STARNOVA: Scalable Technology to Accelerate Research Network Operations Vulnerability Alerts

Project Summary

Cyber attacks, such as ransomware, malware, and denial-of-service (DOS), are persistent threats to the security, reliability, and robustness of scientific cyberinfrastructure (CI). The STARNOVA project is a translational research effort that aims to enhance the capabilities of existing NSF-funded Internet measurement infrastructure—UCSD Network Telescope (UCSD-NT)—to strengthen the security of CI hosted at the San Diego Supercomputer Center (SDSC). The project seeks to provide real-time detection and alerts for cyber threats, targeting SDSC’s high-performance computing resources.

By leveraging unsolicited traffic, including Internet-wide scanning campaigns, STARNOVA will detect early-warning indicators of cyberattacks and help prevent adversaries from compromising scientific CI. The project will deploy machine learning techniques to efficiently analyze time series data, identifying suspicious patterns and allowing SDSC to take proactive defensive actions.

Key Objectives

• Expand Visibility: The project will enhance the UCSD-NT’s visibility by capturing unsolicited traffic directed toward SDSC’s production networks. “Greynets” will be deployed to gather this traffic, helping to detect potential attacks.

• Anomaly Detection: Using NSF-funded resources like the Expanse supercomputer, STARNOVA will deploy machine learning-based methods to detect anomalies in Internet background radiation (IBR) traffic. This system will monitor over 200,000 time series, identifying patterns that indicate transient or persistent threats.

• Automated Analysis and Alerts: The project will automate network flow analysis to examine traffic flagged by anomaly detection methods. By correlating these anomalies with SDSC’s services, the system will generate real-time alerts, enabling operators to respond quickly to potential attacks.

Intellectual Merit

The STARNOVA project merges expertise in network operations and cybersecurity research to develop a scalable, real-time traffic anomaly detection platform. This innovative approach combines advanced traffic capture techniques with machine learning-based analysis, improving the detection of emerging cyber threats to scientific CI. The outcome will enable network operators to respond rapidly to attacks, enhancing the overall security posture of SDSC and similar CI environments.

Broader Impact

By translating network telescope measurements into actionable intelligence, STARNOVA directly addresses urgent security challenges in scientific research environments. The project’s results will be made available to the wider CI and cybersecurity communities, enabling more affordable and effective threat detection at other institutions, particularly those with limited resources. STARNOVA will also support collaborative cybersecurity efforts across research networks.

Data Providers

Funding Support

This material is based on research sponsored by the National Science Foundation (NSF) grant OAC-2319959. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of NSF.