Home : Research : Projects : Evaluation Methods for Internet Security Technology

The EMIST project is funded by NSF and DHS to pursue cyber-security research. EMIST is a collaboration among Penn State, UC Davis, Purdue, ICSI, McAfee, Sparta, and SRI.

EMIST and its sister DETER project form the nucleus of the DETER laboratory effort. The EMIST research team includes experts in security, networking, data analysis, software engineering, and operating systems who are committed to developing testing frameworks and methodologies for cyber security. The DETER project is building and operating the DETER testbed as experimental infrastructure for EMIST and other security researchers.

The general objective of EMIST is to develop thorough, realistic, and scientifically rigorous testing frameworks and methodologies for particular classes of network attacks and defense mechanisms. These testing frameworks will be adapted for different kinds of experimental approaches, including simulators such as NS, emulation facilities such as the DETER testbed, and both small and large testbeds of real hardware. They will include attack scenarios; attack simulators; generators for topology and background traffic; data sets derived from live traffic; and tools to monitor and summarize test results. These frameworks will allow researchers to experiment with a variety of parameters representing the network environment, attack behaviors, and the configuration of the mechanisms under test.

These frameworks and methodologies are being validated through experiments on the DETER testbed. This validation involves tests on representative network defense mechanisms, including intrusion detection systems (IDSs), automated attack traceback mechanisms, traffic rate-limiting to control DDoS attacks, and mechanisms to detect large-scale worm attacks.

• Improve the state of scientific knowledge about distributed denial-of-service (DDoS) defense to accelerate the development of better DDoS defense technologies.
• The EMIST worm team is focusing its research and experimentation on techniques for modeling Internet-scale events related to worm propagation.
• The EMIST routing team is focusing their efforts on BGP routing attacks. They are evaluating the ability of security mechanisms such as Whisper/Listen, SBGP, and SoBGP to defend the Internet routing infrastructure against malicious attacks.

The development of testing methodologies for network defense mechanisms requires significant advances in our understanding of network attacks and the interactions between attacks and their environment including:

• deployed defense technology
• traffic
• topology
• protocols
• applications

It will also require advances in our understanding of metrics for evaluating defenses.

• Pending

George Kesidis, Electrical Engineering

Your Name (First Last)*

Your Company

Your Email*

Confirm Email*

Your Message:

*required fields