Merit Network was founded by research faculty, and research remains the wellspring of innovation today. Our statewide network is an ideal laboratory and test bed for new Internet technologies and services.
“A myth once believed by some is that after a network is installed and working, it requires no further development. In reality, network technology like computers, continues to evolve. Merit has always been committed to pushing the networking state-of-the-art.”
Merit’s First President
From 1987 until April 1995, Merit managed and re-engineered the NSFNET Backbone Service project in partnership with the National Science Foundation, ANS, IBM, MCI, and the State of Michigan. The NSFNET led directly to the growth of the commercial Internet.
Merit’s Research and Development (Merit R & D) team collaborates with researchers in academia and industry within Michigan and nationwide. Led by Bob Stovall, Merit’s R & D program aims at performing ground-breaking research that would benefit Merit’s Members, Michigan and the society. The group currently focuses on Internet measurements that provide insights into the evolution of the Internet and the adoption of new protocols, on network security, and on the development of tools that can help network operators better monitor and secure their networks.
Some of the historically significant contributions of Merit’s R & D to the networking community include (i) the development and deployment of the world’s largest public registry of Internet data, Merit RADb, (ii) the leadership role in the GateD Consortium that provided a platform for designing and testing new network routing protocols, and (iii) the pioneering work of distributed dial-in and AAA mechanisms. Other notable past research projects include the Internet Performance Measurement and Analysis (IPMA) project that helped lay the foundation for Internet data collection and statistical analysis (in collaboration with the Cooperative Association for Internet Data Analysis (CAIDA) and the National Laboratory for Applied Network Research (NLANR), the Flamingo visualization tools, and the BGPTables Web-based toolset for analysis of routing data.
Merit is Currently Assisting with the Following National Research Projects:
Internet Freedom in the Network’s Core
Without a fundamental advance in censorship circumvention technology, censored users worldwide face a future of steadily diminishing Internet freedom. Today’s major circumvention tools are all becoming less and less effective, because they all share a fundamental weakness of design—in one way or another, they all try to connect censored users with uncensored proxy servers. Tool providers, trying to help censored users find and use these proxy servers before sovereign censors can find and block them, are locked in a losing game of cat and mouse, as censors deploy increasingly sophisticated censorship functionality into the core of their national networks. Evidence of censors’ growing advantage is everywhere: New Tor bridges in China now last less than 48 hours, and in Iran, the regime recently created nation-wide VPN outages ahead of its national elections. The potent new censorship tools that drive these developments are proliferating to a growing list of censoring regimes. New technology capable of disrupting this trend would have a transformative global impact, unlocking the human right to seek, receive,and impart information, and the Internet’s potential to deliver responsive governance and broad economic opportunity for people in need around the world.
Decoy routing can meet this need: it is a scalable and sustainable next-generation approach that offers a fundamental advance over today’s Internet freedom tools. Rather than trying to hide individual proxies from censors, decoy routing locates proxy functionality in the core of the network. This makes censorship much more costly, because it is no longer possible to selectively block servers used to provide Internet freedom. Instead, whole networks outside the censored country provide Internet freedom to users—and any data exchange between a censoring country and a participating friendly network can become a conduit for the free flow of information.
Decoy routing can give censored users the upper hand in the global struggle for Internet freedom—but it will only reach those users if we address the critical gaps identified in this proposal. We have shown that decoy routing works in the lab. This project will prepare decoy routing for real-world deployment.
For up-to-date project status and research contributions, please visit the Refraction Networking portal at https://refraction.network/
Coalition members: University of Michigan, University of Illinois, Raytheon BBN Technologies, Merit Network, Open Internet Tools Project, Robinson + Yu
The project is motivated by the need to develop advanced network monitoring tools coupled with automated statistical methods for the quick detection of Internet traffic anomalies due to ongoing attacks or impending cybersecurity threats. Emphasis is placed on detecting cybersecurity threats such as highly distributed malware infections, which can launch coordinated and crippling distributed denial of service attacks on the nation’s Internet infrastructure. This will be achieved through a study of the so-called darknet traffic data. Malicious actors in the network systematically probe the Internet space for vulnerable or misconfigured devices. In doing so, they automatically send data to the entire Internet address space, which includes the space of unused Internet addresses. This destined-to-nowhere traffic is indicative of malware infection attempts or stealthy vulnerability scanning. The investigators aim to develop and deploy specialized tools that allow cyber-security analysts to efficiently analyze darknet traffic data. The research involves a team of computer engineers and statisticians, who will work closely together to implement a prototype system for detecting as well as mapping and identifying world-wide malicious activity in the Internet. The project will create and communicate to the public a set of simple-to-interpret risk indices that summarize the current darknet threat activity. This effort will potentially enable the prevention and mitigation of cybersecurity network traffic threats.
