Among emerging network threats, some of the most pernicious and elusive are stealthy attacks that take place at very low rates and in a targeted fashion. This project is developing methods for identifying malicious and unwanted activity in the Internet -- specifically, traffic that is low-volume and well "hidden'' among normal traffic. The approach being taken is to develop new methods for direct analysis of Internet traffic of unprecedented scope and scale. In particular, the project is designing and implementing a system that leverages high-performance cluster computing to allow application of sophisticated pattern analysis and machine learning algorithms to network traffic at the packet and flow level.

An organizing principle of the system is its decomposition into data-parallel "lenses'' and more computationally challenging "pattern analysis'' components. The project is investigating the application of this architecture to dark address monitoring in traffic from core networks -- a capability that has not been possible to date. The end result of this project will be a set of tools and a running system that may be used by researchers to enable new investigations into traffic analysis, and may be used by network operators on an ongoing basis to help protect their networks.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
0905186
Program Officer
Angelos Keromytis
Project Start
Project End
Budget Start
2009-09-01
Budget End
2014-08-31
Support Year
Fiscal Year
2009
Total Cost
$400,000
Indirect Cost
Name
University of Wisconsin Madison
Department
Type
DUNS #
City
Madison
State
WI
Country
United States
Zip Code
53715