At Complex Networks Analysis Lab at Ben-Gurion University (CNALAB@BGU) we tackle research problems in diverse domains using a combination of methods from graph theory and machine learning.


Complex Networks are found in cyber security, social networks, communication networks and the Internet, biological networks, financial networks, text analytics and more. Scientific programmers working the CNA Lab @ BGU develop generic software tools and libraries to analyze the structure of networks derived from the various problem domains. Graduate research students apply these tools to investigate specific problems in their domain of interest.


Short Bio

Dr Rami Puzis - Senior Lecturer, BSc Software Engineering, MSc Information Systems Engineering and PhD topic on Deployment of Distributed Network Intrusion Detection Systems. He has worked as a research associate in the Laboratory of Computational Cultural Dynamics, University of Maryland. His primary specialization is in the area of complex networks analysis with applications to cybersecurity, social and communication network analysis. He has been the principal investigator of a series of research projects funded by Deutsche Telekom AG, Israeli Ministry of Defense, Israeli Ministry of Economy, and several leading cybersecurity industries.

Topics of interest: 

  • Complex networks (centrality, community detection, classification, alignment,...)

  • Cyber security (netcentric security, STIX, EDR)

  • Machine learning (applications of deep learning to network data, encrypted traffic analysis) 

Lately also looking at Blockchain and Future Internet Architectures.   


Cost Efficient Defense Resource Allocation

It is not practical to analyze and filter all the network traffic. A methodology for efficient utilization of network resources during attack mitigation should be developed.

Social Network Honeypot

As part of the research project "Detecting APTs Targeting Network Devices" a social network honeypot platform for detecting attackers during the reconnaissance phase was implemented. Key competence/ functionalities of the platform include: collecting information from SNs, generating and monitor artificial profiles, and wiring profiles within the social network.

Target oriented network intelligence collection 

The Target Oriented Network Intelligence Collection (TONIC) problem is the problem of finding pro files in a social network that contain information about a given target via intelligent crawling. Such pro files are called leads. Two best- first search frameworks are proposed for solving TONIC and several heuristics are proposed for each framework. 

Fake News and Untrustful Social Accounts

Online social media (OSM) allows people to share news, create content and start trends, potentially influencing large sectors of the population. Unfortunately, organizations and individuals take advantage of the OSM in order to gain influence, damage  competitor’s reputation, or spread political propaganda by financing misinformation campaigns. In many cases, these campaigns are carried out by armies of online un-trustful accounts,



Early Detection Alert and Response to eThreats (eDare)

eDare is a research project performed by Telekom Innovation Laboratories at BGU between July 2005 - July 2008. The goal of the project was to detect and tackle emerging ICT security threats propagating across NSP, ISP and enterprise communication networks. 

Network Classification

Network classification is at a nascent stage, holding great potential. The network classification research is facilitated by an abundance of network datasets available today. In this project we develop algorithms for embedding and classification of vertices, subgraphs, and graphs, as well as search for subgraphs matching a given class. 

Cyber-biological warfare

Today arbitrary synthetic DNA can be ordered online and delivered within several days.  In order to regulate generation of dangerous substances, most synthetic gene providers screen DNA orders. However, a weakness in the DNA screening guidance allows some screening protocols to be circumvented using a generic obfuscation procedure inspired by early malware obfuscation techniques. Furthermore, accessibility and automation of the synthetic gene engineering workflow, combined with insufficient cybersecurity controls, allow malware to interfere with biological processes within the victim's lab ...


References and Links to Papers


Michael Fire, Lena Tenenboim, Ofrit Lesser, Rami Puzis, Lior Rokach, Yuval Elovici

Online social networking sites have become increasingly popular over the last few years. As a result, new interdisciplinary research directions have emerged in which social network analysis methods are applied to networks containing hundreds millions of users. Unfortunately, links between individuals may be missing due to imperfect acquirement processes or because they are not yet reflected in the online network (ie, friends in the real world did not form a virtual connection.) Existing link prediction techniques lack the ...

Shlomi Dolev, Yuval Elovici, Rami Puzis

Betweenness-Centrality measure is often used in social and computer communication networks to estimate the potential monitoring and control capabilities a vertex may have on data flowing in the network. In this article, we define the Routing Betweenness Centrality (RBC) measure that generalizes previously well known Betweenness measures such as the Shortest Path Betweenness, Flow Betweenness, and Traffic Load Centrality by considering network flows created by arbitrary loop-free routing ...

Rami Puzis, Yuval Elovici, Shlomi Dolev

In this paper, we propose a method for rapid computation of group betweenness 
centrality whose running time (after preprocessing) does not depend on network size. The 
calculation of group betweenness centrality is computationally demanding and, therefore, it 
is not suitable for applications that compute the centrality of many groups in order to identify 
new properties. Our method is based on the concept of path betweenness centrality defined 
in this paper. We demonstrate how the method can be used to find the most prominent ...

Rami Puzis, Yaniv Altshuler, Yuval Elovici, Shlomo Bekhor, Yoram Shiftan, Alex Pentland

Network planning and traffic flow optimization require the acquisition and analysis of large 
quantities of data such as the network topology, its traffic flow data, vehicle fleet composition, 
emission measurements and so on. Data acquisition is an expensive process that involves 
household surveys and automatic as well as semiautomatic measurements performed all 
over the network. For example, in order to accurately estimate the effect of a certain network 
change on the total emissions produced by vehicles in the network, assessment of the ...

Roni Tzvi Stern, Rami Puzis, Ariel Felner

In this paper we address the following search task: find a goal with cost smaller than 
or equal to a given fixed constant. This task is relevant in scenarios where a fixed budget is 
available to execute a plan and we would like to find such a plan while minimizing the 
search effort. We introduce an algorithm called Potential search (PTS) which is specifically 
designed to solve this problem. PTS is a best-first search that expands nodes according to 
the probability that they will be part of a plan whose cost is less than or equal to the given ...

David Toubiana, Rami Puzis, Lingling Wen, Noga Sikron, Assylay Kurmanbayeva, Aigerim Soltabayeva, Maria del Mar Rubio Wilhelmi, Nir Sade, Aaron Fait, Moshe Sagi, Eduardo Blumwald and Yuval Elovici

The identification and understanding of metabolic pathways is a key aspect in crop improvement and drug design. The common approach for the detection of metabolic pathways is based on gene annotation and ontology. Here, we demonstrate the detection of metabolic pathways based on quantitative metabolic data by combining correlation-based network analysis with machine-learning techniques. Metabolites of 169 known tomato metabolic pathways (TomatoCyc), 85 non-tomato pathways (MetaCyc), and 85 random sets of metabolites were mapped as subgraphs onto metabolite correlation networks of the tomato pericarp. For each subgraph, a set of 148 network features for each network was computed. The resulting feature vectors were used to train a robust machine-learning model. The validity of the model was tested on unknown pathways (from PlantCyc and MetaCyc) predicting the presence: i) of the β-alanine-degradation I (yet unknown to plants); ii) the melibiose-degradation pathway although melibiose was not part of the networks. In vivo assays validated the presence of the pathways.

Useful Links



SISE dept, P.O.B. 653 Beer-Sheva

©2017-2018 by Rami Puzis. Proudly created with

This site was designed with the
website builder. Create your website today.
Start Now