CURRENT PROJECTS
CURRENT RESEARCH PROJECTS
As more communities devise their own broadband solutions leveraging federal funding, what makes for successful efforts that are responsive to community needs?Many people seeking to enhance broadband connectivity in their communities often feel overwhelmed, believing they lack the necessary expertise or qualifications to make an impact, or that their efforts might be ineffective as they do not hold official municipal roles. Through studying the commonalities and differences that contributed to community champions’ approaches, and the lessons and tactics they utilized, this research illustrates how anyone can emerge as a broadband champion in their own community.The work of community champions is important, but research revealed that technical knowhow was not the determining factor. What mattered to their success was the personal qualities they brought to bear, how they worked with partners and overcame opposition and finally, their commitment to the cause. This project, supported by the Marjorie & Charles Benton Opportunity Fund, shares the stories of broadband community champions and the factors that contributed to their success.
Benton Publications:
Project Compass, Funded by the USDA Broadband Technical Assistance Program has the goal of supporting high-speed Internet access , digital equity, and infrastructure planning in underserved rural Michigan communities. The project utilizes the Digital Opportunities Compass framework in eight rural communities to understand local needs, develop a digital equity strategy, and provide technical assistance.
The project goal is to create community infrastructure for collecting and using real world cybersecurity datasets. The datasets produced will support cybersecurity professionals in developing responses to emerging real world threats, help train students, be used in developing machine learning/AI applications, be utilized by researchers, and generally support development of a cybersecurity data corpus useful for multiple stakeholders.
HORUS is a high-speed computing fast lane supported by the University of Michigan, Michigan State University, Wayne State University, and Merit Network. HORUS provides scientific data storage, a high-speed network, and access software with the goal of providing high-level computing power to less-resourced Michigan universities and community colleges.
The goal of this project is to develop new approaches to more accurately detect distributions of link delays and related measures of network performance. The project uses “active” end-to-end delay measurements collected from different vantage points within a network to better capture link delays and distribution. The project also uses additional datasets and AL/ML methods to create maps of service quality.
In order to address the “cybersecurity divide” present in many smaller organizations, the proposed IRIS Security Operations Center (SOC) will provide increased cybersecurity resilience mechanisms for Merit along with providing support for Merit’s 300+ member organizations via monitoring of Merit’s ingress/egress traffic. The IRIS infrastructure will also be used to support Merit’s current and future research initiatives.
The project goal is to further develop the Conjure implementation of Refraction Networking to a production-state alongside developing new transports for multiple registration servers. These improvements will make Conjure faster, more robust, and more sustainable for thousands of worldwide users looking to avoid online censorship.
The primary goal of the project is to better understand current privacy and security risks with current VPN systems and develop improved attack detection strategies. Additionally, the project will examine several techniques ISP operators could use to fingerprint VPN traffic.
The Community Labeling and Sharing of Security and Networking Test datasets (CLASSNET) project will provide new, labeled, rich and diverse datasets to the research community to support network and security research. The project will develop a framework for collaborative, community-driven enrichment and labeling of data, enabling use of these datasets for machine learning (ML) in networking and security. Furthermore, the CLASSNET project will make data available to researchers through multiple methods, ensuring privacy of data while enabling flexible data computation. The project will also generate diverse continuous (constantly, automatically updated) and curated (selected by human) datasets for research use.
CLASSNET project will innovate in dimensions of data labeling, data distribution and data sources. In data labeling, the CLASSNET collaborative framework will provide a low-friction framework for sharing annotations among researchers. The framework will incentivize labeling with feedback mechanisms and user credits, and support bulk, automatic, algorithmic labeling. In data distribution, CLASSNET will support multiple ways of data access, ranging from downloading anonymized data to processing data in the cloud, on provider machines or via the code-to-data approach. Finally, CLASSNET data sources will provide new, diverse, continuous, and curated datasets that are useful for network and security research, including traffic packets and flows, network telescope data, Domain Name System (DNS) data and Internet topology data.
The immediate impact of this project will include new types of labeled, curated and continuous datasets that enable new security, networking, and ML research and education, impacting a large community. The broader impact of this data will be to foster research and education, which will make the Internet safer, more stable, and more secure, and will increase the community’s knowledge about the Internet. With the Internet’s importance for tele-work, tele-medicine, remote learning, e-commerce and e-government, these improvements will have a broad societal impact. In addition, CLASSNET datasets will support data-driven exercises for graduate and undergraduate education, and new PhD research. CLASSNET project’s innovations in multiple pathways to data access, combined with The automated and incentivized enrichment framework, will improve the state-of-the-art for responsible data sharing in related disciplines of information technology.
