in a line-based ASCII format. Common UNIX tools, such as grep, sed & awk, can be directly and easily applied.

Sally: A Tool for Embedding Strings in Vector Spaces

Sally is a small tool for mapping a set of strings to a set of vectors. This mapping is referred to as embedding and allows for applying techniques of machine learning and data mining for analysis of string data. Sally can applied to several types of string data, such as text documents, DNA sequences or log files, where it can handle common formats such as directories, archives and text files.

Joern: A Robust Tool for Static Code Analysis

Joern is a tool for robust analysis of C/C++ code. It generates abstract syntax trees, control flow graphs and searchable indexes of code constructs. It has been specifically designed to meet the needs of code auditors, who often find themselves in a situation where constructing a working build environment is not feasible. Joern enables one to write quick-and-dirty but language-aware static analysis tools.