---

Statement of Work

Funded by the DHS Science and Technology Directorate, contract N66001-08-C-2029, we have delivered the most comprehensive Internet router-level and AS-level Internet topology data sets ever made available to researchers and government agencies. The data are richly annotated with AS business relationships, size, and geography-related attributes. We have also deployed a new Internet topology data acquisition infrastructure available to vetted researchers for macroscopic Internet measurement projects relevant to DHS's cybersecurity R&D needs.

In the three years since the original proposal, the scope of the problem has expanded sufficiently to warrant additional work on the measurement and supporting analysis tools to stay current with the state-of-the-art technology in the field, to facilitate transfer of the technologies developed to other public and private sectors, and to improve utility and accessibility of the resulting data. We propose to accomplish the following additional tasks, which increase the functionality, accuracy, and usability of the tools and data developed and provided under the terms of the current project. Each task further advances DHS capabilities to meet public and private sector needs to understand and protect essential U.S. information infrastructure.

Task 1: Improve traceroute-based Internet topology mapping methodology

1a	Evaluate a new alias resolution technique based on IP pre-specified timestamps (developed at the University of Washington, presented at IMC2010) as part of our Multi-Approach Alias Resolution System (MAARS) process	done
1b	Enable execution of interactive real-time requests to run topology and reachability probes from user-specified Ark nodes to user-specified destinations ("topology-on-demand" demonstrated at CATCH-2009 conference)	done

Task 2: Release MIDAR code for alias resolution

2a	Release a simple stand-alone corroboration tool running on a single machine that can be used to confirm/refute a suspected alias set of a small size (< 200 addresses)	done
2b	Release software to support a full MIDAR run on a single machine that can be used to find aliases in a moderate size set of addresses (< 40 thousand)	done
2c	Release software to support a full MIDAR run using coordinated measurements on multiple machines as necessary to find aliases in a large set of addresses (>l 1 million)	done

Task 3: Add router-level graph visualization to AS-rank web pages

3a	Develop the necessary back-end database support
3b	Create an informative and scalable visualization of routers belonging to a given AS augmented with annotations for ownership, geography, and peering attributes
3c	Enable a graphic interface for users to suggest corrections of false topology inferences	done
3d	Prepare documentation describing the methodology and algorithms for AS ranking and annotations.	done
3e	Submit the methodology and algorithms for publication	done
3f	Develop, test, and implement methodology integrating users' feedback as ground truth data on AS relationship and router ownership inferences.

Milestones

Month	Task 1 Improved topo map	Task 2 MIDAR release	Task 3 Router viz
July	Evaluate new technique
August
September		Release 2a	Demo a prototype viz
October	Prototype topo-on-demand
November	Produce new ITDK		Demo an annotated viz
December
January
February	Web interface to TOD		Graphic user interface
March		Release 2b
April		Release 2c

Deliverables

#	Associated Task	Deliverable Description	Type	Due date
1	Task 1	Functionality to execute topology measurements on-demand	demo	Dec 2011
2	Task 3	Visualization of router-level topology for a given AS	demo	Dec 2011
3	Task 2	MIDAR alias resolution code	software	Apr 2012