Secure Information Sharing Sensor Delivery Event Network


SISSDEN will improve the cybersecurity posture of EU organisations and citizens through the development of increased situational awareness and the effective sharing of actionable information. SISSDEN builds on the experience of The Shadowserver Foundation, a non-profit organisation well known in the security community for its successful efforts in the mitigation of botnets and fighting malware propagation. SISSDEN will provide free-of-charge victim notification services, and work in close collaboration with Law Enforcement Agencies, national CERTs, network owners, service providers, small and medium-sized enterprises (SMEs) and individual citizens.

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 700176. More info..

Latest Blog Posts

Understanding memcache DDOS attacks analysis

BGP re-anoouncements and DDOSBy tracking the BGP announcements of large peering providers, we were able to identify what reassembled as a highly congested link in a backbone network, something that normally triggers BGP route flaps and session drops. Monitoring the sudden increase of BGP rou...


Darknet - Satori strikes again analysis

General informationSome time ago, we have written about Satori botnet fingerprinting. Right there, we have fingerprinted more than half a million infected machines. However, Satori's C2 was quickly sinkholed by the security community. Not so long ago, 360Netlab informed the world about Satori...


Darknet - ADB.Miner fingerprinting analysis

General information4th February 2018 – 360Netlab informed the world about the ADB.Miner – Android botnet spreading in a worm style. ADB.Miner activity started on 3 February and it continues. On 6 February, 360Netlab provided another blog post with more details.Some basic facts about the...


Project overview

The core infrastructure element of SISSDEN is a new beyond state-of-the-art worldwide sensor network, which will be deployed and operated by the project consortium. This passive threat data collection mechanism will be highly scalable and complemented by behavioural analysis of malware from multiple internal and external data sources. Actionable information produced by SISSDEN will be used for the purposes of no-cost victim notification and remediation, via organisations such as National CERTs, ISPs, hosting providers and Law Enforcement Agencies, such as Europol’s European Cybercrime Centre (EC3).



Contact and Collaborations

The project addresses the security concerns of wide range of stakeholders, such as National CERTs, Internet Service Providers (ISPs), Law Enforcement Agencies, EU and non-EU Citizens, Academic and Private Industry Researchers, The European Commission, and Industry partners (large and small).

One of the main goals of the project is community collaboration.

We are seeking partners interested in:

  • Deploying sensors, providing IP space, VMs or physical servers in support of the project
  • Willing to contribute new honeypot/sensor technologies that can be deployed as part of the project
  • Providing third party feeds that could be integrated with SISSDEN or help enrich curated data
  • Collaborating on academic research on the curated data set

We are open to colaboration with Law Enforcement initiatives with data on malware and botnet activity. An example of one such current initiative is the Criminal Use of Information Hiding Initiative.

Interested partners should send a mail to

We are also open to any other collaboration proposals and will be happy to answer any questions about the project.