Community Research and Development Information Service - CORDIS

FP6 Lobster logo

LOBSTER

Project ID: 004336
Funded under

Large Scale Monitoring of Broadband Internet Infrastructure

From 2004-10-01 to 2007-06-30, closed project | LOBSTER Website

Project details

Total cost:

EUR 2 110 534,20

EU contribution:

EUR 1 625 072

Coordinated in:

Greece

Call for proposal:

FP6-2003-IST-2See other projects for this call

Funding scheme:

SSA - Specific Support Action

Description

Keeping a watchful eye on cyber crime

Taking to heart the premise that you must know your enemies before you can defeat them, European researchers have created an innovative system to monitor computer viruses and cyber attacks on the internet.

The platform, which uses sensors deployed in different countries to passively track internet traffic on a large scale, is helping researchers understand the threats internet users face.

The information gathered by the system can then be used to develop new tools to protect citizens, companies and governments from viruses and attacks. Overall, it will help to make the internet a safer place.

Developed by researchers in the Lobster project, the system is the first of its kind in Europe and one of only three similar endeavours in the world.

An international network of sensors

Sensors set up at 50 locations in 10 countries monitor and analyse internet traffic to detect all manner of cyber mischief, from viruses and worms being propagated between home computers to attacks by hackers on the networks of companies and public organisations.

The sensors are capable of monitoring traffic from more than two million computers at the same time on networks with a cumulative capacity of up to 25 gigabits per second – about 25,000 times the speed of most home broadband connections.

Complex algorithms are used to weed out malicious internet traffic from normal traffic picked up by the sensors. The system is even capable of detecting so-called polymorphic attacks in which hackers send malicious code masquerading as innocent-looking web traffic.

One attack every 30 seconds

Since the project began in October 2004, the network of sensors has detected close to one million cyber attacks – an average of one attack every 30 seconds. On some occasions, the sensors identified attacks as frequently as once every two seconds.

The researchers found that attacks come from all over the world, with 70% originating from and targeting computers within the same network, suggesting the existence of large numbers of compromised computers on private and public networks.

A testbed for network security

The project’s findings are already helping researchers in developing new methods to fight cyber crime.

The system provides a kind of test bed for internet security organisations and researchers to try out new techniques on a large scale for tasks such as traffic characterisation, attack detection and quality-of-service monitoring.

Stopping the cyber plague

With hackers continually increasing the scale and sophistication of attacks, internet monitoring will undoubtedly become ever more important in order to detect vulnerabilities and weaknesses in network security.

Researchers hope that the Lobster project’s results and related initiatives will help to stop or even reverse the trend toward increasing levels of cyber crime, which by some estimates have led to one in every four computers worldwide being compromised at a cost to citizens, companies and governments of hundreds of billions of euros each year.

Objective

Network monitoring and measurement is increasingly regarded as an essential function for developing and supporting high-quality networkservices, building and improving innovative networking technologies, analyzing infrastructure trends and user behavior, and improving the security of our cyber-infrastructure. Accurate network monitoring systems give rise to a wide variety of new applications including provision of early warning for the detection of Internet worms as soon as they start to spread,detection of Distributed-Denial-of-Service attacks even before they are launched, accurate traffic characterization even for applications that use dynamically generated ports such as peer-to-peer systems, and accurate traffic weather service for GRID-enabled applications. Although accurate network monitoring is getting increasingly important for the reliable and efficient operation of our cyber-infrastructure, current traffic monitoring systems in Europe do not provide the information needed to support the above-mentioned applications. Indeed, current systems focus either on collecting lossy flow-level statistics, or in actively measuring latency, bandwidth, error rate and similar properties of network links. In LOBSTER we propose to design and deploy a advanced European Infrastructure for accurate Internet traffic monitoring. Although such an infrastructure poses challenging research questions, we believe that we have successfully met these challenges within the currently running SCAMPI IST FP5 project, that designed and developed a passive network traffic monitoring system for speeds up to 10Gbps. Based on passive monitoring, and capitalizing on ourexperience gained in the SCAMPI IST project, the LOBSTER infrastructure will be unique in Europe and among the only two similar infrastructures that exist in the world today.

