USC/UCB 'Mini-Internet' Testbed Will Improve Defenses Against Net Attacks

October 9, 2003

A three-year, $5.46 million grant from the National Science Foundation will establish a testbed to evaluate and improve defenses against Internet-spread computer worms, viruses and denial-of-service attacks, as part of a two-pronged $10.8 million NSF anti-cybercrime initiative.

The University of California, Berkeley and the University of Southern California's Information Sciences Institute (ISI) will partner in the project, called the cyber DEfense Technology Experimental Research network, or DETER.

"With so much of the nation and the world's business now dependent on the Internet," said ISI's Terry Benzel, a nationally recognized expert on cybersecurity who is a DETER co-principal investigator, "we are no longer talking about nuisance pranks and vandalism, but potential losses in the billions of dollars. We need better tools to protect ourselves."

DETER will be a facility where such tools can be tested and perfected. The project's architects will use sophisticated methods to create a closed, isolated network that can credibly represent the makeup and operation of the entire Internet, from routers and hubs to end users' computer desktops.

The DETER testbed will consist of approximately 1,000 computers with multiple network interface cards, located off the actual Internet. Three permanent hardware clusters, or nodes, at UC Berkeley and at ISI's Southern California and Virginia facilities, will serve as the core of the system.

This isolated mini-Internet will serve as a shared laboratory where researchers from government, industry and academia can test existing and new security technology, using a wide variety of attack techniques.

Arena Architecture: A mini-Internet for cyber crime fighters to test their weapons

It will also serve as an educational resource where specialists can be trained in network security, according to B. Clifford Neuman, director of the USC Center for Computer Systems Security, and a co-PI on the project heading up the ISI effort. Both USC and UC Berkeley plan to use the facility in existing and projected classes.

The project will proceed in parallel with a sister project called Evaluation Methods for Internet Security Technology, or EMIST, budgeted at $5.34 million, that will develop testing and evaluation methodologies to be used in the facility. NSF is collaborating with the U.S. Department of Homeland Security on funding both projects.

"Now, proposed defenses against viruses and worms can only be tested in a few limited-scale private research facilities or through computer simulations that don't adequately represent the way the Internet works," said Professor Shankar Sastry, chair of the UC Berkeley department of electrical engineering and computer sciences and principal investigator on the project. "This project will develop traffic models and architectures that are scaled down, but still representative enough that people can have confidence that what works here will work on the Internet."

"Much good security research from the past 10 years hasn't made its way to commercial products," added Benzel, assistant director for special projects at ISI. "One reason for this is lack of sufficient evidence of the benefits and tradeoffs these new technologies bring. DETER will help bridge this gap."

In 2001, Benzel testified before Congress regarding the nation's information infrastructure's vulnerability to cyber attacks.

The ambitious project comes at a time when attacks on the Internet have become more sophisticated, frequent, and destructive. The Slammer/Sapphire worm broke speed records in January 2003 by infecting more than 75,000 hosts around the world within 10 minutes, causing ATM failures and network outages and disrupting airline flight schedules.

An analysis of denial-of-service attacks by the San Diego Supercomputer Center (SDSC) at UC San Diego revealed that more than 12,000 attacks against 5,000 distinct targets, ranging from high-profile e-commerce sites to small foreign Internet service providers, had occurred in a three- week period in 2001. A follow-up 2003 SDSC study found that in the two years since 2001, the rate of such attacks has increased tenfold.

"These attacks clearly illustrate the need for better defense systems," said Ruzena Bajcsy, director of the UC based Center for Information Technology Research in the Interest of Society (CITRIS) and a co-PI on the DETER project.

CITRIS researchers at UC Davis will be partnering with Purdue University, Pennsylvania State University and the International Computer Science Institute in Berkeley CA in the parallel EMIST effort to create new testing tools.

"Science has an essential role in protecting the country's digital and physical infrastructure," said Mari Maeda, acting division director for Advanced Networking Infrastructure and Research at NSF. "Projects such as these demonstrate how NSF contributes both to cutting-edge research and the nation's security."

UC Berkeley contact:
Sarah Yang
Tel: (510) 643-7741
Fax: (510) 642-7289