Dr. Salamah Salamah  

Office phone: (915)-747-6671   Email: isalamah@utep.edu

Evaluator-Centric and Extensible Logger (ECEL) Framework

Release Date

May, 2017

Overview

ARL and UTEP collaboratively developed a unified framework that allows analysts the ability to capture various behavioral elements during cybersecurity assessments. The Evaluator-Centric and Extensible Logger (ECEL) framework is built using a plugin architecture to facilitate extensibility and flexibility. The plugins are data collectors that can track various computer usage indicators such as tool-specific data (e.g., nmap, nessus). In addition, parsers interpret captured raw data information into a filtered output that for analytics and future decision support system model development using an interactive timeline.

Significance

The ECEL software and its accompanying visualization component provide the security analysis community (both those focused on defensive and offensive technologies) the unique ability to capture and analyze information from the attacker’s perspective. The ECEL tool has been presented to senior leaders in the Cross-Service Community, to include the Army, Navy, Marine Corps, and the Air Force. In addition, ECEL is the basis for several external grants efforts by ARL, including an OSD-funded collaboration between the ARL, MIT-LL, and CYBERCOM. This work has made a significant contribution in a primary issue in the field of cybersecurity: data sharing and availability. Using ECEL, ARL has published several publicly available datasets that researchers and engineers can use for analysis and development of better cyber systems. In addition, analysts from the Survivability & Lethality Analysis Directorate (SLAD) within ARL use the ECEL framework on a daily basis during cybersecurity assessments to ensure that all user actions are captured and to develop models for decision support.

Source Code

• ECEL github Repository

Back to List of Tools