War games online

Seeking an edge in the battle against computer worms and viruses, UC Berkeley researchers are building a virtual playing field for cyber war games.

By simulating the Internet on a small scale, the virtual laboratory of 1,000 networked computers will help researchers develop new ways to beat hackers who threaten our online infrastructure.

Supported by a three-year, $5.46 million grant from the US National Science Foundation, the Cyber Defense Technology Experimental Research (DETER) network is a collaboration between UC Berkeley researchers in the Center for Information Technology Researchers in the Interest of Society (CITRIS) and the University of Southern California’s Information Sciences Institute (USC-ISI).

‘One of the challenges of creating effective defence programs for attacks from viruses and worms is that they are only tested in moderate-sized private research facilities or through computer simulations that are not representative of the way the Internet works in reality,’ says UC Berkeley professor and chair of electrical engineering and computer sciences Shankar Sastry, the principal investigator on the DETER project.

In recent years, cyber-attacks have become more common, and increasingly severe. For example, in January 2003 the Slammer/Sapphire worm infected more than 75,000 hosts globally within 10 minutes, leading to ATM failures and major network outages. Then, in August, the MSBlaster and SoBig worms brought portions of the commercial Internet to its knees. Indeed, SoBig was considered the most economically damaging virus ever, causing an estimated $14.62 billion in business losses.

‘With so much of the nation now dependent on the Internet, we are no longer talking about nuisance pranks and vandalism, but potential losses in the billions of dollars,’ says Terry Benzel, assistant director for special projects at USC-ISI and co-investigator of the project.

The DETER network will be a scale model that simulates the multitude of components on the real Internet – from routers and hubs to desktop PCs. The network will consist of three permanent hardware clusters, or nodes, located at UC Berkeley, USC-ISI, and ISI-East in Virginia. Each computer in a node will represent several network connections. Through this shared online laboratory, researchers from government, academia, and the private sector will have the opportunity to unleash their own malicious computer code and test new defence methods in a contained environment.

‘Through this project we will develop traffic models and architectures that are scaled down from the actual Internet, but still representative enough that people can have confidence in it,’ Sastry says.

On the web