Secure Information Sharing Sensor Delivery Event Network


SISSDEN will improve the cybersecurity posture of EU organisations and citizens through the development of increased situational awareness and the effective sharing of actionable information. SISSDEN builds on the experience of The Shadowserver Foundation, a non-profit organisation well known in the security community for its successful efforts in the mitigation of botnets and fighting malware propagation. SISSDEN will provide free-of-charge victim notification services, and work in close collaboration with Law Enforcement Agencies, national CERTs, network owners, service providers, small and medium-sized enterprises (SMEs) and individual citizens.

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 700176. More info..

Latest Blog Posts

Analysis of SMTP dialects analysis

SMTP (Simple Mail Transfer Protocol) is one of the most popular protocols, which is used for electronic mail transfer. As it is very common and almost every computer user has at least one email address, SMTP traffic is full of unsolicited messages (spam). There are many negative aspects connected wi...


Darknet - early observations of Satori botnet analysis

In this post, we are introducing our early observations on new version of Satori botnet (Mirai variant). Data used for the analysis was extracted from the NASK darknet.05.12.2017 03:57 UTC – 360 Netlab noticed a new uptick in the Satori activity. Some facts derived from the 360 Netlab post:T...


SISSDEN Brute Force Attack Reports report type

The primary objective of the SISSDEN project is to offer National CERTs, ISPs and network owners free reports on malicious activity detected on their networks. This is achieved through the establishment of a network of honeypots. One of these honeypot type sensors is dedicated towards detecting SSH...


Project overview

The core infrastructure element of SISSDEN is a new beyond state-of-the-art worldwide sensor network, which will be deployed and operated by the project consortium. This passive threat data collection mechanism will be highly scalable and complemented by behavioural analysis of malware from multiple internal and external data sources. Actionable information produced by SISSDEN will be used for the purposes of no-cost victim notification and remediation, via organisations such as National CERTs, ISPs, hosting providers and Law Enforcement Agencies, such as Europol’s European Cybercrime Centre (EC3).



Contact and Collaborations

The project addresses the security concerns of wide range of stakeholders, such as National CERTs, Internet Service Providers (ISPs), Law Enforcement Agencies, EU and non-EU Citizens, Academic and Private Industry Researchers, The European Commission, and Industry partners (large and small).

One of the main goals of the project is community collaboration.

We are seeking partners interested in:

  • Deploying sensors, providing IP space, VMs or physical servers in support of the project
  • Willing to contribute new honeypot/sensor technologies that can be deployed as part of the project
  • Providing third party feeds that could be integrated with SISSDEN or help enrich curated data
  • Collaborating on academic research on the curated data set

We are open to colaboration with Law Enforcement initiatives with data on malware and botnet activity. An example of one such current initiative is the Criminal Use of Information Hiding Initiative.

Interested partners should send a mail to

We are also open to any other collaboration proposals and will be happy to answer any questions about the project.