Among emerging network threats, some of the most pernicious and elusive are stealthy attacks that take place at very low rates and in a targeted fashion. This project is developing methods for identifying malicious and unwanted activity in the Internet -- specifically, traffic that is low-volume and well "hidden'' among normal traffic. The approach being taken is to develop new methods for direct analysis of Internet traffic of unprecedented scope and scale. In particular, the project is designing and implementing a system that leverages high-performance cluster computing to allow application of sophisticated pattern analysis and machine learning algorithms to network traffic at the packet and flow level.
An organizing principle of the system is its decomposition into data-parallel "lenses'' and more computationally challenging "pattern analysis'' components. The project is investigating the application of this architecture to dark address monitoring in traffic from core networks -- a capability that has not been possible to date. The end result of this project will be a set of tools and a running system that may be used by researchers to enable new investigations into traffic analysis, and may be used by network operators on an ongoing basis to help protect their networks.
