For over 50 years, Merit has been at the forefront of network research. Merit staff have participated in the development and research of routing standards, network protocols, network topology visualization, and network measurement tools.
From 1987 until April 1995, Merit managed and re-engineered the NSFNET Backbone Service project in partnership with the National Science Foundation, ANS, IBM, MCI, and the State of Michigan.
Part of NSF’s ongoing high-speed computing and communications infrastructure initiatives, the NSFNET program from its inception was the foundation of the U.S. Internet and the main catalyst for the explosion in computer networking around the world that followed. The NSFNET backbone service, the basis of the larger NSFNET program, linked scientists and educators located on university campuses in the United States to each other and to their counterparts located in universities, laboratories, and research centers all over the world.The partnership of academia, industry, and government that built the NSFNET backbone service also pioneered a model of technology transfer. From 217 networks connected in July of 1988 to more than 50,000 in April of 1995 when the NSFNET backbone service was retired, the NSFNET’s exponential growth stimulated the expansion of the worldwide Internet and provided a dynamic environment for the development of new communications technologies.
As we continue to address the challenge of national and global information infrastructure—the next generation of communications infrastructure—we are fortunate to be guided by the example set by the NSFNET in its successful partnership for high-speed networking.
- New maintainers registered within 24 hours of submission
- Mirrors the data of more than 30 other IRR databases
- By filtering unauthorized announcements, your organization can prevent route hijacking and denial of service.
- In addition to declaring your chosen network policy you can now obtain valuable information about the health of your network assets by maintaining accurate information in Merit RADb.
- Subscribers can get alerts when inconsistencies or objects appear on blacklists.
The pioneering Internet Performance Measurement and Analysis (IPMA) project, a joint effort of the U-M Department of Electrical Engineering and Computer Science and Merit Network, helped lay the foundation for data collection and statistical analysis in the Internet. The three-year project was launched by a a $1.6 million award from the National Science Foundation, following NSF’s recommendation that Merit pursue statistical research and tool development separately from the Routing Arbiter activity.
The IPMA project focused on two primary areas of Internet statistics: routing stability, topology, and visualization; and ISP performance measurements. The overall goal of the project was to develop tools and perform statistical research that promote the stability and rational growth of the Internet.The IPMA tools were easily configurable, so that users could quickly generate exactly the kinds of network performance data they need. The IPMA project worked closely with the Cooperative Association for Internet Data Analysis (CAIDA) and the National Laboratory for Applied Network Research (NLANR) to create a shared measurement infrastructure for the U.S. Internet. Hewlett-Packard and Intel Corporation also funded portions of the project.
One of the major outcomes of the project was a study of the backbone routing information at the major U.S. public Internet exchange points. IPMA staff discovered several unexpected trends in routing instability, and examined a number of anomalies and pathologies observed in the exchange of inter-domain routing information. The researchers showed that the volume of routing updates was several orders of magnitude more than expected, and the majority of this routing information was shown to be erroneous. Furthermore, the analysis revealed several unexpected trends and ill-behaved systematic properties in Internet routing.
From 1994 to 2010, Merit Network coordinated and managed the activities of the North American Network Operators’ Group. NANOG evolved from the “Regional-Techs” meetings that were part of the Merit-led NSFNET project, at which technical staff from the regional networks met to discuss operational issues of common concern with Merit’s network engineering staff. At the February 1994 Regional-Techs meeting in San Diego, the group revised its charter to include a broader base of network service providers, and subsequently adopted NANOG as its new name.
The U.S. networking infrastructure underwent rapid dramatic change after the retirement of the NSFNET Backbone Service in April 1995. The nation’s research and education community, once linked by a single, high-speed backbone funded by the National Science Foundation, was now interconnected via a diverse set of commercial network service providers. The Internet, once accessed mainly by scientists and researchers at colleges, government organizations, and corporate research facilities, became an everyday part of life for millions of Americans, and a dominant force in the American economy.
