July 19, 2004, Updated September 14, 2012

The more we work, the more we learn details of the extent of terrorist use and misuse of the Internet – Professor Mark Last.Investigation of the tragic events of September 11, 2001 made it clear that terrorist groups are increasingly using the Internet as a communication and propaganda tool where they can safely communicate with their affiliates, coordinate action plans, raise funds, and introduce new supporters into their networks.

This became evident to world security agencies from the large number of web sites run by different terrorist organizations though the URLs and geographical locations of these web sites are frequently moved around the globe.

To combat this rising tide, Israeli researchers are working on ways to make communication more difficult for terrorists. One of the leaders in the field is Ben-Gurion University Professor Mark Last who is conducting breakthrough research on fighting terror in cyberspace at his Software Quality Engineering/Data Mining) Laboratory on the Beersheva campus.

“The Internet helps terrorists a great deal and makes their life easier in many senses – because it is really a very difficult problem to find something suspicious in the sea of traffic to Internet. Access to the Internet is relatively easy worldwide and affordable worldwide, and it is easy to use while concealing your identity,” Last told ISRAEL21c.

“The more we work, the more we learn details of the extent of terrorist use and misuse of the Internet, the websites they are maintaining for their supporters, for conducting illegal international transactions, sending messages to each other and other kinds of activities.”

In his lab, Last and his team are working towards the goal of achieving the ability to predict future activities and targets by searching Web pages, e-mails and other on-line data. His lab at BGU is working to develop and implement a prototype system for detection of terrorist-related or other criminal activities characterized by abnormal patterns of information access and use on the Internet.

Last initiated the idea two years ago to take established ideas of data mining and computational analysis and apply techniques to the information on the Internet, especially on the Internet traffic. Using this technique, he believes, eventually terrorist internet activity will be able to be detected, even if that activity is taking place in the midst of a great deal of innocent activity at an Internet café, a company, or a university.

Last outlined his research during a recent conference on cyberterror he organized with BGU and which was supported by the Fulbright Foundation, Tel Aviv University, and the U.S. government’s National Institute of Systems Test and Productivity in Tampa, Florida,

Speaking at the conference, U.S. Ambassador to Israel Daniel Kurtzer emphasized the cooperation between Israel and the U.S. in fighting cyber-terror.

“Combating cyber-terror is one of the most challenging security threats that face both our societies today. The United States and Israel share the challenge of dealing with this threat, just as we share very high technical levels of capability and of infrastructure. Today’s conference is only one example of the many in which the United States and Israel have found ways to cooperate. This conference was put together by American and Israeli experts who have dedicated much of their professional lives to dealing with and detecting terrorist-related activities on the internet,” he said.

Kurtzer referred to a case in the news to demonstrate the dangers that still exist.
“[Israeli newspaper] Yediot Aharonot reported that a man living in Nablus used the internet to maintain contact with his terrorist colleagues in Jordan, Lebanon and elsewhere to plan attacks against Israeli embassies overseas, a story reminiscent of that which we know about 9/11. It has become clear that as terrorists and their supporters become more proficient with the use of information technologies, the internet, and cyber-terror methods, they are increasingly likely to exploit the weaknesses in critical infrastructures connected to the internet,” said Kurtzer.

Kurtzer also explained that Israelis are not only helping the effort from the laboratories, but from the Pentagon, disclosing that the National Cyber Security Division of the Department of Homeland Security is headed by the son of Israeli immigrants to the U.S.

“President Bush named Amit Yoran, the son of Israeli immigrants, to head up the response center in June 2003. Before assuming these duties, Yoran was the Vice-President for Manage Security at the Symantec Corporation. Dr. Yoran not only oversees our government’s computer security efforts, but is also in charge of persuading American citizens and corporations to improve the security of their own systems,” said Kurtzer.

The Israel-U.S. connection has thickened in the fight against cyberterror due to the involvement in the conference of the NISTP, an independent body which is primarily funded by the U.S. Navy. Its participation grew out of Last’s cooperation with colleagues at the University of South Florida.

As a result of this cooperation, Last’s BGU lab is working as a subcontractor for the NISTP – focusing on design and development of Computational Intelligence (CI) methods that will enable government agencies and commercial companies to improve quality, security, and cost-effectiveness of large-scale information systems. Active research areas include automated recovery of system requirements, design of functional test cases, cyber security, and mining high volume data streams – with the current focus on cyberterror.

After a year and a half of working on a mathematical model, the research has moved to the stage of building a prototype.

“We want our experiment to be as realistic as possible, so we are conducting our work inside the university, after consulting with a legal adviser and the BGU computing center. What we’ve done is set up a small system which is doing 24/7 monitoring of a certain number of public computers used by our team to try to apply the different methods, to reliably detect terrorist activity,” said Last.

Planting some of the content of real terrorist websites inside the university system, Last and his team then try to detect it, distinguishing it from normal activity.

“We are showing constant improvement. At first the results were relatively poor and as a result we made changes in our algorithms. We are now closer to a success rate of around 95-97 percent accuracy in positive detection of terrorist-related traffic, at the cost of approximately 2-3 percent of false positive detection. The research is ongoing and we are trying to improve the numbers all the time.”

Last’s anti-terrorist research group at BGU includes Dr. Yuval Elovici, Dr. Bracha Shapira, Prof. Moti Schneider, Dr. Menahem Friedman and graduate student Omer Zaafrany, whose work on the cyberterror project has been his master’s project.

More on Life

Read more: