UCSD Jacobs School of Engineering University of California San Diego
Pulse Subscribe | Archive | Survey
Combating Threats in Cyberspaces

A new worm can become a massive outbreak in minutes-or even seconds. Infection is spread via contact, and the Internet allows a host infected in one place to rapidly contact any other system on the planet.Those are just two of the looming threats to Internet security that Jacobs School researchers are tackling, and they are doing so in the context of two new research centers.

Defending against viruses, worms and other attacks in cyberspace is the primary mandate of the federally-funded Center for Internet Epidemiology and Defenses (CIED), launched in September. The announcement came just two months after UCSD established the Center for Networked Systems (CNS), an academic-industry partnership in networking and computing systems technologies.

The lead investigators of the centers-CIED project director Stefan Savage and CNS director Andrew Chien-are both professors in the school's Computer Science and Engineering (CSE) department." It is a testament to the quality of our faculty that Andrew Chien and Stefan Savage were able to lead these farsighted projects and get them funded," says CSE chair Mohan Paturi."These centers will enable the Jacobs School to consolidate and expand its leading position in a field that is not only of great interest to computer scientists-but of vital interest to Internet users everywhere as well."

The National Science Foundation is funding CIED with $6.2 million over five years from its new Cyber Trust program.Researchers at UCSD and the UC Berkeley-affiliated International Computer Science Institute (ICSI) will develop technologies to detect, analyze and defend against large-scale Internet attacks."The very openness and efficiency that drove the Internet's success also make it an ideal breeding ground for infectious network agents," says Savage."The speed of some Internet pathogens is so great that only fully automated defenses can even hope to keep up. Building such defenses is our ultimate goal."

A network telescope is a portion of routed IP address space in which little or no legitimate traffic exists. Monitoring unexpected traffic arriving at a network telescope permits measurement of both pandemic (spread of an Internet worm) and endemic incidents (denialof- service attacks).
CIED's research will revolve around measuring and analyzing live Internet epidemics and then using the insights gained to develop ever more robust defense mechanisms.To enhance the visibility of pathogens propagating across the global Internet, CIED will concentrate in its first year on construction of large-scale monitoring instruments-"network telescopes" and network honeyfarms"-to provide early warning of incipient outbreaks.The instruments will also allow them to measure the dynamics of epidemics as they spread, and to collect forensic data about the modes and methods of attackers.

CSE professors Geoff Voelker and George Varghese are co-PIs the Internet epidemiology project.They will work closely with researchers at the Cooperative Association for Internet Data and Analysis (CAIDA), a group based at the San Diego Supercomputer Center (SDSC).

CIED is one of two centers created in the inaugural round funding from NSF's $30 million Cyber Trust program.They were chosen from 25 proposals submitted by leading U.S. research institutions. A second center based at Carnegie Mellon University will focus on deeper understanding of the Internet's ‘ecology' in order to build better security defenses.

Spread of the Witty Worm, March 19, 2004

In addition to NSF funding, CIED will also receive support from Microsoft, Intel and Hewlett-Packard, as well as from UCSD's new Center for Networked Systems.