Understanding Internet threats, which continue to evolve due to the dynamic nature of Internet actors and the rapid expansion of the Internet of Things ecosystem, requires adequate data at fine-grained spatial and temporal scales. The project team has access to unique cyber-security data collected at Merit Network, Inc. that capture Internet-wide activity including network scanning, malware propagation, denial of service attacks, and network outages. This data consists of unsolicited Internet traffic destined to a routed but unused Internet address space, referred to as a darknet. This project will develop algorithmic and software infrastructure to collect and organize darknet data into high-dimensional, multivariate data streams, and will study statistical methods based on (i) extremal dependence, (ii) change-point detection, and/or (iii) high-dimensional sparse signal detection and recovery to inform the construction of Internet threat indices that quantify the risk of malicious scanning, degree of network vulnerability, risk of denial of service attacks, etc. Statistics of extremes in high-dimensional setting is a challenging problem since it requires the modeling/estimation of an infinite-dimensional parameter—the spectral measure. Using multivariate regular variation, this project will study novel hyper-graphical models that quantify and provide interpretable abstractions for the simultaneous occurrence of extremes in high-dimensions. Using limit theory for maxima of dependent variables, the project team will address open theoretical problems on the characterization of extremal dependence hyper-graphs and sparse signal detection in high-dimension. This analysis will lead to the development of novel threat indices that exhibit spatial dependence that will be analyzed with fast, scalable change-point detection algorithms. The new change-point methodology is designed to achieve large computational gains vis-a-vis standard approaches without compromising statistical accuracy and would be a significant contribution to the analysis of large data streams.
This award reflects NSF’s statutory mission and has been deemed worthy of support through evaluation using the Foundation’s intellectual merit and broader impacts review criteria.
This project is funded by NSF’s Advanced Threat Detection program under the division of Mathematical Sciences.
Project Partners: University of Michigan, University of Florida
Advancing the security of Internet-connected devices and networks entails the detection and understanding of changes in adversarial behavior in real time. Hence, there is a need to develop methodologies and deploy infrastructure that can automatically diagnose macroscopic trends in Internet activity and provide to researchers and security analysts visibility into botnet infections, denial of service attacks, network outages, and malware campaigns.
Network telescopes–networking instrumentation that collects and records unsolicited Internet traffic destined to a routed but unused Internet address space–are one avenue for detecting shifts in global Internet behavior. However, while network telescopes provide a powerful perspective, they have primarily been used for retroactively understanding Internet events. This project will design and deploy new infrastructure to modernize a large academic network telescope in order to offer unique real-time insights into malicious Internet activity and other threats.
This project will introduce a new real-time data processing pipeline to parse incoming traffic and detect individual network events. It will explore emerging data science techniques to identify variations in Internet-wide trends and to produce terse, human-readable summaries of changes in Internet activity. To contextualize these events, this project will integrate external data sources into the processing pipeline including network reputation data, unique patterns of known malware and other security-focused resources (i.e., the Censys search engine). Furthermore, to boost the telescope’s usability, this work will build accessible interfaces that would enable researchers to easily ask questions about telescope-detected events.
The infrastructure will be broadly available to Computer and Information Science and Engineering researchers interested in understanding, measuring, modeling and defining Internet’s evolution. It builds on Merit Network’s decade-long experience in operating large-scale network telescopes in an ethically responsible manner. It will also leverage the expertise of researchers at Stanford University, University of California at San Diego, and Colorado State University. On the educational front, network telescope data can serve as a vehicle for inter-disciplinary training of the future workforce in areas that lie at the intersection of network security, computer systems, data science and engineering. Even at the graduate level, network telescope data analysis remains a relatively unexplored topic; this project will heighten the scientific utility of the data and will provide unique opportunities for educating students with real-world, heterogeneous network security data.
This project is funded by NSF’s Computer and Information Science and Engineering (CISE) directorate under CISE’s research infrastructure program (CRI).
Project Partners: University of Michigan, Stanford University
Data cyberattacks present one of the most critical threats to the security of the nation’s critical infrastructures and the safety of our citizens. Adversaries frequently target intellectual properties and financial assets of U.S. corporations through cyberattacks. The rapidly increasing adoption of mobile and Internet-of-Things (IoT) devices and their global usage further expands the “attack surface” for nefarious actors. The quick identification of the origins and intents of cyberattacks is required to defend critical services and infrastructure.
Finding efficient methods for characterizing malware behaviors will increase the success of existing cybersecurity efforts employed by DHS such as advanced situation awareness and monitoring, related to fortifying and protecting critical infrastructures. This research will develop a scalable machine learning framework for categorizing malicious behaviors, such as network scanning and randomly-spoofed denial-of-service attacks, observed in a large network telescope (darknet).
The key objectives of the project include:
- Develop and evaluate a framework for clustering network telescope data
- Assess the usability and the functionality of the developed framework in characterizing malware behaviors with experienced cyber-infrastructure professionals testing and evaluating the effectiveness of the deployed techniques
This research seeks to distill meaningful information from unstructured, large-scale darknet data to discover macroscopic (i.e., internet-wide) malicious activities. The long term goal of the project is to support the cybersecurity mission of DHS through an improved characterization of malware families to enable security analysts to track new threats in a real-time manner.
This project is funded by the DHS CAOE program.
Project Partners: Pennsylvania State University
For over 45 years, Merit has been at the forefront of network research. Merit staff have participated in the development and research of routing standards, network protocols, network topology visualization, and network measurement tools. View Past Research Projects