CAIDA 2014-2017 Program Plan

A summary of research goals and plans for the period from July 2014 through December 2017.

Mission Statement: The Center for Applied Internet Data Analysis (CAIDA) is an independent analysis and research group based at the University of California's San Diego Supercomputer Center. CAIDA investigates both practical and theoretical aspects of the Internet, with particular focus on:

  • collection, curation, analysis, visualization, dissemination of sets of the best available Internet data,
  • providing macroscopic insight into the behavior of Internet infrastructure worldwide,
  • improving the integrity of the field of Internet science,
  • improving the integrity of operational Internet measurement and management,
  • informing science, technology, and communications public policies.

Program Areas

CAIDA is actively engaged in the following three main program areas:

Program Area Goal
I Research and Analysis Analyze and model pertinent features and trends of current Internet usage, develop novel approaches to enable future Internet growth
II Measurements and Infrastructure Create state-of-the art infrastructure for measurements, data procurement, and curation; conduct measurements for comprehensive characterization of the Internet
III Data and Tools Provide best available datasets and analysis tools to the research community

Executive Summary

This program plan outlines CAIDA's anticipated activities for 2014-2017, in the areas of research, infrastructure, data collection and analysis to support the research community. Our research projects span Internet topology, routing, security, economics, future Internet architectures, and policy. We will continue to pursue Internet cartography, improving our IPv4 and IPv6 topology mapping capabilities using our expanding and extensible Ark measurement infrastructure. We will improve the accuracy and sophistication of our topology annotation capabilities, including economic information and business relationships between ISPs. Using our evolving alias resolution measurement system, which integrates and improves on the best available technology for IP address alias resolution, we will continue to collect, curate, and release our Internet Topology Data Kit (ITDK), including simplified versions that are easier for researchers to use.

We will use this infrastructure and rich data sets to support a new project: Mapping Interconnection in the Internet: Colocation, Connectivity and Congestion. The goal of this project is to characterize the changing nature of the Internet's topology and traffic dynamics, and to investigate the implications of these changes on network science, architecture, operations, and public policy. We will construct a new type of semantically rich Internet map to guide a study of congestion induced by evolving peering and traffic management practices of CDNs and ISPs, including methods to detect and localize the congestion to specific points in wired (and hopefully eventually mobile) networks. Ark will also support our ongoing (entering its third year) project to study large-scale disruptions of Internet connectivity via correlation of a variety of disparate sources of data; We will have a outage-detection system operational by the end of 2015. Finally, we will extend our participation in future Internet research in two dimensions: measuring and modeling IPv6 deployment; and an expanded role in the Named Data Networking project, one of the NSF-funded future Internet architecture projects headed into its fourth year.

Our infrastructure activities include developing, deploying, and operating an active measurement platform that cost-effectively supports global Internet research and security vulnerability analysis. We will expand our software infrastructure activities to include a system for allowing measurement of compliance with BCP38 (ingress filtering best practices) across government, research, and commercial networks, and analysis of resulting data. We will expand our data sharing efforts, making older topology and some traffic data sets public that used to be restricted to academic researchers. As always, we will lead and participate in tool development to support measurement, analysis, indexing, and dissemination of data from operational global Internet infrastructure. Our outreach activities will include peer-reviewed papers, workshops, blogging, presentations, and technical reports.

Note that not all of the activities described in this program plan are fully funded yet; we are seeking additional support to enable us to accomplish our ambitious agenda.

Finally, we are taking this opportunity of reflection and strategic planning to change the expansion of CAIDA's acronym to more accurately match what we do. Effective July 2014, we will be the Center for Applied Internet Data Analysis.

Our annual reports are at This program plan is available at Feedback and questions are welcome at info at

I. Research and Analysis

CAIDA is pursuing research activities spanning various domains related to Internet science and engineering. We seek to characterize fundamental behavior of the Internet as an evolving complex system and predict -- and in some cases design -- salient aspects of future evolution. In order to inform and validate our own and others' network research, we also aim to reliably measure and analyze the current state of the Internet.

  1. Mapping the Internet: Cartographic Capabilities for Critical Cyberinfrastructure

    Motivation: Maps of the Internet topology are an important tool for characterizing this critical infrastructure and understanding its macroscopic properties, dynamic behavior, performance, and evolution. They are also crucial for realistic modeling, simulation, and analysis of the Internet and other large-scale complex networks. These maps can be constructed for different layers (or granularities), e.g., fiber/copper cable, IP address, router, Points-of-Presence (PoPs), autonomous system (AS), ISP/organization. Router-level and PoP-level topology maps can powerfully inform and calibrate vulnerability assessments and situational awareness of critical network infrastructure. ISP-level topologies, sometimes called AS-level or interdomain routing topologies (although an ISP may own multiple ASes so an AS-level graph is a slightly finer granularity) provide insights into technical, economic, policy, and security needs of the largely unregulated peering ecosystem.

    CAIDA has conducted measurements of the Internet macroscopic topology since 1998. Our current tools (since 2007, scamper deployed on the Archipelago measurement infrastructure) track global IP level connectivity by sending probe packets from a set of source monitors to millions of geographically distributed destinations across the IPv4 address space. Since 2008, we have continuously probed IPv6 address space as well.

    Our goals in this area include:

    • investigate and test more efficient and scalable topology probing primitives
    • improve the accuracy of our derived router-level maps of the Internet, by improving IP address alias resolution techniques, and conducting large scale alias resolution probing measurement experiments required for inferring router-level topology. (for both IPv4 and IPv6, which require different measurement methods)
    • improve the completeness of our maps by integrating traceroute-based AS-level Internet topologies from all available sources
    • improve the richness of our maps by adding economic and intermediate (PoP/city-level) infrastructure annotations, including developing and supporting user-friendly interactive validation functionality
    • create an AS-traceroute measurement tool that integrates control path and forward path data in real-time
    • develop a database and user-friendly interface to browse, query, and visualize specific historical or recent topology or performance data, router-level and AS-level maps with DNS, geographic, and economic annotations
    • create informative visualizations of large-scale network topology measurements
    • automate inferences of router geolocation using DNS and active measurement data
    • create software to analyze statistical properties of router-level Internet graphs, including awareness of data idiosyncrasies that prevent standard statistical computations
    • improve the usability of ITDK: add annotated estimates of the number of routers and aliases observed in a given data set, filter out artifacts of data that inhibit insight, identify falsely inferred AS links
    • create a simplified version of ITDK with multiple origin ASes, AS loops and sets, and hyperlinks removed
    • integrate AS Rank and Ark topology-on-demand probing interface Vela to support queries about network connectivity before, during, and after disaster regions.

  2. Mapping Interconnection in the Internet: Colocation, Connectivity and Congestion

    Motivation: As the global Internet expands to satisfy the demands and expectations of an ever-increasing fraction of the world's population, profound changes are occurring in its interconnection structure, traffic dynamics, and the economic and political power of different players in the ecosystem. The pervasive growth of two initially independent but synergistic infrastructure sectors, Internet eXchanges (IXes) and Content Distribution Networks (CDNs), is defining this shift. IXes facilitate interconnection among networks within a region, allowing traffic to flow along cheaper and lower-latency routes. CDNs leverage this emerging connectivity to place (cache) content as close to users as practical. Both aim to localize traffic near users, optimizing bandwidth efficiency and performance.

    The symbiotic relationships between IXes and CDNs have a profound yet so far poorly understood impact on network engineering and operations. CDNs typically control the source (and thus the path) of data coming into an ISP, so they can increase (or alleviate) loading and congestion on different points of interconnection. At the same time, ISPs can control the capacity of incoming links, which can limit the realistic options for the delivery of high-volume traffic. Thus, strategic behavior by a CDN or ISP may create externalities for other infrastructure operators, degrade the experience for many users, and signal contention in business relationships between ISPs. The rise of these new phenomena and the resulting shifts in bargaining, money flows, and potential market power related to interconnection have far reaching implications for the balance of power and control among the players in the Internet ecosystem and cause inevitable regulatory interest. The ongoing evolution also presents broader challenges for technology investment, future network design, public policy, and scientific study of the Internet itself. Yet, thus far the research and measurement community has had no scientific framework to study this emerging behavior and the evolving ecosystem is largely uncharted territory.

    The goal of this project is to characterize the changing nature of the Internet's topology and traffic dynamics, and to investigate the implications of these changes on network science, architecture, operations, and public policy. The first task is to construct a new type of semantically rich Internet map, which will elucidate the role of IXes in facilitating robust and geographically diverse but complex interdomain connectivity. This map will guide the second task: a measurement study of traffic congestion dynamics induced by evolving peering and traffic management practices of CDNs and ISPs, including methods to detect and localize the congestion to specific points in the network. In addition to validating and automating congestion-related inferences, we will explore their implications on network resiliency, economics, policy, and science. Data used will include measurements gathered using CAIDA's global active measurement infrastructure Archipelago (Ark), as well as data contributed by industry players for use in validation and refinement of methods. We will also try to extend our measurement techniques and analysis methodologies to study performance quality on mobile networks.

  3. Security and Stability: Monitoring Large-Scale Outages

    Motivation: Despite the Internet's status as critical infrastructure, systematic monitoring of the global Internet behavior remains a disturbingly elusive priority. In particular, we have no rigorous framework for measurement, analysis, or quantifying the impact of abnormal connectivity dynamics on a global scale, nor do we have metrics for assessing the vulnerabilities of a network's connectivity. Significant progress has been made in monitoring and analyzing the status of the BGP control plane, but many incidents that severely impede the normal operation of the Internet cannot be captured by control plane observations alone. Such incidents may include various security attacks, or large-scale connectivity disruptions due to country-level censorship or natural disasters. Detecting, understanding and quantifying the impact of such events in order to appropriately and effectively respond to them requires integration of heterogeneous data types that capture different dimensions of the phenomenon.

    We aim to design, implement and integrate disparate data sources using novel methods, protocols and tools, to enable researchers to more effectively study various security related events in the global Internet. Analysis methodologies that integrate different types of control plane (BGP) and data plane (traceroute, traffic data) data sources promise both operational and scientific benefits. In addition to improving our understanding of how measurements yield insights into network behavior, and strengthening our ability to model large scale complex networks, lasting use of such systems will also illuminate infrastructure vulnerabilities that derive from architectural, topological, or economic constraints, informing ongoing research on future Internet architectures.

    Our goals in this area include:

    • classify darkspace traffic (Internet Background Radiation - IBR) into known types, identify attributes simple enough to allow real-time computations
    • complete Database of Aggregated Time Series (DBATS), document design decisions and capabilities, write and test API
    • develop geolocation methods for network prefixes advertised on the BGP plane
    • implement an outage detection system aggregating multiple data types: live BGP data, active probing data, IBR traffic
    • study methods to detect and characterize BGP hijacking events, including extent, frequency, and impact
    • detect in near-realtime, document, and report episodes of traffic interception based on BGP hijacking to inform researchers, operators, CERTS, and policy makers
    • provide hijacking-related datasets to researchers
    • automate the heatmap visualization technique to display penetration of a given vulnerability into the IPv4 address space

    We also intend to use (and help others use) darkspace traffic data to study trends in the prevalence of denial-of-service attacks in the Internet, and other network phenomena such as packet loss, path changes, and address usage, and the prevalence of IP spoofing on the global Internet. We will develop tools to extract the same type of metrics from IBR captured at greynets (live networks), and evaluate the differences and limitations compared to our darknet instrumentation. We plan to establish within three years an Internet Observatory to monitor and report on macroscopic Internet connectivity disruptions in near-real time.

  4. Future Internet Research

    Motivation: As the Internet evolves, the research community seeks creative approaches to mitigate its known weaknesses, and to ensure its robust and unimpeded growth and development. We will continue our involvement into two future-oriented research projects. First, we seek to improve the fidelity, scope, and usability of our IPv6-related macroscopic Internet measurement tools and analyses, including investigation of the IPv4 Internet behavior under exhaustion and transition, e.g., CGNs and IPv4/IPv6 coexistence technologies. Our objective is rigorous large-scale IPv6 measurement data and validated computational models to inform imminent technical, business, and policy decisions. Second, we are continuing our participation in the NSF-funded Future Internet Architecture program, collaborating with ten other universities on the Named Data Networking project.

    Our goals in this area include:

    • compare IPv4/IPv6 allocation, advertisement, and routing announcement data, TCP-level behavior, visualize differences
    • summarize data on geographic penetration of IPv6 by countries/global regions
    • investigate prevalence and performance impact of middleboxes
    • produce an experimental IPv6 router-level topology using our new Speedtrap alias resolution tool
    • infer AS relationships in the IPv6 address space
    • analyze the evolution of the IPv6 AS-level graph, compare with IPv4 graph
    • automated creation of IPv4 vs IPv6 topology maps
    • complete bulk DNS lookup software Dolphin, put it into production, conduct reverse DNS lookups of the entire routed address space
    • develop and validate a computational model of IPv6 adoption and conduct surveys to empirically ground the parameters
    • use computational model simulate "what-if" scenarios of IPv6 penetration

    Our second future-oriented Internet project is Named Data Networking, Next Phase (NDN-NP). CAIDA is a member of a 10-institution consortium developing a prototype infrastructure and applications to validate a radically new Internet architecture that replaces IP with network-layer routing directly on content names. We will continue to provide management and strategic guidance to the NDN team, including evaluation and measurement support, and participate as an NDN testbed node operator and testbed users.

The table below summarizes the funding status (as of July 2014) of the projects listed in Section I.

ProjectProposal Title Agency/
Topology Mapping Cartographic Capabilities for Critical Cyberinfrastructure DHS S&T BAA 11-02 Oct 2012 - Sep 2015
Internet Laboratory for Empirical Network Science: Next Phase NSF CRI pending
Mapping Congestion Mapping interconnection in the Internet: colocation, connectivity, and congestion NSF NeTS pending
Security Detection and analysis of large-scale Internet infrastructure outages NSF SATC Sep 2012 - Aug 2015
Detecting and characterizing Internet traffic interception based on BGP hijacking NSF SATC pending
Future Internet Exploring the evolution of IPv6: topology, performance, and traffic NSF NeTS May 2012 - Apr 2015
Modeling IPv6 adoption: a measurement driven computational approach NSF NeTS pending
Named Data Networking: Next Phase NSF FIA=NP Jul 2014 - Jun 2016

II. Measurements and Infrastructure Projects

The research community needs multi-faceted data sets for cross-domain analysis of properties, performance, and dynamics of the wide-area Internet. Since its foundation in 1998, CAIDA has promoted sharing collected data with researchers. We plan to continue our investment into data procurement to improve the integrity of Internet science, while navigating the associated technology, legal, and ethical challenges. This section of the Program Plan lists CAIDA infrastructure projects and plans.

  1. Archipelago (Ark) - Community Measurement Platform

    Motivation: Archipelago (Ark) is CAIDA's active measurement infrastructure. It consists of a central server at CAIDA and several dozen monitors* deployed in 39 countries on 6 continents. Monitors run software that supports precise time synchronization across monitors and allows them to operate as a coordinated secure platform capable of performing various types of Internet measurements. We continue to upgrade and extend Ark in geographic scope as well as function.
    *Note: Older monitors are standard PCs; all monitors deployed since January 2013 are Raspberry Pis.

    Ark represents a unique laboratory in which researchers can quickly design, implement, and easily coordinate the execution of experiments across a globally distributed set of dedicated hosts. CAIDA researchers currently employ Ark for ongoing measurements of macroscopic topology performance across a large cross-section of IPv4 and IPv6 address space, gathering the largest set of Internet topology data available to the research community. The data products and measurement support enabled by Ark enable transformative research in networking and security, providing empirical grounding for study of real-world Internet phenomena (e.g., TCP (mis)behavior, outage diagnosis and analysis, congestion, security hygiene) and informing assumptions embedded in future Internet architecture research. Now that we have firm established the utility of this community research infrastructure, we plan to focus on achieving greater involvement from a broader cross-section of research communities, by lowering the barrier to using the infrastructure and data products that we curate.

    Our goals include:

    • manage and maintain existing remote Ark monitors
    • expand the scale and manageability of Ark, including 200 new monitors in strategic locations
    • curate, archive, and distribute collected data
    • develop and maintain Dolphin - a bulk DNS lookup service to enable hostname annotations of topology data
    • enable remote OS install process for Ark monitors to allow more independent 3rd-party use
    • continue development of alias resolution tool MIDAR toward more automatic execution
    • implement more efficient topology probing primitives
    • integrate traceroute measurements with real-time BGPMON routing data
    • upgrade Ark's measurement-on-demand web interface (Vela) to enable scheduling of more complex measurements

  2. UCSD Network Telescope

    Motivation: The UCSD network telescope is a portion of routed IP address space that sends and receives little or no legitimate traffic exists ("darkspace"). Observing unsolicited Internet traffic (or Internet Background Radiation - IBR) reaching such unoccupied address space allows visibility into a wide range of security-related events, including misconfiguration, scanning by hackers looking for vulnerable targets, backscatter from random source denial-of-service attacks, automated spread of malicious software such as Internet worms or viruses, and global Internet connectivity disruptions. Learning more about the nature and characteristics of the unrelentingly growing IBR, and how it compares across different segments of address space, is a necessary pre-requisite for developing efficient mitigation strategies.

