seal  Purdue News
____

October 24, 2003

Universities to test new methods to thwart cyber attacks

WEST LAFAYETTE, Ind. - Purdue University will work with five other institutions in a two-pronged, $10.8 million effort to create a national system that will enable researchers to test and perfect new concepts for defending against Internet threats such as worms, viruses and "denial-of-service attacks."

The work is funded by the National Science Foundation in collaboration with the U.S. Department of Homeland Security.

Two project teams will create the system. One team will develop and set up the hardware "testbed," and the other team will create the software and testing methods for the system.

"If you want to test anything to do with network security you really cannot use the Internet because to test effectively you need to first generate attacks, which is dangerous," said Catherine Rosenberg, a professor in Purdue's School of Electrical and Computer Engineering. "You are not going to generate attacks on a commercial network, so you create a quarantined large-scale testbed that mimics the Internet."

Purdue researchers in engineering and in computer science are included on the team that will develop software and methods for testing new concepts for thwarting Internet attacks, Rosenberg said. That team, led by the University of California, Davis, and Pennsylvania State University, is called Evaluation Methods for Internet Security Technology, or EMIST. The other members of the team are researchers from Purdue and the International Computer Science Institute, which is affiliated with the University of California, Berkeley.

The other team, led by UC Berkeley, will include researchers from the University of Southern California's Information Sciences Institute. That project, called the Cyber Defense Technology Experimental Research network, or DETER, will focus on developing the hardware testbed for the system.

The team led by UC Davis and Penn State is receiving $5.34 million, and the other team is receiving $5.46 million, both over three years.

Purdue will receive $819,000 of the project's $5.34 million. Rosenberg will lead the Purdue portion of the project with Carla Brodley, an associate professor of electrical and computer engineering, and Sonia Fahmy, an assistant professor of computer science.

The system will be needed to test and evaluate safeguards against worms, viruses and distributed denial-of-service attacks, in which a server is inundated with so many requests that it cannot function.

"These-denial-of service attacks are distributed, meaning instead of hackers attacking from their own computers, which would allow them to be traced, they plant programs all over the Internet and these programs launch an attack at the same time," Rosenberg said.

The new system will be made up of about 1,000 computers, making it large enough to mimic the Internet.

"We will use the system to test other people's ideas for how to thwart attacks," Rosenberg said.

Computer networks and the Internet are increasingly at risk of disruption by attacks, said Karl Levitt, a professor of computer science at UC Davis.

One area of research is to go beyond using "firewalls" to build active defense systems that communicate with each other and can alert nearby computers when they come under attack.

The project comes at a time when serious attacks on the Internet have become more common. Researchers at the San Diego Supercomputer Center at UC San Diego recorded more than 12,000 denial-of-service attacks against 5,000 distinct targets, ranging from high profile e-commerce sites to small Internet service providers, during a three-week period in 2001. More recent studies by the center's researchers found that in the past two years, the number of denial-of-service attacks has increased tenfold.

Many destructive codes can cause significant disruption for businesses that rely upon a smoothly operating network. The Slammer/Sapphire worm, which broke speed records in January 2003 by infecting more than 75,000 hosts around the world within 10 minutes, led to ATM failures, network outages and disrupted airline reservations.

The researchers involved in the new system will develop accurate ways to measure the effectiveness of new cyber-security concepts and hold annual workshops to report on their progress.

At the same time, the research will involve graduate students and provide new course materials to train future experts in the field of Internet security.

Writers: Emil Venere, (765) 494-4709, venere@purdue.edu

Andy Fell, (530) 752-4533, ahfell@ucdavis.edu

Sarah Yang, (510) 643-7741, scy@pa.urel.berkeley.edu

Source: Catherine Rosenberg, (765) 494-0034, cath@ecn.purdue.edu

Purdue News Service: (765) 494-2096; purduenews@purdue.edu

Related Web sites:
Purdue University Home Page:
ICSI

Note to Journalists: Related news releases can be accessed online at http://www.news.ucdavis.edu/ and http://www.berkeley.edu/news/media/releases/2003/10/15_testbed.shtml.


* To the Purdue News and Photos Page