The new NSFNET network architecture was detailed in the National Science Foundation’s follow-on solicitation, released in 1993: Network Access Point Manager, Routing Arbiter, Regional Network Providers, and Very High Speed Backbone Network Services Provider for NSFNET and the NREN Program. Early in 1994, awards for building the new architecture were given to Merit and the University of Southern California Information Sciences Institute for the Routing Arbiter, to MCI for the vBNS, and to three providers for the Network Access Points: Sprint, MFS Datanet, and Bellcore, representing Ameritech and PacBell.The new infrastructure was composed of multiple backbones serving hundreds of Internet Service Providers across the U.S. The routing environment was complex and changed rapidly, requiring innovative technologies that can be quickly modified to adapt to new conditions. Merit and ISI were charged by the National Science Foundation with the task of facilitating and enhancing routing information exchange worldwide. The Routing Arbiter’s major products — the Route Servers and the Routing Arbiter Database — were designed for the new environment and served a steadily increasing number of providers and network operators.
Route Server Next Generation (RSNG) Project
In January 1997, following NSF’s recommendation that Route Server services be shifted to the commercial marketplace, Merit launched the new Route Server Next Generation (RSNG) project, which made it possible for exchange point operators to purchase Route Server services from Merit in support of customer peering. NSF suggested the move to commercialization in August 1996 after its 24-month review of the RA project, noting the importance of the Routing Arbiter in the smooth transition from the NSFNET to the competive Internet market.
Internet Performance Measurement and Analysis Project
Following NSF’s recommendation that statistical research and tool development be pursued separately from the Routing Arbiter activity, a proposal was submitted to NSF for support for a new Internet Performance Measurement and Analysis project. In fall 1997, Merit received a $1.6 million award from the National Science Foundation in support of the project, a joint effort between Merit and the Department of Electrical Engineering and Computer Science at the University of Michigan’s College of Engineering.
North American Network Operators Group
NANOG, the North American Network Operators Group, was supported by NSF during both the NSFNET project and the early years of the Routing Arbiter project. NANOG is now funded independently through attendee registration fees.
Launched in 1997, Merit’s “Route Server Next Generation” (RSng) project (1997-2003) was one of the successful follow-on projects to the NSFNET backbone service. This commercial venture provided for continued operation of the Route Servers, which were developed as part of the NSF-funded Routing Arbiter project.
Installed in pairs at each of the Network Access Points (NAPs, now known as Internet Exchange Points), the Route Servers were centralized computers that coordinated routing at the NAPs. The Route Servers freed up significant amounts of processing time for ISP routers at the exchanges, providing a considerable boost in throughput for each peer router. The Route Servers were configured using routing policy definitions from the Internet Routing Registry.Route Server operations at the Network Access Points were supported by the National Science Foundation until January 1, 1997. NSF made the decision to commercialize Route Server and Network Access Point operations following the 24-month review of the Routing Arbiter and the four NAP projects in July 1996. NSF noted that all these projects had completed their basic missions ahead of schedule, and stated that the Routing Arbiter and the NAPs “have now proven that multiple network providers can work together in a competitive marketplace, and so can be scheduled for transition to commercial operations themselves.”
Exploring the Possibilities of Future Internets
The Global Environment for Network Innovations (GENI) is a unique virtual laboratory for at-scale networking experimentation. Merit Network’s infrastructure is part of the GENI framework, which enables network researchers to experiment and create new Internets.
The GENI Project will:
• Support at-scale experimentation on shared, heterogeneous, highly instrumented infrastructure;
• Enable deep programmability throughout the network, promoting innovations in network science, security, technologies, services and applications; and
• Provide collaborative and exploratory environments for academia, industry and the public to catalyze groundbreaking discoveries and innovation.
For more information, please see the GENI web site.
Enhancing Education in Michigan
MI Streamnet delivers streaming video to educators in Michigan, and increasingly, across the country. The project was initiated as a means to provide live and on-demand video resources to educators and the public: professional development programming, curriculum content, and coverage of other educationally related government events such as State Board Meetings.
The MI Streamnet project is administrated by the REMC Association of Michigan. REMC centers around Michigan participate by relaying streamed programs to the areas they serve, and some REMC’s originate content as well.