    We aim to continue collecting IBR data and responsibly share them with other researchers, as well as design and implement novel methods, protocols and tools enabling efficient studies of current and emerging patterns in spurious and malicious traffic reaching observable darkspace.

    Our goals in this area include:

    • maintenance of the UCSD network telescope passive data collection system
    • develop front-end software for the data to notify potential users of interesting security events
    • enabling tests for specific events/malware
    • collect, document, store, and distribute requested telescope data (both archived and in near-real time) to vetted researchers
    • acquire additional storage and computational resources
    • find ways to identify novel or anomalous content in a large volume of typical traffic
    • develop scalable and sustainable policy and process for "moving code to the data" data sharing approach
    • expand telescope instrumentation to include a tool set for rapid data processing and visualization
    • provide researchers with post-processed IBR traffic data at different granularities and annotated with geographical and topological information

  3. Passive Monitors

    Motivation: Many activities in large-scale network empirical analysis, modeling, security, policy, and architecture development require access to real traffic data, including from core Internet backbone links. Unfortunately, the expense of the monitoring equipment (which must be upgraded every few years to keep pace with changes in the underlying physical technology), exacerbated by the general difficulty of coordinating deployment with remote volunteers, impedes our efforts to deploy additional passive monitors on backbone Internet links (or on any other networks, e.g., public, research, municipal). Moreover, security, privacy and legal concerns limit our options for sharing already collected data with researchers.

    We continue to support efforts to enable Internet traffic measurements and privacy-respecting sharing. Currently, in collaboration with operators of the hosting sites, CAIDA helps support data collection efforts on backbone links in Internet exchange points in San Jose, CA and Chicago, IL. We regularly capture packet header (no payload) traces from backbone and peering point links and make anonymized forms of these data available to the research community, albeit with significant policy restrictions on their use. We also develop tools to support operators and researchers with current and emerging passive measurement needs.

    Goals include:

    • continue regular monthly collection of packet traces at the Equinix Internet exchange points in San Jose and Chicago
    • calculate and post basic statistics for the collected packet traces
    • maintain dynamic web pages showing real-time traffic reports
    • curate, anonymize, archive, and share the collected data with approved researchers
    • equipment upgrades
    • storage purchases
    • continuing collection growth and maintenance

  4. Privacy-Sensitive Data Sharing

    Motivation: Concerns regarding end-user privacy and potential risks stemming from unauthorized or unintended data disclosure present daunting challenges to researchers looking for access to real world Internet data. Yet the opacity of the Internet infrastructure limits the capability of research and development efforts to model network behavior and topology, design protocols and/or new architectures, and study real-world properties such as robustness, resilience, and economics. Overcoming these limitations is impossible without realistic, representative, longitudinal datasets.

    For over 15 years, CAIDA has been navigating the numerous challenges of collecting, coordinating, curating, and sharing data sets for the network research and operational community in support of Internet science. We firmly believe that cooperative, data-sharing approaches to sound measurement and analysis are key to enlightened policy, impregnable security, and better general governance of the Internet.

    CAIDA data sharing efforts are supported by the Department of Homeland Security (DHS) founded the Protected REpository for the Defense of Infrastructure against Cyber Threats (PREDICT) project. PREDICT's mission is to provide vetted researchers with network operational data in a secure and controlled manner that respects the privacy, legal, and ethical concerns of Internet users and network operators. We are also supporting the Internet Measurement Data Catalog (DatCat), which indexes existing Internet measurement data to facilitate searching for and sharing data among researchers.

    Our goals in this area are:

    • document and distribute collected IPv4 topology and derived AS topology datasets, and collected UCSD Network Telescope data
    • document and distribute traces from a large-ISP backbone link
    • provide feedback and advice on technical, legal, and practical aspects of developing PREDICT policies and procedures
    • advance data disclosure control techniques that balance privacy concerns and data utility
    • advance policy community's understanding of Internet research, its successes and unsolved problems, and related data needs
    • inform researchers about the current legal landscape in data collection and sharing, existing privacy protection mechanisms, and current guidelines for addressing ethical issues in network and security research
    • test and improve DatCat submission tools, add support for more flexible granularity in data set annotations
    • create a prototype of an automatic indexing survey for NSF-funded Internet measurement researchers to use
    • assist researchers cataloging their relevant Internet measurement datasets
    • maintain Datcat public forum devoted to dataset requests and relevant data discussions
    • index all CAIDA data into new DatCat system
    • promote educational use of Internet data in undergraduate- and graduate-level classes

The table below summarizes the funding status (as of July 2014) of the projects listed in Section II.