Data from CLASSNET will be made available to researchers at no cost, and used to support education and research. Datasets can be requested by visiting: https://comunda.isi.edu/
Support: CLASSNET is supported by NSF/CISE as an NSF CRI-8115780 grant. CLASSNET is a joint effort of USC/ISI and Merit Network, Inc. See also: Community Labeling and Sharing of Security and Networking Test datasets (CLASSNET)
Publications:
Labeling Network Telescope Data: Challenges and New Directions
By Michalis Kallitsis, DINR 2023. Presentation slides
Detecting and Interpreting Changes in Scanning Behavior in Large Network Telescopes
By Michalis Kallitsis, Rupesh Prajapati, Vasant Honavar, Dinghao Wu, John Yen, IEEE Transactions on Information Forensics and Security, October 2022.
AMON-SENSS: Scalable and Accurate Detection of Volumetric DDoS Attacks at ISPs
By Rajat Tandon, Pithayuth Charnsethikul, Michalis Kallitsis, Jelena Mirkovic, GLOBECOM 2022-2022 IEEE Global Communications Conference.
Collecting, Labeling, and Using Networking Data: the Intersection of AI and Networking
By John Heidemann, Jelena Mirkovic, Wes Hardaker and Michalis Kallitsis, NSF Workshop on AI for Networking, Virtual Event, Oct. 2021
Virtual Private Networks, or VPNs, are an important and integral part of the security and privacy practices of tens of millions of Americans, and of activists, journalists, and NGOs around the world that protect U.S. interests and help to carry out U.S. foreign policy. Despite the fact that the VPN ecosystem has expanded into a multi-billion dollar industry, there are many aspects of VPN security and privacy in practice that remain severely understudied and unvetted. How well does a VPN protect users against an attacker who can make educated guesses about what traffic is hidden behind the VPN? How feasible is it to hide VPN traffic so that it is not blocked? Do VPNs meet users’ privacy and security expectations? How often do VPN providers follow security and privacy best practices? What are the other security and privacy best practices that should be put in place? This project is answering these questions through technical assessments, carefully designed measurements, and detailed quantitative and qualitative research.
Virtual Private Networks, or VPNs, effectively form an encrypted tunnel to protect user traffic. This project aims to develop both intellectual understanding and technical and practical solutions for VPN security and privacy through four concurrent efforts: (1) building methods to ethically measure what is contained in users’ metadata and unencrypted data that needs protection; (2) analyzing how the layers of a tunnel technology interact in vulnerable ways, akin to the much better-studied theoretical limitations of network intrusion detection systems; (3) mapping out the evolving tunneling ecosystem by automating methodical exploration of different tunneling tools; (4) using quantitative and qualitative research to understand the stakeholders’ (users, providers, recommenders) needs to find the best ways to facilitate desired outcomes. These efforts combined will improve the security and privacy of tunnel technologies in all layers of the OSI network stack, from physical, link, and routing all the way through application into the human layer.
Support: This project is supported under NSF award CNS-2141512. It’s a joint collaboration between the University of Michigan, Arizona State University, and Merit Network.
Publications:
OpenVPN is Open to VPN Fingerprinting
By Diwen Xue, Reethika Ramesh, and Arham Jain, Michalis Kallitsis, J. Alex Halderman, Jedidiah R. Crandall, Roya Ensafi. 31st USENIX Security Symposium (USENIX Security 22). Distinguished Paper Award Winner and First Prize Winner of the 2022 Internet Defense Prize.
Internet Freedom in the Network’s Core
Without a fundamental advance in censorship circumvention technology, censored users worldwide face a future of steadily diminishing Internet freedom. Today’s major circumvention tools are all becoming less and less effective, because they all share a fundamental weakness of design—in one way or another, they all try to connect censored users with uncensored proxy servers. Tool providers, trying to help censored users find and use these proxy servers before sovereign censors can find and block them, are locked in a losing game of cat and mouse, as censors deploy increasingly sophisticated censorship functionality into the core of their national networks. Evidence of censors’ growing advantage is everywhere: New Tor bridges in China now last less than 48 hours, and in Iran, the regime recently created nation-wide VPN outages ahead of its national elections. The potent new censorship tools that drive these developments are proliferating to a growing list of censoring regimes. New technology capable of disrupting this trend would have a transformative global impact, unlocking the human right to seek, receive,and impart information, and the Internet’s potential to deliver responsive governance and broad economic opportunity for people in need around the world.
