Passive Internet Trace Collection Memorandum of Cooperation

This Memorandum of Cooperation is between CAIDA and your entity that hosts a monitor(s) for collecting traffic data (Partner Hosting Site).

CAIDA seeks Internet trace collection sites to host passive monitors as a vital part of CAIDA’s passive data collection research efforts. Both Partner Hosting Site and CAIDA acknowledge that access to this critical data enables much needed empirical research for the purposes of advancing network science, strengthening critical public infrastructure, and assisting the rendition of Partner Hosting Site’s services. Continued funding to support the data collection, curation and distribution depends on demonstrating that these data under CAIDA stewardship are appropriate for current research projects and facilitate research on a broad range of network science issues. For details of our data collection and distribution activities, please see the Data sections of our annual report.

By hosting a passive monitor(s) and sharing collected data with CAIDA, you understand and warrant that this MOC is a legally binding agreement and the equivalent of a signed, written contract; and, that you are authorized to collect and share the data on behalf of the Partner Hosting Site.

In consideration for your Partner Hosting Site’s consent and authorization to share passive data collections with CAIDA for the purposes set forth above, CAIDA agrees to the following provisions:

  1. Passive monitors at Partner Hosting Sites run only strictly necessary services and will be kept up-to-date with security patches and operating system upgrades to minimize security risk. A minimal number of CAIDA personnel trained in protecting user privacy and secure handling of data will have accounts on these monitors. (Accounts for local users of the Partner Hosting Site are at the Partner’s discretion.)
  2. No packet payloads will be permanently recorded without specific permission from the Partner Hosting Site. Because packet headers have dynamic lengths, a few bytes of payload may be initially recorded during an attempt to capture the full length of packet headers, but this information will be filtered and discarded as soon as possible and before the data is used for research purposes, including CAIDA internal research.
  3. Traces will not be released from CAIDA custody unless the IP addresses are anonymized using prefix-preserving anonymization or other current state-of-the-art anonymization technology.
  4. CAIDA will require registration (e.g. a dataset request form) from researchers who wish to download anonymized traces. This condition enables us to vet legitimate researchers, to determine the most assistive datasets, and to keep track of data usage in conjunction with stated research purposes. Traces may be made available internationally to registered users, subject to the restrictions of the U.S. Department of State International Traffic in Arms Regulations (ITAR).
  5. CAIDA’s further plans for stewarding Partner Hosting Site network traffic data include:
    • CAIDA intends to use its collection and report generator tools (e.g. CoralReef software) continuously on all monitors in order to provide publicly accessible reports via a central CAIDA-managed web server. The reports display various aggregated statistics such as configurable breakdowns of packets, bytes, and flows by protocol, port/application, source country, and destination country. This information can be presented as percentage- and absolute-value-based time-series graphs, pie graphs for a given time period, or tables.
    • CAIDA plans to collect periodic time-synchronized traces from all locations where CAIDA has functional commodity Internet traffic monitors.
    • CAIDA may distribute flow files or other summarized, aggregated, or sampled information based on packet traces or live packet feeds. These files will be subject to appropriate privacy-protecting disclosure control techniques.
    • CAIDA may seek to expand the scope of the data collection in order to address additional research questions requiring payload detection or inspection. In this case, we will request specific approval from the Partner Hosting Site to record packet payload for each collection event. In addition, we will request specific consent from the Partner Hosting Site before any extended data is made available to approved researchers who are not CAIDA personnel or authorized resident collaborators.

CAIDA recognizes the need for progress on large-scale, empirical analysis and modeling of the Internet. The access you provide to real data supports this pursuit, and assists in the rendition of your services as critical information infrastructure.

Last Modified