MERIT INITIATIVES
RESEARCH
From 1987 until April 1995, Merit managed and re-engineered the NSFNET Backbone Service project in partnership with the National Science Foundation, ANS, IBM, MCI, and the State of Michigan. The NSFNET led directly to the growth of the commercial Internet.
Merit’s Research and Development (Merit R & D) team collaborates with researchers in academia and industry within Michigan and nationwide. Merit’s R & D program aims at performing ground-breaking research that would benefit Merit’s Members, Michigan and the society. The group currently focuses on Internet measurements that provide insights into the evolution of the Internet and the adoption of new protocols, on network security, and on the development of tools that can help network operators better monitor and secure their networks.
Some of the historically significant contributions of Merit’s R & D to the networking community include (i) the development and deployment of the world’s largest public registry of Internet data, Merit RADb, (ii) the leadership role in the GateD Consortium that provided a platform for designing and testing new network routing protocols, and (iii) the pioneering work of distributed dial-in and AAA mechanisms. Other notable past research projects include the Internet Performance Measurement and Analysis (IPMA) project that helped lay the foundation for Internet data collection and statistical analysis (in collaboration with the Cooperative Association for Internet Data Analysis (CAIDA) and the National Laboratory for Applied Network Research (NLANR), the Flamingo visualization tools, and the BGPTables Web-based toolset for analysis of routing data.
ACTIVE RESEARCH PROJECTS
The Community Labeling and Sharing of Security and Networking Test datasets (CLASSNET) project will provide new, labeled, rich and diverse datasets to the research community to support network and security research. The project will develop a framework for collaborative, community-driven enrichment and labeling of data, enabling use of these datasets for machine learning (ML) in networking and security. Furthermore, the CLASSNET project will make data available to researchers through multiple methods, ensuring privacy of data while enabling flexible data computation. The project will also generate diverse continuous (constantly, automatically updated) and curated (selected by human) datasets for research use.
CLASSNET project will innovate in dimensions of data labeling, data distribution and data sources. In data labeling, the CLASSNET collaborative framework will provide a low-friction framework for sharing annotations among researchers. The framework will incentivize labeling with feedback mechanisms and user credits, and support bulk, automatic, algorithmic labeling. In data distribution, CLASSNET will support multiple ways of data access, ranging from downloading anonymized data to processing data in the cloud, on provider machines or via the code-to-data approach. Finally, CLASSNET data sources will provide new, diverse, continuous, and curated datasets that are useful for network and security research, including traffic packets and flows, network telescope data, Domain Name System (DNS) data and Internet topology data.
The immediate impact of this project will include new types of labeled, curated and continuous datasets that enable new security, networking, and ML research and education, impacting a large community. The broader impact of this data will be to foster research and education, which will make the Internet safer, more stable, and more secure, and will increase the community’s knowledge about the Internet. With the Internet’s importance for tele-work, tele-medicine, remote learning, e-commerce and e-government, these improvements will have a broad societal impact. In addition, CLASSNET datasets will support data-driven exercises for graduate and undergraduate education, and new PhD research. CLASSNET project’s innovations in multiple pathways to data access, combined with The automated and incentivized enrichment framework, will improve the state-of-the-art for responsible data sharing in related disciplines of information technology.
Data from CLASSNET will be made available to researchers at no cost, and used to support education and research. Datasets can be requested by visiting: https://comunda.isi.edu/
Support: CLASSNET is supported by NSF/CISE as an NSF CRI-8115780 grant. CLASSNET is a joint effort of USC/ISI and Merit Network, Inc. See also: Community Labeling and Sharing of Security and Networking Test datasets (CLASSNET)
Publications:
Labeling Network Telescope Data: Challenges and New Directions
By Michalis Kallitsis, DINR 2023. Presentation slides
Detecting and Interpreting Changes in Scanning Behavior in Large Network Telescopes
By Michalis Kallitsis, Rupesh Prajapati, Vasant Honavar, Dinghao Wu, John Yen, IEEE Transactions on Information Forensics and Security, October 2022.
AMON-SENSS: Scalable and Accurate Detection of Volumetric DDoS Attacks at ISPs
By Rajat Tandon, Pithayuth Charnsethikul, Michalis Kallitsis, Jelena Mirkovic, GLOBECOM 2022-2022 IEEE Global Communications Conference.
