The combination of widespread software homogeneity and the Internet's unrestricted communication model creates an ideal climate for infectious, self-propagating pathogens - "worms" and "viruses" - with each new generation of outbreaks demonstrating increasing speed, virulence, and sophistication. The Center for Internet Epidemiology and Defenses aims to address twin fundamental needs: to better understand the behavior and limitations of Internet epidemics, and to develop systems that can automatically defend against new outbreaks in real-time.
Understanding the scope and emergent behavior of Internet-scale worms seen in the wild constitutes a new science termed "Internet epidemiology". To gain visibility into pathogens propagating across the global Internet, the Center is pursuing the construction and operation of a distributed "network telescope" of unprecedented scale. The telescope in turn feeds a "honeyfarm" collection of vulnerable "honeypot" servers whose infection serves to indicate the presence of an Internet-scale worm.
To then fight worms once detected, the Center works on developing mechanisms for deriving "signatures" of a worm's activity and disseminating these to worm suppression devices deployed throughout the global network.
Finally, the Center strives to ground its research in the potentially thorny, but highly relevant, "real-world" issues of informing the development of legal frameworks in terms of the appropriate use of anti-worm technologies and their applications for providing forensic evidence; and enabling the development of actuarial models for quantifying exposure to aggregate risk and liability from Internet epidemics, critical for supporting the emerging cyber-insurance industry.
