US flag signifying that this is a United States Federal Government website   Official website of the Department of Homeland Security

Homeland Security

Internet Measurement and Attack Modeling

US-CERT is charged with providing response support and defense against cyberattacks for the Federal Civil Executive Branch (.gov) and information sharing and collaboration with state and local government, industry, and international partners. Research in internet measurement will address the need for better understanding of connectivity among Internet Service Providers (ISPs). Associated data analysis, such as geographic mapping, will improve the understanding of peering relationships and thus provide a more complete view of network topology, which will help to identify the infrastructure components in greatest need of protection. In conjunction with this work, research in attack modeling will allow critical infrastructure owners/operators to predict the effects of cyberattacks on their systems, particularly in the areas of malware and botnet attacks, a growing area of concern (ref Conficker and Stuxnet attacks), and situational understanding and attack attribution. “Attack protection, Prevention and Pre-emption,” and “Automated Attack Detection, Warning and Response,” are documented requirements found in the “Federal Plan for Cyber Security and Information Assurance Research and Development,” a report co-authored by S&T and other program customers.

Internet Measurement and Attack Modeling

IMAM Focus Area

  • Resilient Systems and Networks
  • Modeling of Internet Attacks
  • Network Mapping and Measurement

Technical Approach

The technical approach for Internet Measurement is to improve the system used to collect network traffic information to provide scalable, real-time access to the data as it is being collected from around the globe. This data is being improved by increasing both the number of data collectors and the number of data points being monitored. In order to build a more complete map of the Internet, the effort will build upon previous research projects, which have built large research platforms capable of Internet measurements from points across the globe.

  1. Internet-scale emulation of observable malware, specifically botnets and worms to help identify weaknesses in the malware code and how it spreads or reacts to outside stimuli
  2. New approaches in malware and botnet detection, identification and visualization, and automated binary analysis
  3. Malware Repository Creation and Sharing – Collaborative detection may involve privacy-preserving security information sharing across independent domains. This may involve sharing malware samples, metadata of a sample, and/or experiences with appropriate access controls
  4. Robust Security Against operating system exploits, such as binary-exploit malware targeting the operating system
  5. Remediation of systems infected at levels ranging from the user level down to the root level, possibly including built-in diagnostic instrumentation and virtual machine introspection providing embedded digital forensics

Resilient Systems and Networks

Prime: Naval Postgraduate School

Month YearDocument TitleDownload
October 2012Methodology for Assessment of Security PropertiesPDF (1MB)

Prime: Raytheon BBN Technologies

Month YearDocument TitleDownload
October 2012Real-time Protocol Shepherds (RePS)

PDF (2.1 MB)

Modeling of Internet Attacks

Prime: Columbia Unversity

Month YearDocument TitleDownload
October 2012Project DoppelgangerPDF (1MB)

Prime: Georgia Tech Research Corp | Sub: Dissect Cyber; Internet Systems Consortium Inc.; Global Cyber Risk; Georgia Tech Research Institute; Open Information Security Foundation

Month YearDocument TitleDownload
October 2012Comprehensive Understanding of Malicious Overlay Networks

PDF (2.1 MB)

Prime: University of Southern California | Sub:  Colorado State University, Los Alamos National Laboratory

Month YearDocument TitleDownload
October 2012Retro-Future Kick-off

PDF (2.1 MB)

Network Mapping and Measurement

Prime: International Computer Science Institute

Month YearDocument TitleDownload
October 2012Netalyzr NG: Measuring DNS, DNSSEC, and TLS from the Edge

PDF (1 MB)

Prime: Merit Network Inc.

Month YearDocument TitleDownload
October 2012Enabling Operational Use of RPKI via Internet Routing Registries

PDF (1 MB)

Prime: Naval Postgraduate School

Month YearDocument TitleDownload
October 2012High-Frequency Active Internet Topology Mapping

PDF (1 MB)

Prime: University of California, San Diego

Month YearDocument TitleDownload
October 2012Cartographic Capabilities for Critical Cyberinfrastructure (C4)

PDF (3.1 MB)

 Back to Top

 
Back to Top