Collecting, Labeling, and Using Networking Data: the Intersection of AI and Networking
By John Heidemann, Jelena Mirkovic, Wes Hardaker and Michalis Kallitsis, NSF Workshop on AI for Networking, Virtual Event, Oct. 2021
Virtual Private Networks, or VPNs, are an important and integral part of the security and privacy practices of tens of millions of Americans, and of activists, journalists, and NGOs around the world that protect U.S. interests and help to carry out U.S. foreign policy. Despite the fact that the VPN ecosystem has expanded into a multi-billion dollar industry, there are many aspects of VPN security and privacy in practice that remain severely understudied and unvetted. How well does a VPN protect users against an attacker who can make educated guesses about what traffic is hidden behind the VPN? How feasible is it to hide VPN traffic so that it is not blocked? Do VPNs meet users’ privacy and security expectations? How often do VPN providers follow security and privacy best practices? What are the other security and privacy best practices that should be put in place? This project is answering these questions through technical assessments, carefully designed measurements, and detailed quantitative and qualitative research.
Virtual Private Networks, or VPNs, effectively form an encrypted tunnel to protect user traffic. This project aims to develop both intellectual understanding and technical and practical solutions for VPN security and privacy through four concurrent efforts: (1) building methods to ethically measure what is contained in users’ metadata and unencrypted data that needs protection; (2) analyzing how the layers of a tunnel technology interact in vulnerable ways, akin to the much better-studied theoretical limitations of network intrusion detection systems; (3) mapping out the evolving tunneling ecosystem by automating methodical exploration of different tunneling tools; (4) using quantitative and qualitative research to understand the stakeholders’ (users, providers, recommenders) needs to find the best ways to facilitate desired outcomes. These efforts combined will improve the security and privacy of tunnel technologies in all layers of the OSI network stack, from physical, link, and routing all the way through application into the human layer.
Support: This project is supported under NSF award CNS-2141512. It’s a joint collaboration between the University of Michigan, Arizona State University, and Merit Network.
Publications:
OpenVPN is Open to VPN Fingerprinting
By Diwen Xue, Reethika Ramesh, and Arham Jain, Michalis Kallitsis, J. Alex Halderman, Jedidiah R. Crandall, Roya Ensafi. 31st USENIX Security Symposium (USENIX Security 22). Distinguished Paper Award Winner and First Prize Winner of the 2022 Internet Defense Prize.
Internet Freedom in the Network’s Core
Without a fundamental advance in censorship circumvention technology, censored users worldwide face a future of steadily diminishing Internet freedom. Today’s major circumvention tools are all becoming less and less effective, because they all share a fundamental weakness of design—in one way or another, they all try to connect censored users with uncensored proxy servers. Tool providers, trying to help censored users find and use these proxy servers before sovereign censors can find and block them, are locked in a losing game of cat and mouse, as censors deploy increasingly sophisticated censorship functionality into the core of their national networks. Evidence of censors’ growing advantage is everywhere: New Tor bridges in China now last less than 48 hours, and in Iran, the regime recently created nation-wide VPN outages ahead of its national elections. The potent new censorship tools that drive these developments are proliferating to a growing list of censoring regimes. New technology capable of disrupting this trend would have a transformative global impact, unlocking the human right to seek, receive,and impart information, and the Internet’s potential to deliver responsive governance and broad economic opportunity for people in need around the world.
Decoy routing can meet this need: it is a scalable and sustainable next-generation approach that offers a fundamental advance over today’s Internet freedom tools. Rather than trying to hide individual proxies from censors, decoy routing locates proxy functionality in the core of the network. This makes censorship much more costly, because it is no longer possible to selectively block servers used to provide Internet freedom. Instead, whole networks outside the censored country provide Internet freedom to users—and any data exchange between a censoring country and a participating friendly network can become a conduit for the free flow of information.
Decoy routing can give censored users the upper hand in the global struggle for Internet freedom—but it will only reach those users if we address the critical gaps identified in this proposal. We have shown that decoy routing works in the lab. This project will prepare decoy routing for real-world deployment.
For up-to-date project status and research contributions, please visit the Refraction Networking portal at https://refraction.network/
Coalition members: University of Michigan, University of Illinois, Raytheon BBN Technologies, Merit Network, Open Internet Tools Project, Robinson + Yu
The project is motivated by the need to develop advanced network monitoring tools coupled with automated statistical methods for the quick detection of Internet traffic anomalies due to ongoing attacks or impending cybersecurity threats. Emphasis is placed on detecting cybersecurity threats such as highly distributed malware infections, which can launch coordinated and crippling distributed denial of service attacks on the nation’s Internet infrastructure. This will be achieved through a study of the so-called darknet traffic data. Malicious actors in the network systematically probe the Internet space for vulnerable or misconfigured devices. In doing so, they automatically send data to the entire Internet address space, which includes the space of unused Internet addresses. This destined-to-nowhere traffic is indicative of malware infection attempts or stealthy vulnerability scanning. The investigators aim to develop and deploy specialized tools that allow cyber-security analysts to efficiently analyze darknet traffic data. The research involves a team of computer engineers and statisticians, who will work closely together to implement a prototype system for detecting as well as mapping and identifying world-wide malicious activity in the Internet. The project will create and communicate to the public a set of simple-to-interpret risk indices that summarize the current darknet threat activity. This effort will potentially enable the prevention and mitigation of cybersecurity network traffic threats.
