CivilSphere: a cloud-based malware detection with Stratosphere IPS

CivilSphere is a project born in the Czech Technical University (CTU) in Prague. We believe that NGOs' work is a critical asset for our society, protecting human rights and civil liberties. It is their critical work that makes them a highly valuable political target for a wide variety of powerful actors. The end result is a continuous flow of attacks and technical abuse. Usually struggling for financial support for their causes, how can they protect themselves? At CTU University, we took a step forward to help them.

The goal of this project is to provide simple solutions for journalists and NGOs for detecting attacks in their devices using our network behavioral Intrusion Detection and Prevention System, Stratosphere IPS.

Protection for Journalists

For journalists, we provide an Emergency VPN (Virtual Private Network), which would allow to send us network flows from a device under suspected attack. The Emergency VPN will run on the device sending the network traffic through our CTU servers, allowing our team of experts to review the connections and identify quickly possible undergoing malware infections. The Emergency VPN differentiates from a standard VPN service as it is supposed to be used only for limited amount of time (1-24 hours).

Protection for NGOs

For NGOs, we provide a cloud-based service where we run our machine learning algorithms to remotely detect the malicious behaviors of infected computers in the NGO’s network. NGOs can send the network flows from organizations and apply the most advanced detection algorithms using Stratosphere. These flows only contain metadata and are highly protected by the University by signing an NDA. The organizations should only install a small software on their networks to send the flows to analyze.