From research at the Cyber Defence Campus to the capabilities of the Federal Administration's cyber defence.
The collaboration between Dr Vincent Lenders, Head of the Cyber Defence Campus of armasuisse Science and Technology, and Dr David Gugelmann of Exeon Analytics, has helped to further advance the development of the Confederation's cyber security. Exeon Analytics' software aims to significantly reduce the amount of time cyber attackers can operate undetected in networks. The idea for Exeon Analytics was born during Gugelmann's doctoral thesis at ETH Zurich, which was supervised by Dr Lenders.
Andrea Thäler, Cybersecurity and Data Science, armasuisse Science and Technology
Dr Gugelmann's innovative research work led to the development of the Exeon Trace Network Detection and Response (NDR) platform from Exeon Analytics. The platform uses advanced machine learning algorithms to process all network traffic and automatically recognise suspicious activity. This enables security teams to respond quickly to potential cyber threats and drastically reduce the amount of time attackers remain undetected.
The methodology presented in the paper «Hviz: HTTP(S) Traffic Aggregation and Visualisation for Network Forensics» was awarded at the Digital Forensic Research Conference in Dublin in 2015 and is proof of the high level of joint research activity. It presents the Hviz tool, which is designed to assist in the forensic investigation of security incidents by analysing HTTP and HTTPS (Hypertext Transfer Protocol Secure) traffic within an organisation. This is an application protocol that regulates communication between web servers and clients (such as web browsers). It is essentially the basis of data communication on the World Wide Web. This advanced technology ultimately led to the founding of Exeon Analytics as an ETH spin-off in 2016.
The success of this collaboration can also be seen in the development of new models for detecting malware communication via HTTP networks. These new models quickly and automatically detect malware that has already taken root in systems. A broad team, including Dr Vincent Lenders and researchers such as Pavlos Lamprakis and Dr Laurent Vanbever, developed the methodology just described and presented it at the Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) conference in Bonn.
With this method, so-called «Advanced Persistent Threats» (APTs) - i.e. complex and multi-layered cyber attacks - can be detected extremely effectively. The importance of recognising such attacks is also reflected in the fact that combating them is a central component of the national strategy for protecting Switzerland against cyber risks (NCS). This is another reason why Exeon Analytics is currently in use in the Federal Administration.
Through these advanced research activities and active collaboration with the private sector, armasuisse Science and Technology is decisively strengthening the Confederation's cyber defence capabilities. The Cyber-Defence Campus of armasuisse S+T thus plays a central role in the early identification of trends, in research into innovative cyber technologies and in their use to protect national interests