Information technology (IT) testbeds have been used for years to evaluate the utility of cutting-edge technologies and address challenging technical problems. Now they are emerging as a powerful new tool in the fight against cyber attacks.

Until recently, IT testbeds were usually project-based and only focused on a narrowly defined problem or specific technology. Several were developed to explore the challenges of transitioning from Internet Protocol version 4 (IPv4) to IPv6, for example, while others, like the Idaho National Laboratory's National SCADA Testbed, specifically address nuclear and energy research, science, and national defense.

In the realm of cybersecurity, however, no testbeds were available for conducting scientifically rigorous evaluations of new cyber security technologies in an environment that realistically simulates the Internet. But a new testbed initiative - the Cyber Defense Technology Experimental Research (DETER) project at the University of Southern California (USC) - is bringing the value of testbeds to the realm of cyber security. The DETER project, located at USC's Information Sciences Institute (ISI) and managed in coordination with the University of California at Berkeley, provides researchers powerful models of networks and network security mechanisms to conduct robust analysis on new cyber security technologies. Jointly funded by the Department of Homeland Security and the National Science Foundation, one of its main goals is to further the government's ability to protect itself from cyber attacks.

DETER's unique contribution to cyber security is based on the novel ways it helps researchers to more robustly and effectively evaluate new cyber security technologies and approaches. DETER's program director, Terry Benzel, said he believes the project's effect on cyber security is truly significant.

"DETER provides the infrastructure, methodologies, and tools to provide scientific, repeatable experimentation across a wide range of cyber security technologies," Benzel said. "This is a unique contribution; most research and experimentation to date has been conducted in either small to medium scale research facilities or in dedicated privately-owned facilities, which do not lend themselves to repeatable analysis of a diversity of cyber technologies."

DETER's testbed is a 200+ node IT network that allows researchers to experiment against realistically simulated connections, hardware, and data traffic that make up the real Internet. In addition to evaluating new technologies in the testbed, researchers can also release malicious code into the environment to study it in a realistic setting. With these capabilities, the project focuses on three main goals:

Create and maintain the DETER Testbed - Build and operate a general-purpose medium scale experimental facility for network security research and testing with the capability to execute experiments that cover a wide range of cyber threats.

Develop Experimenter Support Software - Build a software environment to aid experimenters in defining, running, and visualizing medium-scale complex security experiments.

Support the Research Community - Facilitate the formation of a vibrant security research community centered on the DETER testbed. This goal aims to use the testbed as a catalyst for a robust scientific program in network security research.

The creation of DETER began nearly three years ago at the Department of Homeland Security and the National Science Foundation as part of the federal government's mission to protect the nation's critical infrastructure. Dr. Douglas Maughan, program manager of the Homeland Security Advanced Research Projects Agency, said he believes the government's funding of DETER is an important step forward in improving cyber security.

"Cyber security is of national importance, and research is a fundamental aspect that must be funded to ease current security concerns," Maughan said. "Through investment in projects like DETER, which leverage the best academic and private sector capabilities in the world, the government can better understand the requirements for continued security of this country's networks."

In addition to the involvement of the federal government and notable researchers from around the country, private industry has also made important contributions to the project. Benzel said he sees their involvement as key to the project's success for a number of reasons.

"Community efforts of the DETER project are aimed at increasing the base of users to enhance the scientific quality of the testbed results and involving critical infrastructure providers in the design, development, and operation of the testbed," Benzel noted.

"Outreach to public sector infrastructure providers has resulted in the inclusion of state-of-the-art technology components, such as Juniper Network's routers and Intrusion Detection and Prevention (IDP) solutions. These components provide both increased experimental components for the testbed and, in some cases such as Juniper's IDP solutions, provide infrastructure for the protection and operation of the testbed." Benzel believes that because Juniper Network's products are used in many of the world's large, complex networks, their participation in the project helps create a more realistic testing environment.

After rapidly developing an initial operational capability within the first six months of the project, the last two years have seen numerous achievements at DETER. Currently, more than 30 ongoing experiment and analysis projects from government, academia and industry are using the testbed, including several start-up companies with emerging technology. The experiments span the range of cyber defense technologies in the areas of distributed denial of service attacks, worms, and routing protocols.

Numerous published papers in accredited journals have drawn from DETER-based work. Three large-scale experiment demonstrations in June 2004, October 2004, and September 2005 highlighted results from DETER experiments to government, academia, and industry audiences.

In today's world of increasing cyber attacks, DETER enables truly realistic cyber security research on the Internet without impacting the Internet itself. And with its continued success, the difficult challenges of conducting robust cyber security research will be a thing of the past. Testbeds will continue to demonstrate an important role in research and development of information technology while offering collaboration between the private and public sectors.