Detection System

Yuval Elovici

Fighting Terror in Cyberspace 65, 75, 2005

The Terrorist Detection System (TDS) is aimed at tracking down suspected terrorists by analyzing the content of information they access. TDS operates in two modes: a training mode and a detection mode. During the training mode TDS is provided with Web pages accessed by a normal group of users and computes their typical interests. During the detection mode TDS performs real-time monitoring of the traffic emanating from the monitored group of users, analyzes the content of the Web pages accessed, and generates an alarm if the users access information is not within the typical interests of the group. TDS was implemented and evaluated in a network environment of 38 users where three users imitated suspected terrorists by accessing to terror related sites. TDS detection performance was com-pared to the performance of the Intrusion Detection System (IDS) based on anomaly detection and was found to be superior.