Understanding Internet threats, which continue to evolve due to the dynamic nature of Internet actors and the rapid expansion of the Internet of Things ecosystem, requires adequate data at fine-grained spatial and temporal scales. The project team has access to unique cyber-security data collected at Merit Network, Inc. that capture Internet-wide activity including network scanning, malware propagation, denial of service attacks, and network outages. This data consists of unsolicited Internet traffic destined to a routed but unused Internet address space, referred to as a darknet. This project will develop algorithmic and software infrastructure to collect and organize darknet data into high-dimensional, multivariate data streams, and will study statistical methods based on (i) extremal dependence, (ii) change-point detection, and/or (iii) high-dimensional sparse signal detection and recovery to inform the construction of Internet threat indices that quantify the risk of malicious scanning, degree of network vulnerability, risk of denial of service attacks, etc. Statistics of extremes in high-dimensional setting is a challenging problem since it requires the modeling/estimation of an infinite-dimensional parameter—the spectral measure. Using multivariate regular variation, this project will study novel hyper-graphical models that quantify and provide interpretable abstractions for the simultaneous occurrence of extremes in high-dimensions. Using limit theory for maxima of dependent variables, the project team will address open theoretical problems on the characterization of extremal dependence hyper-graphs and sparse signal detection in high-dimension. This analysis will lead to the development of novel threat indices that exhibit spatial dependence that will be analyzed with fast, scalable change-point detection algorithms. The new change-point methodology is designed to achieve large computational gains vis-a-vis standard approaches without compromising statistical accuracy and would be a significant contribution to the analysis of large data streams.
This award reflects NSF’s statutory mission and has been deemed worthy of support through evaluation using the Foundation’s intellectual merit and broader impacts review criteria.
This project is funded by NSF’s Advanced Threat Detection program under the division of Mathematical Sciences.
Project Partners: University of Michigan, University of Florida
Advancing the security of Internet-connected devices and networks entails the detection and understanding of changes in adversarial behavior in real time. Hence, there is a need to develop methodologies and deploy infrastructure that can automatically diagnose macroscopic trends in Internet activity and provide to researchers and security analysts visibility into botnet infections, denial of service attacks, network outages, and malware campaigns.
Network telescopes–networking instrumentation that collects and records unsolicited Internet traffic destined to a routed but unused Internet address space–are one avenue for detecting shifts in global Internet behavior. However, while network telescopes provide a powerful perspective, they have primarily been used for retroactively understanding Internet events. This project will design and deploy new infrastructure to modernize a large academic network telescope in order to offer unique real-time insights into malicious Internet activity and other threats.
This project will introduce a new real-time data processing pipeline to parse incoming traffic and detect individual network events. It will explore emerging data science techniques to identify variations in Internet-wide trends and to produce terse, human-readable summaries of changes in Internet activity. To contextualize these events, this project will integrate external data sources into the processing pipeline including network reputation data, unique patterns of known malware and other security-focused resources (i.e., the Censys search engine). Furthermore, to boost the telescope’s usability, this work will build accessible interfaces that would enable researchers to easily ask questions about telescope-detected events.
The infrastructure will be broadly available to Computer and Information Science and Engineering researchers interested in understanding, measuring, modeling and defining Internet’s evolution. It builds on Merit Network’s decade-long experience in operating large-scale network telescopes in an ethically responsible manner. It will also leverage the expertise of researchers at Stanford University, University of California at San Diego, and Colorado State University. On the educational front, network telescope data can serve as a vehicle for inter-disciplinary training of the future workforce in areas that lie at the intersection of network security, computer systems, data science and engineering. Even at the graduate level, network telescope data analysis remains a relatively unexplored topic; this project will heighten the scientific utility of the data and will provide unique opportunities for educating students with real-world, heterogeneous network security data.
This project is funded by NSF’s Computer and Information Science and Engineering (CISE) directorate under CISE’s research infrastructure program (CRI).
