A team of professors from the University of California-Berkeley and University of Southern California has received a $5.46 million grant to build one of the most realistic models of the Internet -- and then wreck it with debilitating hacker attacks.
Working with researchers from Network Associates Laboratories and other institutions, the team is trying to answer questions with major national security implications: What would really happen if the Internet were hit with an attack bigger than the Nimda or Slammer worms? Could we fight it with existing technology?
Or would everything connected to the Internet, from private e-mail boxes to automatic teller networks to power plants, topple like a house of cards?
They can't do the experiments that would answer these questions on the real Internet, because "you can't afford to break it," said Shankar Sastry, chairman of UC-Berkeley's Department of Electrical Engineering and Computer Sciences and the project's principal investigator.
So the researchers, with funding from the National Science Foundation and the Department of Homeland Security, are building their own little Internet that can sustain disabling attacks again and again with no consequences to the outside world. By February, the first node of the network will be online at USC, and by spring experiments will be running on the network.
The goals are to provide more information to policy-makers who are trying to set the national agenda for network security, as well as to help industry come up with more-effective defenses against hacking.
There have been test computer networks before. But most past test networks, run by computer security companies, the government and other academics, are too small and simple to give an accurate picture of how the real Internet might react to unprecedented hacker attacks, the researchers said.
A typical test ground might be a dozen PCs linked together in a simple network.
That's a far cry from the way the Internet really works: An e-mail message or a request for a Web site, for example, passes through a long chain of Internet service providers and many different kinds of hardware before it reaches its destination.
The new test network, called the Cyber Defense Technology Experimental Research Network, or DETER, will contain lots of routers and switches imitating the complexity of the real Net. It won't be nearly as big as the real Internet -- the goal is to eventually hook up 1,000 PCs -- but the researchers hope it will be comparable in behavior.
"When you scale to large types of systems, you often see emergent behavior," said Doug Tygar, a UC-Berkeley computer science professor working on the project. Just as "large groups of people act differently than they do alone, large (complex) networks of computers act differently" from small, simple ones.
The project goes to the heart of what many security experts see as a flaw in today's approach to securing the Internet. The products on the market, such as firewalls and anti-virus software, act as locks and burglar alarms on a building.
Experts say the real problem is that Internet infrastructure and the software that is run on it is insecure. It's as if the building is missing doors, and the walls are full of holes.
With the DETER network, researchers hope to test existing responses to hacker attacks, and maybe find ways to improve the infrastructure itself.