Berkeley to partner in cyber-defense research
While hackers have the entire Internet to use for their ‘R&D,’ no such environment has been available to cybersecurity researchers. That playing field is about to level
| 22 October 2003
A three-year, $5.46-million grant from the National Science Foundation will establish a large-scale cybersecurity testbed for the development of new Internet defenses against computer worms and viruses. Berkeley researchers will partner with the University of Southern California’s Information Sciences Institute (USC-ISI) in the project, called the Cyber Defense Technology Experimental Research network (DETER).
The project arose from the need for a testbed that models the complex, heterogeneous nature of the Internet. “One of the challenges of creating effective defense programs for attacks from viruses and worms is that they are only tested in moderate-sized private research facilities or through computer simulations that are not representative of the way the Internet works in reality,” says Shankar Sastry, professor and chair of electrical engineering and computer sciences, and principal investigator of the project. “Through this project we will develop traffic models and architectures that are scaled down from the actual Internet, but still representative enough that people can have confidence in it.”
The NSF is collaborating with the U.S. Department of Homeland Security, which is helping fund the cybersecurity testbed. In July, Sastry testified before the Committee on Homeland Security in Congress regarding the need for such a testbed.
Escalating attacks
The ambitious project comes at a time when serious attacks on the Internet have become increasingly common. Researchers at the San Diego Supercomputer Center at UC San Diego recorded more than 12,000 denial-of-service attacks against 5,000 distinct targets, ranging from high-profile e-commerce sites to small Internet service providers, during a three-week period in 2001. More recent studies by the center’s researchers found that in the past two years the number of denial-of-service attacks has increased by a factor of 10.
Many destructive codes can cause significant disruption for businesses that rely upon a smoothly operating network. The Slammer/Sapphire worm, which broke speed records in January by infecting more than 75,000 hosts around the world within 10 minutes, led to ATM failures, network outages, and disruptions in airline reservations.
In August alone, hundreds of thousands of computers that had not been updated with security patches became infected with MSBlaster and SoBig worms, crashing PCs, web servers, and transaction-processing systems.
“These attacks in recent months clearly illustrate the need for better defense systems,” says Ruzena Bajcsy, director of the Berkeley-based Center for Information Technology Research in the Interest of Society (CITRIS) and co-principal investigator of DETER. “One of the most important interests in CITRIS is to make the Internet free of worms and denial-of-service attacks.”
The DETER network will simulate the makeup and operation of the entire Internet, from routers and hubs to end users’ computer desktops. The testbed will serve as a shared laboratory where researchers from government, industry, and academia can put their cybersecurity technologies to the test. The network will be intentionally challenged by malicious codes that range from worms to denial-of-service attacks to programs that attack a network’s routing infrastructure.
The testbed, which will eventually consist of approximately 1,000 computers with multiple network interface cards, will be isolated so that the cyberwar can play out freely without impacting the actual Internet. There will be at least three permanent hardware clusters, or nodes, as part of the network. One cluster will be hosted by Berkeley, a second by USC-ISI in Los Angeles, and a third at ISI-East in Virginia.