DHS to Underwrite 5-Year, $16 Million Advance of ISI's Cyber Security Testbed

Since 2003, the DETER project, supported by the Department of Homeland Security, the National Science Foundation, and other government agencies has thrust the USC Viterbi School of Engineering's Information Sciences Institute (ISI) into national leadership in research and design on cyber security testbeds. The US Department of Homeland Security has now signed a 5-year $16 million contract with USC to expand and improve ISI's DETERlab testbed. This new project is called DETECT.

The US Department of Homeland Security has now signed a 5-year $16 million contract with USC to expand and improve ISI’s DETERlab testbed. This new project is called DETECT.

The DeterLab testbed provides an isolated 400-node mini-Internet, in which researchers can investigate malware and other security threats without danger of infecting the real Internet. It provides researchers from around the world with a controlled and safe experimental environment for scientific research. It also supports classroom exercises in computer security for nearly 400 students at 10 universities and colleges.

The DETECT contract will permit ISI researchers to expand capability and to advance the science of cybersecurity by developing, supporting, and evangelizing transformative methodologies and tools for advanced cyber security research, experimentation and testing. This will be achieved through extensions and enhancements to the existing DETER testbed, that will synergistically advance the capabilities of modern experimental infrastructure, the power and methodological sophistication of the tools it supports, and the community impact of the research that results.

According to DETER director Terry Benzel, the DETERLab might be likened to a scientific centers built around large instruments, like observatories or a particle accelerators. “Under the previous work we introduced the notions of cyber science including the concept of creating tools for cyber science," she explained. “We embodied these concepts in advanced testbed technology through Federation, Risky Experiment Management, Experiment Health and continued to mature those concepts and technology," she added, noting landmark studies like the 10,000-node botnet experiment, and subsequent worm spread and multi-party experiments.

A significant thrust of DETECT will be outreach to cyber researchers and building a cyber research community. This will include helping other sites to use the DETERlab software system. ISI’s federation extension to DETERlab will allow these new DETER testbeds to interconnect, to expand and diversify the research resources available to academia, industry, and government.

In November, 2010 the Cyber Security and Information Assurance (CSIA) Interagency Networking and Information Technology Research and Development (NITRD) Working Group endorsed the DETER cyber science framework. NITRD is a collaboration of more than a dozen federal research and development agencies.

“This project builds on efforts at ISI over the past six years and would not have been possible without the contributions of the entire DETER team,” continued Benzel. “John Wroclawski set an ambitious research program; Ted Faber, Jelena Mirkovic and Mike Ryan developed and delivered new capabilities under that program; and Bob Braden crafted the proposal capturing all of the prior work and proposed new challenges."

For more information about DETERLab, see "Cold Defense for a Hot Threat" in the Fall 2008 edition of the USC Viterbi Engineer magazine.

Visualization of a DETERLab experiment showing the spread of malicious code.

This is a visualization of an experiment conducted in the DETER testbed studying both the spreading of malicious code through the Internet and that code initiating a distributed denial of service attack against a target in North America. The large dots represent subnets that have been infected by the spreading worm and have become sources for the attack. The small dots represent streams of packets being sent at the target. The visualization simultaneously shows malicious code quickly spreading world-wide and small, distributed transmissions funneling together into a torrent of disruptive packets.