Early Detection Alert and Response to eThreats (eDare)

EARLY DETECTION ALERT AND RESPONSE TO ETHREATS (EDARE)

eDare is a research project performed by Telekom Innovation Laboratories at BGU between July 2005 - July 2008. The goal of the project was to detect and tackle emerging ICT security threats propagating across NSP, ISP and enterprise communication networks.

eDare includes a set of interrelated sub-projects, each addressing different aspects of the challenges set forth by modern communication networks and applications.

eDare (I)

A near-zero-tolerance, multi-layered, threat detection and protection at the network level.

eDare(II)

In order to efficiently deploy eDare(I) monitoring and filtering facilities, this project studied the typical structure of NSP network and identify routers possessing the highest collaborative impact on the communication flows. Heuristic search algorithms were employed to find the locations having the highest Group Betweenness Centrality and thus produce cost-effective deployment of traffic inspection devices.

Another important goal of the eDare (II) project was to develop user-friendly mechanisms for evaluation of detection and response systems such as eDare (I) in large-scale networks, prior to their actual deployment. The eDare (II) expert console, developed as the part of this project, includes a visual simulator capable of analyzing the impact of various attack scenarios and defense configurations on the status of a network, subject to constraints provided by the network security administrator.

eDare (III)

The purpose of the eDare (III) research project was to develop algorithms for analyzing communication flows between users, without compromising their privacy. Social Network Analysis (SNA) algorithms, developed in this project, analyze inbound and outbound traffic of e-mail (or other collaborative applications) users and pinpoint groups of users possessing the highest "social" centrality metrics. The traffic of these, most influential, users is analyzed by the modules developed in eDare (I) in order to detect new malware. The signatures generated by eDare (I) are then published across the protected network to all subscribed network filters.

eDare (II&III)

Deliverables of the eDare (II) and eDare (III) research projects were integrated producing a cohesive decision support system for optimal placement of net-centric defense systems for protecting Critical Infrastructure (CI) communication networks.

Currently the beta version of the eDare(II&III) Decision Support System for Placement of Intrusion Detection and Prevention Devices in Large-Scale Networks (PIDPS) can be downloaded here *.

* The software provided on this website is provided as is without any warranties.

Early Detection Alert and Response to eThreats (eDare): Project

EDARE(II) & EDARE(III) PUBLICATIONS

References and Links to Papers

Early Detection Alert and Response to eThreats (eDare): CV

Meytal Tubi, Rami Puzis, Yuval Elovici, "Deployment of DNIDS in Social Networks" ,IEEE Intelligence and Security Informatics (ISI) (2007) . [google]

Rami Puzis, Marius David Klippel, Yuval Elovici, Shlomi Dolev, "Optimization of NIDS locationment for protection of intercommunicating critical infrastructures" ,Springer European Conference on Intelligence and Security Informatics (EuroISI) (2008) . [google]

Emily Rozenshine-Kemelmakher, Rami Puzis, Ariel Felner, Yuval Elovici, "Cost benefit deployment of DNIPS" ,IEEE International Conference on Communications (ICC) (2010) . [google]

Rami Puzis, Yuval Elovici, Shlomi Dolev, "Fast algorithm for successive computation of group betweenness centrality" ,Physical Review E ,76 (5): 056709 (2007) . [google]

Rami Puzis, Yuval Elovici, Shlomi Dolev, "Finding the most prominent group in complex networks" ,AI Communications ,20 (4): 287-296 (2007) . [google]

Shlomi Dolev, Yuval Elovici, Rami Puzis, Polina Zilberman, "Incremental deployment of network monitors based on Group Betweenness Centrality" ,Information Processing Letters ,109 (20): 1172-1176 (2009) . [google]

Rami Puzis, Meytal Tubi, Yuval Elovici, "Optimizing Targeting of Intrusion Detection Systems in Social Networks" ,Handbook of Social Network Technologies and Applications ,Borko Furht ,Springer ,549-568 (2010) . [google]

Chanan Glezer, Shlomi Dolev, Yuval Elovici, Rami Puzis, Meytal Tubi, "A ‎Decision Support System for deployment of Intrusion Detection and Prevention ‎Devices in Large-Scale Networks" ,ACM Trans. Model. Comput. Simul ,22 (1): ‎Art. 5 26 (2011) . [google]