Advancing the security of Internet-connected devices and networks entails the detection and understanding of changes in adversarial behavior in real time. Hence, there is a need to develop methodologies and deploy infrastructure that can automatically diagnose macroscopic trends in Internet activity and provide to researchers and security analysts visibility into botnet infections, denial of service attacks, network outages, and malware campaigns.
Network telescopes–networking instrumentation that collects and records unsolicited Internet traffic destined to a routed but unused Internet address space–are one avenue for detecting shifts in global Internet behavior. However, while network telescopes provide a powerful perspective, they have primarily been used for retroactively understanding Internet events. This project will design and deploy new infrastructure to modernize a large academic network telescope in order to offer unique real-time insights into malicious Internet activity and other threats.
This project will introduce a new real-time data processing pipeline to parse incoming traffic and detect individual network events. It will explore emerging data science techniques to identify variations in Internet-wide trends and to produce terse, human-readable summaries of changes in Internet activity. To contextualize these events, this project will integrate external data sources into the processing pipeline including network reputation data, unique patterns of known malware and other security-focused resources (i.e., the Censys search engine). Furthermore, to boost the telescope’s usability, this work will build accessible interfaces that would enable researchers to easily ask questions about telescope-detected events.
The infrastructure will be broadly available to Computer and Information Science and Engineering researchers interested in understanding, measuring, modeling and defining Internet’s evolution. It builds on Merit Network’s decade-long experience in operating large-scale network telescopes in an ethically responsible manner. It will also leverage the expertise of researchers at Stanford University, University of California at San Diego, and Colorado State University. On the educational front, network telescope data can serve as a vehicle for inter-disciplinary training of the future workforce in areas that lie at the intersection of network security, computer systems, data science and engineering. Even at the graduate level, network telescope data analysis remains a relatively unexplored topic; this project will heighten the scientific utility of the data and will provide unique opportunities for educating students with real-world, heterogeneous network security data.
This project is funded by NSF’s Computer and Information Science and Engineering (CISE) directorate under CISE’s research infrastructure program (CRI).
Project Partners: University of Michigan, Stanford University