Cybersecurity: Leveraging the Science and Technology of Internet Mapping for Homeland Security (2008-2011)
The CAIDA Cybersecurity Project "Leveraging the Science and Technology of Internet Mapping for Homeland Security" (contract N66001-08-C-2029 with the DHS Science and Technology Directorate) started in March 2008. Our primary objective is to develop technologies and gather data that will increase situational awareness of Internet topology structure, behavior, and vulnerabilities.
This page is the original statement of work for March 2008 through June 2011).
Principal Investigator: kc claffy
Funding source: N66001-08-C-2029 Period of performance: March 21, 2008 - June 30, 2012.
Statement of Work (2008-2011)
In this project, we are applying a decade of experience in Internet topology measurement, analysis, modeling, and visualization capabilities to DHS' immediate cybersecurity needs to understand and protect essential U.S. information infrastructure.
The ultimate deliverables are periodic updates for router-level and AS-level Internet topologies integrated into the dual-layer router+AS-level topologies, and richly annotated with AS business relationships, geographic, latency, etc., attributes. To achieve this main task, the project will also deliver a new Internet topology data acquisition infrastructure and Internet topology data processing, analysis, annotation, and generations software.
Tasks and deliverables for the entire effort are separated into three phases:
Phase I: Applied Research (March 2008 - September 2009)
| Task Number | Task Description |
|---|---|
| Task 1 | Establish ongoing measurements of IPv4 topology using Archipelago measurement infrastructure. Complete initial deployment and debugging of Archipelago monitors and software. Start an ongoing IPv4 topology data collection. Continue to expand the Archipelago measurement infrastructure. |
| Task 2 | Build a router-level graph of the Internet. Evaluate existing Ip-to-router resolution techniques. Select the best tool and collect data for aliases resolution. Derive a router-level graph from Ark data and aliases data. |
| Task 3 | Build a dual AS-router level graph of the Internet. Derive an AS-level graph of the Internet from Ark data and BGP data. Develop methodology of merging the router-level and AS-level graphs into a dual topology graph of the Internet. Produce an experimental dual graph of the Internet topology. Validate the resulting graph vs. other internationally recognized sources of Internet topology data. Release software for calculation and comprehensive analysis of topology characteristics. |
Phase II: Development (October 2009 - September 2010)
| Task Number | Task Description |
|---|---|
| Task 4 | Continue to improve the Archipelago measurements. Deploy 15 additional monitors. Prototype IPv6 topology measurements. |
| Task 5 | Develop software for automated merging of router-level and AS-level graphs into a dual topology. Develop software for automated construction of router-level topology graphs. Update software for automated constrution of AS-level graphs. Develop software for building dual AS-router level topology graphs. |
| Task 6 | Develop software for annotating dual graphs of the Internet. Provide automated annotation of AS-graphs with AS types and business relationships. Compare existing geolocation tools. Develop software for adding geolocation annotations to dual graphs. (optional) Develop software for adding latencies annotations to dual graph. |
| Task 7 | Develop visualization methods for annotated dual AS-router Internet topology. |
Phase III: Deployment (October 2010 - March 2011)
| Task Number | Task Description |
|---|---|
| Task 8 | Continue to improve the Archipelago measurements. Implement recommendations for improving Internet topology measurement learned during Phase I and II of the project. Deploy 10 additional monitors. |
| Task 9 | Advise sponsors regarding use of data to support understanding of critical infrastructure for national security needs. Enrich our AS-ranking suite using all available measurement data and annotations. Validate our automated annotated dual graphs vs. other topology sources. Implement topology generator using annotated dual graphs methodology. Integrate telco hotel datasets into out data. |
Deliverables
| # | Associated Task | Deliverable Description | Type | Due date | Status |
|---|---|---|---|---|---|
| 1 | Task 1 | Row IPv4 topology data collected on Ark platform | data | Jul 2008 | Done |
| 2 | Task 2 | Recommendations for best IP aliases resolution techniques | report | Oct 2008 | Done |
| 3 | Task 2 | Data for IP-to-router resolution | data | Dec 2008 | Done |
| 4 | Task 3 | Ark-based router-level graph | data | Jan 2009 | Done (requires password) |
| 5 | Task 3 | Ark-based AS-level graph | data | Jan 2009 | Done |
| 6 | Task 3 | Ark-based dual AS-router topologies | data | Jun 2009 | Done |
| 7 | Task 3 | Caveats and recommendations regarding Ark-based topology measurements | report | Sep 2009 | Done |
| 8 | Task 3 | Comprehensive software suite for topology characteristics | software | Dec 2009 | Done |
| 9 | Task 4 | Improve Ark-based topology data | data | Nov 2009 | Done |
| 10 | Task 5 | Regular updates of router-level graphs | data | Jan 2010 | Done |
| 11 | Task 5 | Regular updates of annotated AS-level graphs | data | Jan 2010 | Done |
| 12 | Task 5 | Software for automated merging of router-level and AS-level topologies | software | Mar 2010 | Done |
| 13 | Task 5 | Regular updates of dual Internet topologies | data | May 2010 | Done |
| 14 | Task 6 | Recommendations for best geolocation tools | report | Dec 2010 | Done |
| 15 | Task 6 | Annotated dual AS-router graphs | data | Oct 2010 | Done |
| 16 | Task 6 | Preliminary IPv6 topology data | data | Sep 2010 | Done |
| 17 | Task 7 | Visualization of annotated dual AS-router graphs | report | Sep 2010 | Done |
| 18 | Task 8 | Improved Internet topology data | data | Nov 2010 | Done |
| 19 | Task 9 | Generator for annotated dual Internet topologies at the AS-level and router-level | software | Jan 2011 | Done |
| 20 | Task 9 | Ark/skitter/DIMES topology comparisons at different levels of granularity | report | Mar 2011 | |
| 21 | Task 9 | AS-ranking++ | software | Mar 2011 | Done |
| 22 | Task 9 | Recommendations for the next generation of Internet topology measurement platforms | report | Mar 2011 | Done |