Cost Efficient Defense Resource Allocation (CEDRA)

In recent years more and more cyber attacks are executed by governments as a part of their cyber warfare arsenal. These attacks are the most complex and sophisticated due to unlimited resources, advanced technology, and strict objectives that the attackers have. It is expected that the attacks will soon become more complex and organized and will focus on national critical infrastructures such as network providers themselves, power plants, banks, cellular networks, etc.. Existing security solution providers do not always manage to keep pace with the emerging threats. It is expected that governments and large organizations will be willing to employ network wide protection in order to mitigate the attacks.It is not practical to analyze and filter all the network traffic. A methodology for efficient utilization of network resources during attack mitigation should be developed. In other words, it is required to: a) optimize the placement of network monitors and filters, b) suggest the sets of features that should be extracted from traffic in different locations, and c) perform infrastructure adjustments, e.g. rerouting, for facilitating efficient threat mitigation.The methodology developed during this project will be based on the Routing Betweenness Centrality (RBC) measure [1]. The RBC estimates the expected number of packets captured by a set of monitors given the network’s topology, the monitors’ locations, the monitors’ sampling rates, and the volumes of traffic in every source-target flow in the network.