Wayne County Regional Educational Service Agency (RESA), is a member of the statewide REMC organization, and the fiscal agent for REMC MI Streamnet. Local project administration, including web design, server support, and project management, is performed by Wayne RESA Instructional Media and Technology Services staff.
Merit Network hosts the primary and auxiliary relay servers for MI Streamnet, which are connected directly to Merit’s backbone network.
The Michigan Department of Education provides funding and a great deal of content for MI Streamnet.
For more information, please visit the MI Streamnet web site.
Pushing the Boundaries of Ultra-Fast Broadband Networks
US Ignite is an initiative to develop next-generation Internet applications and services for use on virtualized, high-speed broadband networks. Merit Network’s high-speed network is among the networks that compose the infrastructure for the research initiative.
The primary goal of the US Ignite Partnership is to catalyze approximately 60 advanced, next-gen applications in six areas of national priority: education and workforce development, advanced manufacturing, health IT, transportation, public safety, and clean energy. Responsibilities of the Partnership will include connecting, convening, and supporting startups, local and state government, universities, industry leaders, federal agencies, foundations, and community and carrier initiatives in conceptualizing and building new applications. The resulting new applications should have a significant impact on the US economy, including providing a broad range of job and investment opportunities.
The advanced technologies that will power the US Ignite initiative have been developed through the National Science Foundation’s GENI (Global Environment for Network Innovation) program. and by US Ignite’s commercial partners. Flexibility is provided through the use of Software-Defined Networking, which enables greater customization and dynamic resource allocation over networks. Speed is provided by symmetric ultra-fast connections. And “GENI Racks” power the low-latency, programmable local cloud capabilities available to US Ignite applications.
For more information, please see the US Ignite web site.
Trusted Cyber Risk Research Data Sharing
The Information Marketplace for Policy and Analysis of Cyber-risk & Trust (IMPACT) program supports the global cyber risk research community by coordinating and developing real world data and information sharing capabilities (tools, models, and methodologies). In order to accelerate solutions around cyber risk issues and infrastructure security the IMPACT program enables empirical data and information sharing between and among the global cyber security research & development community in academia, industry and the government.
In 2016, PREDICT transitions to IMPACT: Information Marketplace for Policy and Analysis of Cyber-risk & Trust, a name meant to reflect an evolved implementation of the program’s goals:
- Marketplace – A more open platform to connect and socialize data supply & demand;
- Policy and Analysis – Research infrastructure and analysis driven by and for real world issues; and
- Cyber-risk & Trust – Beyond just “defense” and “threats”, Information as a critical infrastructure itself; responsible innovation
IMPACT offers a unique, distributed research data repository supported by a streamlined legal framework and centralized coordination of a controlled distribution of datasets. This centralized brokering and distributed provisioning between the data providers, data hosts and researchers addresses the operational, trust and administrative costs and challenges that impede sustainable and scalable data sharing. IMPACT continually adds new data that is responsive to cyber risk management (e.g., attacks and measurements) so the R&D community has timely and high value information to enhance research innovation and quality. The IMPACT model also serves as a laboratory for testing various data sharing models whether it be traditional batch transfers or newer data-as-a-service (DaaS) and visualization techniques, for example.
IMPACT consists of four components supporting core functional requirements for data sharing: metadata discovery, data and tool matchmaking, trusted brokering, and a social feedback loop.
This project requires the approval of an Institutional Review Board (IRB) application by the University of Michigan’s Health Sciences and Behavioral Sciences Institutional Review Board (IRB-HSBS). The currently approved IRB can be found here. This IRB has been the collective effort of all present and past project PIs, including Prof. Farnam Jahanian, Prof. Michael Bailey, Dr. Joe Adams and Dr. Michael Kallitsis.
Recent Publications:
- by Michael Kallitsis, Stilian Stoev, Shrijita Bhattacharya, George Michailidis, Merit Technical Report (Merit-TR-2016-01), March 2016.
Leveraging Internet Background Radiation for Opportunistic Network Analysis
- By K. Benson, A. Dainotti, K. Claffy, A. Snoeren, and M. Kallitsis, Internet Measurement Conference (IMC), October 2015.
