IDG News Service - An Internet standards group has approved an electronic crimes reporting format, which may eventually give security researchers a cohesive, broad set of data to gauge online crime.
The Internet Engineering Task Force (IETF) approved a customized version of the XML-based Instant Object Description Exchange Format (IODEF). Extensions have been added to it that are appropriate for creating standard e-crime reports.
The format allows for unambiguous time stamps, support for different languages and a feature to attach samples of malicious code. It solves the problem facing the security industry of inconsistent reports, which make it harder to spot trends and react faster.
It is hoped that organizations hit by Internet crime such as banks will be able to mine a centralized database that holds the reports. If a bank is experiencing an attack, it could query the database to find out ranges of IP (Internet Protocol) addresses that have been used for offenses such as phishing attacks.
Further queries could determine if other banks have been hit by attacks and analyze spam messages to see if there are common patterns in the grammar or if the attacks originate from a certain area. All of the information could then be used to contact ISPs to take steps to stop the abuse.
The Anti-Phishing Working Group, which has been instrumental in developing the reporting format, plans to run a trial to see how organizations can share the data in the format. One of the goals is to see if one organization can use reports from another without further communication, according to a paper on APWG's website. Two parties have typically had to communicate several times to sort out issues such as the actual time of an event, because of time zone differences.
"Actually, data exchanges will help to refine the operational, policy and procedural issues that appear whenever a data exchange question arises," according to the APWG document.
The data would be transferred between two parties via e-mail. Another goal is to see if the reporting format can support different languages. Many e-crime reports have been written by non-native speakers of English, which has been difficult given the highly technical nature of e-crime, the APWG said.
Send news tips and comments to firstname.lastname@example.org
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!