A three-year, $5.46 million grant from the National Science Foundation will establish
a testbed to evaluate and improve defenses against Internet-spread computer worms,
viruses and denial-of-service attacks, as part of a two-pronged $10.8 million
NSF anti-cybercrime initiative.
The University of California, Berkeley and the University of Southern California’s Information Sciences Institute (ISI) will partner in the project, called the cyber DEfense Technology Experimental Research network, or DETER.
“With so much of the nation and the world’s business now dependent on the Internet,” said ISI’s Terry Benzel, a nationally recognized expert on cybersecurity who is a DETER co-principal investigator, "we are no longer talking about nuisance pranks and vandalism, but potential losses in the billions of dollars. We need better tools to protect ourselves.”
DETER will be a facility where such tools can be tested and perfected. The project’s architects will use sophisticated methods to create a closed, isolated network that can credibly represent the makeup and operation of the entire Internet, from routers and hubs to end users' computer desktops.
The DETER testbed will consist of approximately 1,000 computers with multiple network interface cards, located off the actual Internet. Three permanent hardware clusters, or nodes, at UC Berkeley and at ISI's Southern California and Virginia facilities, will serve as the core of the system.
Arena Architecture: A mini-Internet for cyber crime fighters to test their weapons
The project will proceed in parallel with a sister project called Evaluation Methods for Internet Security Technology, or EMIST, budgeted at $5.34 million, that will develop testing and evaluation methodologies to be used in the facility. NSF is collaborating with the U.S. Department of Homeland Security on funding both projects.
“Now, proposed defenses against viruses and worms can only be tested in a few limited-scale private research facilities or through computer simulations that don’t adequately represent the way the Internet works,” said Professor Shankar Sastry, chair of the UC Berkeley department of electrical engineering and computer sciences and principal investigator on the project. “This project will develop traffic models and architectures that are scaled down, but still representative enough that people can have confidence that what works here will work on the Internet.”
“Much good security research from the past 10 years hasn’t made its way to commercial products,” added Benzel, assistant director for special projects at ISI. “One reason for this is lack of sufficient evidence of the benefits and tradeoffs these new technologies bring. DETER will help bridge this gap.”
In 2001, Benzel testified before Congress regarding the nation's information infrastructure's vulnerability to cyber attacks.
The ambitious project comes at a time when attacks on the Internet have become more sophisticated, frequent, and destructive. The Slammer/Sapphire worm broke speed records in January 2003 by infecting more than 75,000 hosts around the world within 10 minutes, causing ATM failures and network outages and disrupting airline flight schedules.
An analysis of denial-of-service attacks by the San Diego Supercomputer Center (SDSC) at UC San Diego revealed that more than 12,000 attacks against 5,000 distinct targets, ranging from high-profile e-commerce sites to small foreign Internet service providers, had occurred in a three- week period in 2001. A follow-up 2003 SDSC study found that in the two years since 2001, the rate of such attacks has increased tenfold.
“These attacks clearly illustrate the need for better defense systems,” said Ruzena Bajcsy, director of the UC based Center for Information Technology Research in the Interest of Society (CITRIS) and a co-PI on the DETER project.
CITRIS researchers at UC Davis will be partnering with Purdue University, Pennsylvania State University and the International Computer Science Institute in Berkeley CA in the parallel EMIST effort to create new testing tools.