NSF Award
2217886
This project will make available to the general networking community continuous, distributed, and multimode datasets currently being collected at three Research and Education Networks (RENs). The data is well-suited for cybersecurity research, anomaly detection, evaluation, and classification tasks such as detecting DDoS and other network attacks, route hijacking, encrypted application traffic and quantifying network resilience.<br/><br/>The project will provide both anonymized and non-anonymized data, the latter accessed through the project’s existing infrastructure. The uniqueness of the data lies in its continuous, distributed, uniform and multimode nature. The data is continuous because traffic capture happens 24/7. This is important because interesting phenomena can happen at any time. The data is distributed and uniform because the same capture process runs at all locations simultaneously. This is important because attacks and other anomalies may be distributed and observing them at multiple networks at the same time facilitates easier correlation. Uniformity is important to access data in a consistent and familiar environment. Finally, the data will be presented in multiple modes: unsampled flows, sFlow, Netflow, and in some locations, accompanied by commercial Intrusion Detection System (IDS) alerts. Each of these modes has its own advantages: unsampled flows are needed to discover needle-in-a-haystack phenomena; sFlow and Netflow summarize traffic making datasets smaller and easier to handle; and IDS alerts provide external DDoS labeling.<br/><br/>In addition to benefiting researchers in cybersecurity, the data will benefit the broader networking community working on routing, censorship, traffic correlation, characterization and engineering, machine learning, privacy, and other areas. The data has been used in hackathons and in the classroom to build exercises and demonstrations. Finally, the data will also have a broad societal impact given the increasing use of the Internet for work, education, and entertainment. Datasets may be requested at https://ant.isi.edu/classnet/<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