Project Partners: University of Michigan, Stanford University
Data cyberattacks present one of the most critical threats to the security of the nation’s critical infrastructures and the safety of our citizens. Adversaries frequently target intellectual properties and financial assets of U.S. corporations through cyberattacks. The rapidly increasing adoption of mobile and Internet-of-Things (IoT) devices and their global usage further expands the “attack surface” for nefarious actors. The quick identification of the origins and intents of cyberattacks is required to defend critical services and infrastructure.
Finding efficient methods for characterizing malware behaviors will increase the success of existing cybersecurity efforts employed by DHS such as advanced situation awareness and monitoring, related to fortifying and protecting critical infrastructures. This research will develop a scalable machine learning framework for categorizing malicious behaviors, such as network scanning and randomly-spoofed denial-of-service attacks, observed in a large network telescope (darknet).
The key objectives of the project include:
- Develop and evaluate a framework for clustering network telescope data
- Assess the usability and the functionality of the developed framework in characterizing malware behaviors with experienced cyber-infrastructure professionals testing and evaluating the effectiveness of the deployed techniques
This research seeks to distill meaningful information from unstructured, large-scale darknet data to discover macroscopic (i.e., internet-wide) malicious activities. The long term goal of the project is to support the cybersecurity mission of DHS through an improved characterization of malware families to enable security analysts to track new threats in a real-time manner.
This project is funded by the DHS CAOE program.
Project Partners: Pennsylvania State University
For over 45 years, Merit has been at the forefront of network research. Merit staff have participated in the development and research of routing standards, network protocols, network topology visualization, and network measurement tools.
Learn about the historically significant contributions of Merit’s R & D team to the networking community. https://www.merit.edu/research/projects/
Out of the Box Thinking in Livingston County
The county government in Livingston, Michigan, was very clear—it was not going to become an ISP. Long committed to principles of lean government, elected officials were certain that although 56 percent of households in this region do not have access to fixed broadband, the ideal solution should not be government-owned infrastructure. County Chief Information Officer Kris Tobbe set out to develop an approach that could balance minimal government intervention with effective access to critical infrastructure for residents.
Paying It Forward in Washtenaw County
Barb Fuller is a former dental hygienist and political activist. Gary Munce is a musician and retired library manager of information systems. Driven by a spirit of paying it forward, together they have worked to address the digital divide in Washtenaw County, Michigan. Thanks in part to their efforts, by early 2025, every home in Washtenaw County is set to be connected with high-speed, fiber-based broadband. Washtenaw County, in the southeast region of Michigan, is home to over 320,000 residents.
The Multiplier: Connecting to Community to Connect to Networks
Jason Kronemeyer, the Director of Technology at Eastern Upper Peninsula Intermediate School District (EUPISD), has been relentlessly working towards enhancing educational outcomes in the region. Along the way, he grew into the role of a broadband champion. Jason’s fervent desire to accelerate student learning, coupled with unconventional strategies of “connecting the dots” over decades have played an essential role in attracting infrastructure construction and driving broadband adoption.
A Passion for Community Drives Broadband Forward in Holland, Michigan
Unlike many communities in Michigan, every resident in Holland is served by one of two incumbent internet service providers. However, available speeds, network quality, and provider options negatively impacted educational outcomes, work-from-home opportunities, and overall quality of life in the area, particularly during the pandemic. Today, Holland has taken a significant step forward by awarding a contract to develop and construct a publicly-owned open-access fiber network that will span across the entire city.
Building Broadband Momentum in Berrien County
Berrien County’s 580 square miles encompasses 39 villages, townships, and cities. The county, situated on Lake Michigan’s eastern shore, is dominated by agriculture and tourism; many Chicago residents’ vacation homes are located here. A lack of broadband infrastructure in the county is actively threatening industrial innovation and hampering quality of life for residents as needs and demand for connectivity increase. As of today, the county has made substantial progress toward universal access within the community.
Digital Opportunities Compass
The Infrastructure Investment and Jobs Act (IIJA), which includes the Digital Equity Act of 2021 (DEA), establishes a broad framework and significant funding to advance broadband connectivity and digital equity. The law recognizes key factors and populations to address when striving for digital equity. To fully realize the full benefits of digital technology for individuals, communities, and society at large additional insights are needed. The Digital Opportunities Compass is an holistic framework for broadband and digital equity planning, implementation and evaluation.
INTERESTED IN FUNDING OUR RESEARCH?
The Michigan Moonshot continually seeks funding from public, private and philanthropic sources to further data collection efforts, the development of integrated mapping tools and societal impact studies. Contact [email protected] to learn more.