School Studies Effects of Internet Attacks

A DOJ-funded Iowa State University lab re-creates cyber-attacks in an attempt to make breakthroughs in computer defenses and forensics.

A new test laboratory at Iowa State University will allow researchers to study how computer networks respond to massive Internet attacks and could lead to breakthroughs in computer defenses and forensics, said a researcher behind the project.

The new test network, ISEAGE (Internet Simulation Event and Attack Generation Environment), was funded by a $500,000 grant from the Department of Justice. ISEAGE is the first research lab to be able to re-create any cyber-attack on any part of the Internet infrastructure, said Doug Jacobson, director of information assurance at ISU, in Ames.

Jacobson is also the chief technology officer of Palisade Systems Inc., a security technology vendor, also in Ames.

ISEAGE uses a 64-processor cluster connected via high-speed switching gear at ISUs Research Park. The cluster is linked to a central disk storage system running Free BSD Unix. Each processor can re-create 50 routing points, giving researchers tremendous flexibility to reproduce network attacks.

/zimages/3/28571.gifLarry Seltzer looks at a proposed early warning system for Internet worms. Click here to read his review.

The guts of the new test lab are software tools, developed by Jacobson, that let researchers change traffic patterns, replay attacks in endless configurations and collect attack data, Jacobson said. "We can make an attack that looks like it came from 1,000 computers, but we dont need 1,000 computers to do it," he said.

The testbed can just as easily simulate attacks from 100,000 Internet-connected machines—or from every Internet address in existence, Jacobson said.

Researchers will use ISEAGE to model attacks on critical cyber-infrastructure, such as state and federal computer networks. Computer investigators might use data from ISEAGE to help develop better forensic tools that can discover the source of attacks, Jacobson said.

ISEAGE is similar to other large testbeds, such as DETER, the Cyber Defense Technology Experimental Research lab. DETER is funded by a $10.8 million grant from the National Science Foundation and Department of Homeland Security and run by the University of Southern California and UC Berkeley, with help from McAfee Inc.

DETER uses a traditional network of systems and standard routing gear, but ISEAGE emulates what attacks would look like on the actual Internet infrastructure, with more-realistic attack profiles and traffic patterns, Jacobson said.

/zimages/3/28571.gifProtecting yourself from phishing and identity theft is more important than ever. Click here to read David Courseys tips for avoiding disaster.

"States are good at running tabletop exercises, where they have 100 people lie on the tarmac at the airport, but there hasnt been a good way to play out large-scale attacks on cyber-infrastructure," Jacobson said.

For the time being, ISEAGE is being used to train graduate and undergraduate students, as well as local security professionals, about cyber-attacks and cyber-defense. The state of Iowa has expressed an interest in modeling its network on ISEAGE, Jacobson said.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.