Coordinator contact

Evangelos Markatos, (Coordinator)
Tel.: +302810391655
Fax: +302810391601
E-mail

Coordinator

FOUNDATION FOR RESEARCH AND TECHNOLOGY HELLAS
Greece

EU contribution: EUR 365 655,60


N PLASTIRA STR 100
70013 HERAKLION
Greece
Activity type: Research Organisations
Administrative contact: Evangelos Markatos
Tel.: +30 2810 391655
Fax: +30 2810 391601
E-mail

Participants

CESNET ZAJMOVE SDRUZENI PRAVNICKYCH OSOB
Czech Republic

EU contribution: EUR 155 194


ZIKOVA 4
160 00 PRAHA 6
Czech Republic
Activity type: Research Organisations
Administrative contact: Sven Ubik
Tel.: +420-224 355235
Fax: +420-224 320 26
E-mail
ALCATEL VACCUM TECHNOLOGY FRANCE SAS
France

EU contribution: EUR 204 958


AVENUE OCTAVE GREARD 3
75007 PARIS
France
Activity type: Private for-profit entities (excluding Higher or Secondary Education Establishments)
Administrative contact: Alain CARENCO
Tel.: +33 1 6963 4650
Fax: +33 1 6963 1213
E-mail
ELLINIKI ETAIRIA TILEPIKOINONION KAI TILEMATIKON EFARMOGON AE
Greece

EU contribution: EUR 81 520


VASSILIKA VOUTON TECHNOLOGIKO PARKO
71500 IRAKLEIO KRITI
Greece
Activity type: Private for-profit entities (excluding Higher or Secondary Education Establishments)
Administrative contact: Manolis Petsagourakis
Tel.: +302810391200
Fax: +302810391207
E-mail
NEDERLANDSE ORGANISATIE VOOR TOEGEPAST NATUURWETENSCHAPPELIJK ONDERZOEK TNO
Netherlands

EU contribution: EUR 145 281,70


ANNA VAN BUERENPLEIN 1
2595 DA DEN HAAG
Netherlands
Activity type: Other
Administrative contact: Rutger Coolen
Tel.: +3115285 70 68
Fax: +3115285 73 82
E-mail
VERENIGING VOOR CHRISTELIJK HOGER ONDERWIJS WETENSCHAPPELIJK ONDERZOEK EN PATIENTENZORG
Netherlands

EU contribution: EUR 301 000


De Boelelaan 1105
1081 HV AMSTERDAM
Netherlands
Activity type: Higher or Secondary Education Establishments
Administrative contact: Herbert Bos
Tel.: +3171 5277033
Fax: +31 71 5276985
E-mail
GEANT VERENIGING
Netherlands

EU contribution: EUR 92 120


SINGEL 468 D
1017 AW AMSTERDAM
Netherlands
Activity type: Other
Administrative contact: Valentino Cavalli
Tel.: +31205304488
Fax: +31205304499
E-mail
UNINETT AS
Norway

EU contribution: EUR 182 200


ABELSGATE 5
7030 TRONDHEIM
Norway
Activity type: Private for-profit entities (excluding Higher or Secondary Education Establishments)
Administrative contact: Olav Kvittem
Tel.: +47 73 55 79 00
Fax: +47 73 55 79 01
E-mail
SYMANTEC-LIRIC LIMITED
United Kingdom

EU contribution: EUR 97 142,70


HINES MEADOW - SAINT CLOUDS WAY
SL6 8XB MAIDENHEAD-BERKSHIRE
United Kingdom
Activity type: Other
Administrative contact: Gillingham Colin
ENDACE EUROPE LIMITED
Participation ended
United Kingdom

EU contribution: EUR 0


35 Hills Road
CB2 1NT Cambridge
United Kingdom
Activity type:
Administrative contact: Ian Graham
Tel.: +64 7 8390540
Fax: +64 7 8390543
E-mail
Follow us on: RSS Facebook Twitter YouTube Managed by the EU Publications Office Top