Taming the 800 Pound Gorilla: The Rise and Decline of NTP DDoS Attacks
- By Jakub Czyz, University of Michigan; Michael Kallitsis and Manish Karir, Merit Network, Inc.; Manaf Gharaibeh and Christos Papadopoulos, Colorado State University; Michael Bailey University of Michigan and University of Illinois. Published in IMC ’14 Proceedings of the 2014 Conference on Internet Measurement Conference, November 2014.
Estimating Internet Address Space Usage through Passive Measurements
- By Alberto Dainotti, Karyn Benson, Alistair King, Michael Kallitsis, Eduard Glatz, Xenofontas Dimitropoulos. Published in ACM SIGCOMM Computer Communication Review, December 31, 2013.
Understanding IPv6 Internet Background Radiation
- By Jakub Czyz, Kyle Lady, Sam Miller, Michael Bailey, Michael Kallitsis, and Manish Karir. In Proceedings of the 13th ACM SIGCOMM Conference on Internet Measurement (IMC ’13), Barcelona, Spain, October 2013.
Integrated Smart Grid Analytics for Anomaly Detection
The overarching objective of the modernized electric grid, the smart grid, is to integrate two-way communication technologies across power generation, transmission and distribution to deliver electricity efficiently, securely and cost- effectively. However, real-time messaging exposes the entire grid to security threats ranging from attacks that disable information exchange between smart meters and data fusion centers to spurious payload content that would lead to incorrect assessment of actual demand. Such nefarious activities can compromise grid stability and efficiency. Hence, it is important to ensure secure communications and quickly detect malicious activity; this project aims for accurate and quick detection of false data injection attacks in smart grids.
The main goal of this project is the quick detection of malicious activities that can compromise critical infrastructure, such as the smart power grid. Our methodology to deal with the threat of false data injection attacks is based on correlative monitoring in both home-area networks and also the wide-area setting. For example, in a home-area setting we envision a measurement-based situation awareness framework that can combine evidence from sensors deployed in the house, and aim to infer anomalies that signify a coordinated, well-orchestrated attack on residential smart meters at increasing spatial scales. By leveraging multi-view sensor readings such as temperature, motion, power utilization at individual home circuits, etc., our correlative monitoring approach can quickly detect when power shifts to anomalous regimes.
This project also includes a transition-to-practice component. The main effort there will be to engineer a proof-of-concept implementation of a system for home-area health monitoring and detection of bad data attacks. In particular, we are working on deploying our algorithms to inexpensive computing nodes (such as Raspberry Pi’s) that use off-the-shelf sensors to realize our correlative-based identification mechanism. In partnership with NextEnergy, we plan to evaluate our methods in their NextHome environment. We are also working with University of Michigan Utilities and Plant Engineering for access on real-world power data in various spatio-temporal scales. We envision a cloud-based secure environment that one can utilize to study smart-grid wide-area operations in a realistic manner.
This project is funded by the National Science Foundation (NSF) under the Secure and Trustworthy Cyberspace (SaTC) program.
Recent Publications:
Adaptive Statistical Detection of False Data Injection Attacks in Smart Grids
• M. G. Kallitsis, S. Bhattacharya, S. A. Stoev, and G. Michailidis, published at the 2016 IEEE Global Conference on Signal and Information Processing, Washington, DC, December 2016
Correlative Monitoring for Detection of False Data Injection Attacks in Smart Grids (presentation)
• Michael Kallitsis, George Michailidis and Samir Tout, to appear in IEEE SmartGridComm 2015, Miami, Florida, November 2015.
A Toolset for Home-area Network Monitoring (Github repo.)
• Adrian Padin, Yeabsera Kebede, Max Morgan, Davis Vorva, Michael Kallitsis.
