Identifying Encrypted Traffic
Sharing data among organizations is essential in detecting attacks on computer networks. When this collaboration is done in the sectoral or international levels, there is no trusted entity, and the data analysis has to be done in a distributed manner. For organizations to agree to share the data, it should be ensured that no confidential data will be leaked. In addition, this data contains in many cases information of individual clients. For legal reasons and to retain clients’ trust, it is important that information on individuals doesn’t leak. To prevent such leakage, we want to provide differential privacy, which, informally, guarantees no information leakage.
To build firm theoretical foundations and an implemented infrastructure that will serve as the basis for the construction of distributed collaborative intrusion detection and prevention systems.
The two main tools that we will use are differentially private analyses and secure function evaluation. We will develop the scientific foundation that will enable using these tools to construct a system that provides privacy while making it possible to perform meaningful analyses. Lately, very efficient implementations of secure function evaluation protocols have been constructed using various cryptographic tools. In addition, methods for constructing differentially private analyses have been developed. We will use these protocols and the methods that we will develop to construct a prototype of a distributed infrastructure for detecting and preventing attacks. To construct this system, we will need to design efficient secure protocols for new tasks.
Prof. Amos Beimel
Dr. Eran Omri
Dr. Amit Dvir
Aner Ben Efraim