ProjectProposal TitleAgency/
Archipelago Cartographic Capabilities for Critical Cyberinfrastructure DHS S&T Oct 2012 - Sep 2015
Internet Laboratory for Empirical Network Science: Next Phase NSF CRI pending
Network Telescope Supporting research and development of security technologies through network and security data collection DHS S&T PREDICT Oct 2012 - Sep 2017
Passive monitors Supporting research and development of security technologies through network and security data collection DHS S&T PREDICT Oct 2012 - Sep 2017
Privacy Sensitive Data Sharing Supporting research and development of security technologies through network and security data collection DHS S&T PREDICTOct 2012 - Sep 2017
Metadata management software tools to support cybersecurity research and development of sustainable cyberinfrastructure NSF SDCI Aug 2011 - Jul 2015

III. Data and Tools

Scientific data collection, tool development, and analysis are among CAIDA's core objectives. We are continually seeking better technology and methods to meet the challenges of Internet measurements.

  1. Data Collections

    CAIDA is known worldwide as the leader in conducting macroscopic Internet measurements. We are will continue the following ongoing data collections (listed on our Data Overview web page):

    • IPv4 and IPv6 Raw Topology Traces - collected on our Archipelago infrastructure via distributed team-probing experiment using the scamper tool for active probing of random destinations in the IPv4 and IPv6 address space
    • Macroscopic Internet Topology Data Kit (ITDK) - curated, aggregated, and richly annotated IPv4 topology data including router- and AS-level Internet graphs, hostnames, geolocation data, and more
    • AS adjacencies - we will synthesize a comprehensive Internet AS-level topology from multiple available sources of data
    • AS relationships - AS graph links derived from RouteViews BGP table snapshots and annotated as customer-provider or peer-to-peer with our most recent AS relationship inference algorithm
    • AS Ranking - interactive CGI script that computes degree-based and AS-relationship-based ranking of ASes
    • passive OC192 peering point traces - one-hour traces collected quarterly from two peering points for a major US backbone ISP
    • Network Telescope traces - most recent two months of passive data from the Network Telescope; some older archived data are also available

    In addition to the ongoing collections, we host and share with the research community a few data sets that were either one-time collections or terminated collections. Most of those data sets are available for public download. We also release data associated with published research studies. Please see Data Overview for a complete list of the unique data sets that we offer. We are always interested in, and regularly request, feedback from researchers on what Internet data is required to support their research.

  2. Tool Development

    Our research requires building and maintaining many software tools to measure, analyze, and model various Internet characteristics. The Tools Overview web page presents a taxonomy of CAIDA tools. Our two core infrastructure measurement packages under ongoing development are: scamper , our primary active measurement tool deployed on Ark monitors; and CoralReef, a comprehensive software suite to collect, analyze, visualize, and display trace and flow data from passive Internet traffic monitors. In addition, we are still working on MAARS -- Multi-Approach Alias Resolution System -- for IP-to-router alias resolution measurements on Ark and related data analysis. We will integrate our previously developed alias resolution tools iffinder, kapar, and MIDAR to achieve a comprehensive systemic approach to alias resolution, producing the best available router-level graphs of the Internet. As necessary for our current and future research projects, we will also continue developing data curation, analysis, and visualization tools.

    We will start a new project this year to build a software client and backend system for measuring and analyzing the prevalence of spoofing vulnerability on the Internet. Specifically, the software client will execute measurements that test a network's compliance with BCP38 (ingress filtering best practices), and we will work with agencies who want help deploying the tool in the field.

Staff and Support


As of July 2014, CAIDA employs 14 researchers and support staff based at SDSC; 2 remotely based staff; and 2 postdoctoral researchers. We regularly involve UCSD undergraduate students in our research, and we support summer and/or longer term internships to graduate students and young scientists from all over the world.


Our primary sources of support are competitively awarded grants and contracts from the National Science Foundation and the Science and Technology Directorate of the Department of Homeland Security.

In addition, CAIDA could not survive without the generosity of its affiliates, members, and sponsors. The following organizations have made designated gifts or provided in-kind support to CAIDA, enabling us to maximize use of research dollars: Cisco Systems, Comcast, NTT, Verisign, Digital Envoy.

For further information about our Program Plan, please send a message to

Last Modified