Early Detection Alert and Response to eThreats (eDare)

eDare is a research project performed by Deutsche Telekom Laboratories at Ben-Gurion University (BGU) between July 2005 - July 2008. The goal of the project was to enhance the ability of Deutsche Telekom AG (DT) to detect and tackle emerging ICT security threats propagating across NSP, ISP and enterprise communication networks. The project involved numerous researchers and over 20 Ph.D./M.Sc. students from three academic departments at BGU.  To-date, further research, development activities are performed subject to ad-hoc requirements and manpower constraints.

eDare includes a set of  interrelated sub-projects, each addressing different aspects of the challenges set forth by modern communication networks and applications.

eDare (I)

The purpose of the eDare (I) research project was to develop a near-zero-tolerance, multi-layered, detection and protection system against malware. The system performs real-time traffic monitoring and filtering of known malware by employing commercial intrusion detection systems scanning for known signatures at rates of GB/s. The system also includes a new malware recognition module. This module facilitates detection of new malware (including polymorphic and metamorphic) by employing a variety of diagnostic plug-ins grounded in Machine Learning theory (i.e., Neural Networks, Decision Trees, Bayesian Classifiers, Active Learning, Weighting Schemes and more). eDare (I) also  provides a platform for facilitating collaborative feedback, expert consultation, risk assessment and inoculation against malware. The eDare (II) & (III) frameworks address the scalability challenges of eDare (I) in handling the enormous amount of data traffic transmitted within NSP, ISP and enterprise networks. This is achieved by focusing the computational effort to more "important" parts of the network based on metrics emanating from the theories of complex- and social-networks.

eDare(II)

The goal of the eDare (II) research project was to study the structure of DT's network (or any other threatened network) and identify the "most influential" routers, that is, the routers possessing the highest collaborative impact on the communication flows between DT users. To achieve this goal a set of algorithms was designed in order to optimize the deployment of traffic monitors and filters within the network. This enabled to reduce eDares' computational efforts and make its deployment more cost-effective. Another important goal of the eDare (II) project was to develop user-friendly mechanisms for evaluation of detection and response systems such as eDare (I) in large-scale networks, prior to their actual deployment. The eDare (II) expert console, developed as the part of this project, includes a visual simulator capable of analyzing the impact of various attack scenarios and defense configurations on the status of a network, subject to constraints provided by the network security administrator.

eDare (III)

The purpose of the eDare (III) research project was to develop algorithms for analyzing communication flows between DT users, without compromising their privacy. Social Network Analysis (SNA) algorithms, developed in this project, analyze inbound and outbound traffic of e-mail (or other collaborative applications) users and pinpoint groups of users possessing the highest "social" centrality metrics. The traffic of these, most influential, users is analyzed by the modules developed in eDare (I) in order to detect new malware. The signatures generated by eDare (I) are then published across the protected network to all subscribed network filters.

eDare (II&III)

Deliverables of the eDare (II) and eDare (III) research projects were integrated producing a cohesive decision support system for optimal placement of net-centric defense systems for protecting Critical Infrastructure (CI) communication networks.

Currently the beta version of the eDare(II&III) Decision Support System for Placement of Intrusion Detection and Prevention Devices in Large-Scale Networks (PIDPS) can be downloaded here *.


* The software provided on this website is provided as is without any warranties.

 

About Telekom Innovation Laboratories

LogoDTGerman

As one of the world's leading telecommunications and information technology service providers, Telekom Innovation Laboratories is setting international standards.

Contact Us

contact_us

Telekom Innovation Laboratories at Ben-Gurion University of the Negev - P.O.B. 653 Beer Sheva, 84105, Israel
Phone: +972 8 6428120/21
e-mail : This email address is being protected from spambots. You need JavaScript enabled to view it.