Liberouter team participates on a number of national and international research projects. The most important ones are listed below.

SAPPANSharing and Automation for Privacy-Preserving Attack Neutralization, 2019 – 2022

SAPPAN aims to develop a platform for sharing and automation to enable privacy-preserving and efficient response and recovery utilizing advanced data analysis and machine learning. SAPPAN will provide a cyber threat intelligence system that decreases the effort required by a security analyst to find optimal responses to and ways to recover from an attack. SAPPAN will enable this within a single organization as well as across organisations through novel models for privacy-preserving data processing and sharing. It will enable utilizing external experts for intrusion detection and sharing of knowledge on response and recovery actions while respecting the privacy and confidentiality requirements of individuals and organizations.

SPARTAStrategic programs for advanced research and technology in Europe, 2019 – 2022

SPARTA will create a long-lasting community capable of collaboration to define, develop, share, and evolve solutions that will help practitioners prevent cybercrime and enhance cybersecurity. It shall re-imagine the way cybersecurity research, innovation, and training are performed in Europe across domains and expertise, from foundations to applications, in academia and industry. The project aims to become a unique innovation force in cybersecurity with transformative impacts on European Union economy, infrastructures, society and democracy.

GÉANT GN4-3, 2019 – 2022

The current iteration of the pan-European GÉANT Network project, whose goal is to ensure all researchers across Europe have equal high-performance network access to the research infrastructures and e-infrastructure resources available to them. The project includes a number of research and development activities.

We take part in tasks related to P4 In-band Network Telemetry and to cybersecurity, namely DDoS mitigation and development of a toolset for SOC.

We also participated in previous phases of the GÉANT GN4 project, GN4-1 and GN4-2, in years 2015 – 2018.

AdaptDDoSAdaptive protection against DDoS attacks, 2019 – 2022

The project undertakes research into advanced protection against distributed denial of service attacks. Rapid adaptation to an evolving vector of attack, automation of user tasks, exploitation of external information resources are key capabilities that offer scope for improvement over the current situation. The project will address these topics to achieve an effective response to the attack from the accuracy as well as from human-resources and financial perspective.

ViSAVirtual Switch Acceleration, 2019 – 2021

This project is focused on developing an acceleration platform for virtual Open vSwitch, which is one of the most used solutions in the area of data centers. The platform is based on the PCIe acceleration card, equipped with two 100G Ethernet network interfaces and a programmable FPGA chip, that will implement the major virtual switch functionality such as packet reception, classification, and transmission into the appropriate virtual machine or physical network interface. The platform’s key feature is the possibility to configure switch architecture (a type of the packet classification, number of match/action tables, and their size) that allows users to adapt the platform to his/her requirements and achieve high throughput at the same time.

This project is a research collaboration of CESNET with commercial partner Netcope Technologies.

CTIBuilding and verification operation of the Cyber Threat Intelligence System (CTI), 2017 – 2021

The main objective of the project is in accordance with Act No. 181/2014 Coll. of cybersecurity to strengthen critical information infrastructure protection and reduce damage caused by cyber crime through the establishment of the effective detection, identification and prediction system of cyber threats and evaluation of cybersecurity incidents (the so-called Cyber Threat Intelligence). This system based on data analysis and network traffic electronic communication information (Internet) from a wide variety of sources will build methods and procedures for critical information infrastructure vulnerabilities evaluation.

FOKUSAdaptive control of data collection and analysis in high speed networks, 2017 – 2020

The aim is to create a system that achieves higher threat detection rate and better quality of data acquisition in networks. That will be accomplished using a feedback loop from detection systems to probes. Detection systems will, based on data analysis, request probes to perform more detailed analysis of a selected traffic portion. Probes will carry out additional processing, e.g. application layer processing or full packet capture. New probe for 400 Gbps processing will be created in the project.
This project is a research collaboration of CESNET with commercial partners Flowmon Networks and Netcope Technologies.

Selected past projects

NFV200 Platform for Acceleration of Network Functions Virtualization, 2017 – 2019

Network Functions Virtualization (NFV) is a technology that finds wide applications, mainly in datacenters. The project aimed to create a platform enabling easy deployment of virtualized network functions in the fastest networks. It was based on the acceleration card with two 100G Ethernet interfaces and a Field Programmable Gate Array (FPGA). Key acceleration modules were created for the FPGA: a module for fast transfers over the PCIe 4th gen bus and a module for packet processing programmable in the P4 language. That brought wide possibilities of card configuration without the need for manual firmware modifications. Compatibility with a wide spectrum of NFV applications was enabled by creating a DPDK software interface, which is a de-facto standard in this field.

This project is a research collaboration of CESNET with commercial partner Netcope Technologies.

PROTECTIVE Proactive Risk Management, 2016 – 2019

A project of a consortium of 10 European organizations. It aimed to provide security teams with greater cyber capability through improved cyber situational awareness (CSA). The main result of the project is a system for collection and sharing cyber threat intelligence, including automated alert enrichment, correlation and prioritization. CESNET provided its systems for alert sharing and processing, on top of which the PROTECTIVE system is built.

SABUSharing and Analysis of Security Events in Czech Republic, 2016 – 2019

A national project whose objective was to develop a system for the intelligent analysis and efficient sharing of ‘security event’ and ‘security incident’ type of alerts between the security teams in the Czech Republic. It should enable predicting the development of attacks in the future, thus mitigating the impact of any such attack on the national cyberspace. The system should enable a timely exchange of information about the detected security incidents between the entities involved, including the Czech National and Government security teams.

DCPro Technology for Protection of High-Speed Networks, 2015 – 2017

High-speed networks of operators and service providers do not feature effective means of defence against DDoS brute force and other attacks. Due to that, services can be overloaded at the network level, with a small chance of their reaction. The aim of the project is to elevate the security of high-speed networks by means of advanced processing and filtering of the traffic. The aim will be achieved through research, development, deployment and commercial application of a new device supporting the speed of 400 Gbps. The technology reacts to current needs and will offer new features, primarily traffic filtering based on the application layer information.

DMON100 – Distributed System for Complex Monitoring of High-Speed Networks, 2013 – 2015

The goal of the DMON100 project was to build a distributed system for complex monitoring of 40/100 Gbps networks. The system consists of Netflow/IPFIX monitoring probes and software to collect, store and visualise data from these probes. The monitoring probes use hardware-accelerated FPGA cards for data acquisition and pre-processing.  The cards and packet processing firmware have been designed within the scope of the project and awarded by Czech Head,  Industrie Prize. The Netflow/IPFIX collector has been designed to store data from multiple high-speed monitoring probes. Moreover, the well-arranged user interface has been created for a data collector.