Project description
Research Networking test beds
Keeping a watchful eye on cyber crime
Taking to heart the premise that you must know your enemies before you can defeat them, European researchers have created an innovative system to monitor computer viruses and cyber attacks on the internet.
The platform, which uses sensors deployed in different countries to passively track internet traffic on a large scale, is helping researchers understand the threats internet users face.
The information gathered by the system can then be used to develop new tools to protect citizens, companies and governments from viruses and attacks. Overall, it will help to make the internet a safer place.
Developed by researchers in the Lobster project, the system is the first of its kind in Europe and one of only three similar endeavours in the world.
An international network of sensors
Sensors set up at 50 locations in 10 countries monitor and analyse internet traffic to detect all manner of cyber mischief, from viruses and worms being propagated between home computers to attacks by hackers on the networks of companies and public organisations.
The sensors are capable of monitoring traffic from more than two million computers at the same time on networks with a cumulative capacity of up to 25 gigabits per second – about 25,000 times the speed of most home broadband connections.
Complex algorithms are used to weed out malicious internet traffic from normal traffic picked up by the sensors. The system is even capable of detecting so-called polymorphic attacks in which hackers send malicious code masquerading as innocent-looking web traffic.
One attack every 30 seconds
Since the project began in October 2004, the network of sensors has detected close to one million cyber attacks – an average of one attack every 30 seconds. On some occasions, the sensors identified attacks as frequently as once every two seconds.
The researchers found that attacks come from all over the world, with 70% originating from and targeting computers within the same network, suggesting the existence of large numbers of compromised computers on private and public networks.
A testbed for network security
The project’s findings are already helping researchers in developing new methods to fight cyber crime.
The system provides a kind of test bed for internet security organisations and researchers to try out new techniques on a large scale for tasks such as traffic characterisation, attack detection and quality-of-service monitoring.
Stopping the cyber plague
With hackers continually increasing the scale and sophistication of attacks, internet monitoring will undoubtedly become ever more important in order to detect vulnerabilities and weaknesses in network security.
Researchers hope that the Lobster project’s results and related initiatives will help to stop or even reverse the trend toward increasing levels of cyber crime, which by some estimates have led to one in every four computers worldwide being compromised at a cost to citizens, companies and governments of hundreds of billions of euros each year.
Network monitoring and measurement is increasingly regarded as an essential function for developing and supporting high-quality networkservices, building and improving innovative networking technologies, analyzing infrastructure trends and user behavior, and improving the security of our cyber-infrastructure. Accurate network monitoring systems give rise to a wide variety of new applications including provision of early warning for the detection of Internet worms as soon as they start to spread,detection of Distributed-Denial-of-Service attacks even before they are launched, accurate traffic characterization even for applications that use dynamically generated ports such as peer-to-peer systems, and accurate traffic weather service for GRID-enabled applications. Although accurate network monitoring is getting increasingly important for the reliable and efficient operation of our cyber-infrastructure, current traffic monitoring systems in Europe do not provide the information needed to support the above-mentioned applications. Indeed, current systems focus either on collecting lossy flow-level statistics, or in actively measuring latency, bandwidth, error rate and similar properties of network links. In LOBSTER we propose to design and deploy a advanced European Infrastructure for accurate Internet traffic monitoring. Although such an infrastructure poses challenging research questions, we believe that we have successfully met these challenges within the currently running SCAMPI IST FP5 project, that designed and developed a passive network traffic monitoring system for speeds up to 10Gbps. Based on passive monitoring, and capitalizing on ourexperience gained in the SCAMPI IST project, the LOBSTER infrastructure will be unique in Europe and among the only two similar infrastructures that exist in the world today.
Fields of science
Call for proposal
FP6-2003-IST-2
See other projects for this call
Funding Scheme
SSA - Specific Support ActionCoordinator
70013 Irakleio
Greece