Project Partners: University of Michigan, University of Florida, Eastern Michigan University, NextEnergy
The project is motivated by the need to develop advanced network monitoring tools coupled with automated statistical methods for the quick detection of Internet traffic anomalies due to ongoing attacks or impending cybersecurity threats. Emphasis is placed on detecting cybersecurity threats such as highly distributed malware infections, which can launch coordinated and crippling distributed denial of service attacks on the nation’s Internet infrastructure. This will be achieved through a study of the so-called darknet traffic data. Malicious actors in the network systematically probe the Internet space for vulnerable or misconfigured devices. In doing so, they automatically send data to the entire Internet address space, which includes the space of unused Internet addresses. This destined-to-nowhere traffic is indicative of malware infection attempts or stealthy vulnerability scanning. The investigators aim to develop and deploy specialized tools that allow cyber-security analysts to efficiently analyze darknet traffic data. The research involves a team of computer engineers and statisticians, who will work closely together to implement a prototype system for detecting as well as mapping and identifying world-wide malicious activity in the Internet. The project will create and communicate to the public a set of simple-to-interpret risk indices that summarize the current darknet threat activity. This effort will potentially enable the prevention and mitigation of cybersecurity network traffic threats.
Understanding Internet threats, which continue to evolve due to the dynamic nature of Internet actors and the rapid expansion of the Internet of Things ecosystem, requires adequate data at fine-grained spatial and temporal scales. The project team has access to unique cyber-security data collected at Merit Network, Inc. that capture Internet-wide activity including network scanning, malware propagation, denial of service attacks, and network outages. This data consists of unsolicited Internet traffic destined to a routed but unused Internet address space, referred to as a darknet. This project will develop algorithmic and software infrastructure to collect and organize darknet data into high-dimensional, multivariate data streams, and will study statistical methods based on (i) extremal dependence, (ii) change-point detection, and/or (iii) high-dimensional sparse signal detection and recovery to inform the construction of Internet threat indices that quantify the risk of malicious scanning, degree of network vulnerability, risk of denial of service attacks, etc. Statistics of extremes in high-dimensional setting is a challenging problem since it requires the modeling/estimation of an infinite-dimensional parameter—the spectral measure. Using multivariate regular variation, this project will study novel hyper-graphical models that quantify and provide interpretable abstractions for the simultaneous occurrence of extremes in high-dimensions. Using limit theory for maxima of dependent variables, the project team will address open theoretical problems on the characterization of extremal dependence hyper-graphs and sparse signal detection in high-dimension. This analysis will lead to the development of novel threat indices that exhibit spatial dependence that will be analyzed with fast, scalable change-point detection algorithms. The new change-point methodology is designed to achieve large computational gains vis-a-vis standard approaches without compromising statistical accuracy and would be a significant contribution to the analysis of large data streams.
This award reflects NSF’s statutory mission and has been deemed worthy of support through evaluation using the Foundation’s intellectual merit and broader impacts review criteria.
This project is funded by NSF’s Advanced Threat Detection program under the division of Mathematical Sciences.
Project Partners: University of Michigan, University of Florida
Data cyberattacks present one of the most critical threats to the security of the nation’s critical infrastructures and the safety of our citizens. Adversaries frequently target intellectual properties and financial assets of U.S. corporations through cyberattacks. The rapidly increasing adoption of mobile and Internet-of-Things (IoT) devices and their global usage further expands the “attack surface” for nefarious actors. The quick identification of the origins and intents of cyberattacks is required to defend critical services and infrastructure.
Finding efficient methods for characterizing malware behaviors will increase the success of existing cybersecurity efforts employed by DHS such as advanced situation awareness and monitoring, related to fortifying and protecting critical infrastructures. This research will develop a scalable machine learning framework for categorizing malicious behaviors, such as network scanning and randomly-spoofed denial-of-service attacks, observed in a large network telescope (darknet).
The key objectives of the project include:
- Develop and evaluate a framework for clustering network telescope data
- Assess the usability and the functionality of the developed framework in characterizing malware behaviors with experienced cyber-infrastructure professionals testing and evaluating the effectiveness of the deployed techniques
This research seeks to distill meaningful information from unstructured, large-scale darknet data to discover macroscopic (i.e., internet-wide) malicious activities. The long term goal of the project is to support the cybersecurity mission of DHS through an improved characterization of malware families to enable security analysts to track new threats in a real-time manner.
This project is funded by the DHS CAOE program.
Project Partners: Pennsylvania State University