DETER Project History

The DETER project grew out of early work funded by Dr. Douglas Maughan, then at DARPA, for work at Network Associates Labs to study and define the objectives and requirements for a large scale DDoS testbed. The resulting report, “Justification and Requirements for a National DDoS Defense Technology Evaluation Facility,” laid the basis for definition of the key objectives for the DETER project:

  • Design, build, and operate a network testbed specifically to support security research: DETERLab;
  • Catalog software tools to help create, monitor, and analyze complex security experiments in DETERLab;
  • Facilitate the creation of a collaborative community of security researchers, in particular the EMIST project based out of Penn State, McAfee Labs, ICSI, Purdue, SPARTA Inc., SRI International, and UC Davis.

The DETER project was funded jointly by two government agencies - the National Science Foundation (NSF) and by the U.S. Department of Homeland Security Advanced Research Projects Agency (HSARPA) - over the period of 2003 - 2007. The partners in the DETER project were USC’s Information Sciences Institute (USC-ISI), UC Berkeley, and SPARTA, Inc.

Initial Phase: 2003-2004

At its inception, the DETER Project's core efforts were focused on the following tasks:

  • Assembling the network and physical resources for the lab;
  • Integrating network testbed operations software;
  • Employing initial use of relevant existing tools;
  • Collaborating with EMIST researchers on defining and developing the controls and user interfaces for experimenters.

The testbed became operational in March 2004.

The first DETER Community Workshop was held in November 2004 with focused working groups on the topic, “Using DETER for DDoS Experimentation, Worm Experimentation, and Routing Experimentation.”

Important refereed publications on work by DETERLab experimenters during this time were:

  • Cyber Defense Technology Networking and Evaluation, R. Bajcsy, T. Benzel, M. Bishop, B. Braden, C. Brodley, S. Fahmy, S. Floyd, W. Hardaker, A. Joseph, G. Kesidis, K. Levitt, B. Lindell, P. Liu, D. Miller, R. Mundy, C. Neuman, R. Ostrenga, V. Paxson, P. Porras, C. Rosenberg, J. D. Tygar, S. Sastry, D. Sterne, and S. F. Wu. In Communications of the ACM, Special Issue on Emerging Technologies for Homeland Security, Vol. 47, Issue 3, pp. 58-61, March 2004.
  • A Hybrid Quarantine Defense, P. Porras, L. Briesemeister, K. Levitt, J. Rowe, K. Skinner, and Y.-C. A. Ting, In Proceedings of ACM WORM, Washington, DC, Oct. 29, 2004.
  • Combining Visual and Automated Data Mining for Near-Real-Time Anomaly Detection and Analysis in BGP, S.T. Teoh, K. Zhang, S.-M. Tseng, K.-L. Ma, and S. F. Wu, In Proceedings of ACM VizSEC/DMSEC-04, Washington, DC, Oct. 29, 2004.
  • Preliminary Results Using Scale-Down to Explore Worm Dynamics, N. Weaver, I. Hamadeh, G. Kesidis, and V. Paxson. In Proceedings of the 2004 ACM Workshop on Rapid Malcode, pp. 65-72, 2004.

Second Phase: 2004-2007

DETER’s second phase saw the maturing of the DETERLab facility, and the growth of its researcher community beyond the initial EMIST-funded scientists. The breadth of activity also greatly increased:

  • EMIST research included work on DDoS defense, worm propagation, and BGP routing attacks.
  • New researchers’ work included worm defense, malware analysis, and network intrusion prevention.
  • Both DETER researchers and community collaborators worked on technology for supporting and enabling cyber-security research work in such areas as experiment automation, benchmarking, scaling via hypervisor usage, malware containment, and the initial work on federation, which has since become a central component of DETERLab technology.

The research directions and efforts in each area were often not only collaborative with one another, but they also resulted in contributions to the experimenter infrastructure and tools available in DETERLab, including the following: a network traffic generator from UC Davis; a worm simulator from University of Delaware; and DDoS defense benchmarks from a research team from four institutions. These research and collaboration activities continued through the end of initial DETER Project contract in 2007, and they included work on community building and testbed hardware extensions funded by the NSF DECCOR project.

Milestones for the second phase of the DETER project included publication of DETER-enabled research papers by researchers from over 40 institutions, and the first DETER researcher to be granted a Ph.D. for work performed with DETERLab — Carrie Gates — as part of an increase in university-based use of DETERLab:

Third Phase: 2008-2010

The DHS’s DIPLOMAT and DoD's DIRECT contracts fostered DETER’s continued growth, including further extension of DETERLab and the launch of DETERLab’s first-generation experimenter workbench, SEER.

Thanks to the maturity of DETERLab technology and the experience gained from supporting over 1,000 research team members, DETER Project’s activities focus increasingly on research and development in the following areas:

  • cybersecurity experimentation methodology,
  • infrastructure,
  • tools, and other extensions to both the underlying resources of DETERLab and the methods of using DETERLab for scientific experimentation.

Current DETER Project Activity: 2010-Present

The DETER project is now in its fourth phase. The current DETECT contract from DHS, administered by SPAWAR, is largely focused on outreach to cyber researchers and building a cyber research community, including helping other sites use the DETERLab software system.

This expanded capability develops, supports, and evangelizes transformative methodologies and tools for advanced cybersecurity research, experimentation and testing.

This is achieved through extensions and enhancements to the existing DETER testbed that will synergistically advance the capabilities of modern experimental infrastructure, the power and sophistication of the tools it supports, and the community impact of the research that results.