USC/ISI’s DETERLab (cyber DEfense Technology Experimental Research Laboratory) is a state-of-the-art scientific computing facility for cybersecurity researchers engaged in research, development, discovery, experimentation, and testing of innovative cybersecurity technology. DETERLab is a shared testbed providing a platform for research in cybersecurity and serving a broad user community, including academia, industry, and government. To date, DETERLab-based projects have included behavior analysis and defensive technologies including DDoS attacks, worm and botnet attacks, encryption, pattern detection, and intrusion-tolerant storage protocols.
What makes DETERLab different?
Innovations that work well in a predictable, controlled environment often turn out to be much less effective, reliable or manageable in a critical government or enterprise IT environment. Without realistic, large-scale resources and research environments, results are unpredictable. As a world-class facility used and shared by cybersecurity researchers from hundreds of institutions worldwide, our stress is on rigorous, repeatable testing in a realistic, large-scale test environment. We enable researchers to observe and interact with real malicious software, operating in realistic network environments at scales found in the real world. These experiments in turn lead to cyber-defense innovations and systems that are inherently more robust.
- Sharing of testbed resources among multiple concurrent experiments.
- A growing library of tools, interfaces, and datasets for security experiments.
- Nascent community building to enhance the scientific value of the work.
The DETERLab design is rooted in Emulab and has substantially extended the base code with subsystems to enable experimentation at scale and complexity representative of strategic internets such as those encountered in enterprises, and specialized cyber physical domains. DETERLab subsystems include:
- Containers, for multi-resolution virtualization of experiment resources.
- DASH, for predictive modeling of human behavior supporting definition of mental models, reactive goal-driven behavior, and combinations of deliberative/instinctive behaviors.
- Federation and its ABAC authorization library, for connection of heterogeneous resources from different owners with varying usage and access policies.
- Multi-party experiments technology that provides controlled but co-joined experiments, creating different views of the experiment environment for multiple experimenters or groups of experimenters within one unified experiment.
- MAGI, for orchestrating networking experiments providing deterministic control over the various components in an experiment.
For more information about these subsystems, see DETERLab Capabilities.
How it works
DETERLab is accessed remotely from hundreds of institutions around the world using a wide array of network and computing resources and an expanding set of tools for constructing and operating experiments.
DETERLab’s users are cybersecurity researchers and experimenters who typically work in project teams. The focus of a project’s activity is a construct called an “experiment,” a term that applies to any kind of DETERLab work, including:
- Observation of cyber-attack and cyber-defense technologies,
- Test-driven development of innovative cyber-defenses,
- Scientific test and measurement of the effectiveness of cybersecurity innovations,
- Experimentation with multiple approaches to using a cyber-defense technology, and
- Scientific assessment of hypotheses about cyber-attack and cyber-defense technology in action.
All qualified researchers may apply to DETERLab online as project managers. Once approved, the user may set up a new project lab environment and remote access to DETERLab’s user interface which supports the full range of scientific research:
- Use automation to manage experiments through their complete lifecycle,
- Model and construct experiments,
- Run and monitor experiments,
- Adjust their scale and resolution, and
- Gather and analyze experimental result data.
Researchers can reuse and adapt prior work in experiment definition and management which then minimizes the time and effort spent preparing subsequent experiments.
As a result, researchers can concentrate their efforts on actual experimentation with cutting edge cybersecurity technologies, and test their effectiveness in a controlled and realistic setting – rather than the nuts and bolts of the computing and network resources that the experiment uses.
The DETER Project team, which operates and enhances DETERLab, maintains an active research program of its own. That work focuses on methods and technology for cybersecurity research. Resulting capabilities and resources frequently are transferred to DETERLab, enabling the facility to offer the continually evolving, leading-edge capabilities crucial for rapid research advances.
The goal for these enhancements is to evolve DETERLab into an advanced scientific instrument for the kind of repeatable experimentation that is required for the science of cybersecurity. Whether the scientific activity is experimentation, investigation, or testing, DETERLab provides the ability for the community of researchers to view, recreate, and validate each other's work. Researchers can publish not only reports of experimental results, but also the information needed for other scientists to validate the work and build on it in a truly scientific manner.
Since 2003, with funding from NSF, DHS, and DARPA, DETERLab has grown into a facility where over 860 researchers have conducted network and cybersecurity experimentation. DETERLab users have conducted hundreds of research projects and published over 270 resulting scientific papers. More than 9,890 students, the crucial next cybersecurity generation, have received hands-on training via DETERLab. At the same time, DETERLab has expanded in scale and power, as the DETER Project team has added both new computing resources, and a variety of new scientific capabilities as a result of DETER’s research efforts.
Today, DETERLab is one of the largest facilities devoted to providing experimental resources and scientific expertise for the development, experimentation, and testing of innovative cyber-defense technology.