Qnetlabs is the research organisation of Quarantainenet. As such, Qnetlabs provides the basis for the in-house developed malware detection methods used in the solutions offered by Quarantainenet. We mainly focus on network-based, out-of-band malware detection. This enables Quarantainenet to build highly scalable malware detection that can easily be deployed on ISP-scale networks.

Malware Detection

We use a hybrid between signature- and heuristic-based approaches to malware detection. The foundation of our malware detection consists of network signatures for specific malware. To compile our signature database, we gather malware samples and analyse them using our proprietary sandbox. Our sandbox analyses the network behaviour of the malware and subsequent automated analysis distills network signatures from this behaviour. By using an in-house developed sandbox , we have the advantage of using a distinct system unknown to malware authors that is therefore hard to detect and circumvent.

To augment this signature-based approach, we actively investigate and develop new systems to detect suspicious network behaviour. This analysis enables us to also detect malware for which we do not have a signature. In the development of these systems, we rely heavily on mathematical techniques (such as graph theory and statistics) and data mining.

Combining reports

Next to our work on the detection of malware, Qnetlabs also actively develops improved ways to combine reports on suspicious activity from different sources into a reliable, and actionable, body of evidence regarding individual end users. The resulting methods are incorporated into the offerings of Quarantainenet, enabling its customers to automatically process and act upon combined reports from multiple sources based on pre-defined policies.


We are always interested in cooperation with other parties in the (network) security field. We already actively engage in exchanging malware samples, sharing indicators of compromise, or discussing new approaches to making the internet a safer place. Please contact us to discuss the possibilities!

Deel deze pagina Tweet plaatsen Update plaatsen