Decoy routing can meet this need: it is a scalable and sustainable next-generation approach that offers a fundamental advance over today’s Internet freedom tools. Rather than trying to hide individual proxies from censors, decoy routing locates proxy functionality in the core of the network. This makes censorship much more costly, because it is no longer possible to selectively block servers used to provide Internet freedom. Instead, whole networks outside the censored country provide Internet freedom to users—and any data exchange between a censoring country and a participating friendly network can become a conduit for the free flow of information.
Decoy routing can give censored users the upper hand in the global struggle for Internet freedom—but it will only reach those users if we address the critical gaps identified in this proposal. We have shown that decoy routing works in the lab. This project will prepare decoy routing for real-world deployment.
For up-to-date project status and research contributions, please visit the Refraction Networking portal at https://refraction.network/
Coalition members: University of Michigan, University of Illinois, Raytheon BBN Technologies, Merit Network, Open Internet Tools Project, Robinson + Yu
Advancing the security of Internet-connected devices and networks entails the detection and understanding of changes in adversarial behavior in real time. Hence, there is a need to develop methodologies and deploy infrastructure that can automatically diagnose macroscopic trends in Internet activity and provide to researchers and security analysts visibility into botnet infections, denial of service attacks, network outages, and malware campaigns.
Network telescopes–networking instrumentation that collects and records unsolicited Internet traffic destined to a routed but unused Internet address space–are one avenue for detecting shifts in global Internet behavior. However, while network telescopes provide a powerful perspective, they have primarily been used for retroactively understanding Internet events. This project will design and deploy new infrastructure to modernize a large academic network telescope in order to offer unique real-time insights into malicious Internet activity and other threats.
This project will introduce a new real-time data processing pipeline to parse incoming traffic and detect individual network events. It will explore emerging data science techniques to identify variations in Internet-wide trends and to produce terse, human-readable summaries of changes in Internet activity. To contextualize these events, this project will integrate external data sources into the processing pipeline including network reputation data, unique patterns of known malware and other security-focused resources (i.e., the Censys search engine). Furthermore, to boost the telescope’s usability, this work will build accessible interfaces that would enable researchers to easily ask questions about telescope-detected events.
The infrastructure will be broadly available to Computer and Information Science and Engineering researchers interested in understanding, measuring, modeling and defining Internet’s evolution. It builds on Merit Network’s decade-long experience in operating large-scale network telescopes in an ethically responsible manner. It will also leverage the expertise of researchers at Stanford University, University of California at San Diego, and Colorado State University. On the educational front, network telescope data can serve as a vehicle for inter-disciplinary training of the future workforce in areas that lie at the intersection of network security, computer systems, data science and engineering. Even at the graduate level, network telescope data analysis remains a relatively unexplored topic; this project will heighten the scientific utility of the data and will provide unique opportunities for educating students with real-world, heterogeneous network security data.
This project is funded by NSF’s Computer and Information Science and Engineering (CISE) directorate under CISE’s research infrastructure program (CRI).
Project Partners: University of Michigan, Stanford University
For over 45 years, Merit has been at the forefront of network research. Merit staff have participated in the development and research of routing standards, network protocols, network topology visualization, and network measurement tools.
Learn about the historically significant contributions of Merit’s R & D team to the networking community. Learn more here.
Digital Opportunities Compass
The Infrastructure Investment and Jobs Act (IIJA), which includes the Digital Equity Act of 2021 (DEA), establishes a broad framework and significant funding to advance broadband connectivity and digital equity. The law recognizes key factors and populations to address when striving for digital equity. To fully realize the full benefits of digital technology for individuals, communities, and society at large additional insights are needed. The Digital Opportunities Compass is an holistic framework for broadband and digital equity planning, implementation and evaluation.
INTERESTED IN FUNDING OUR RESEARCH?
The Michigan Moonshot continually seeks funding from public, private and philanthropic sources to further data collection efforts, the development of integrated mapping tools and societal impact studies. Contact [email protected] to learn more.