CICI: TCR: IRIS: Instrumentation for Research and Inter-institutional SOC
Merit Network, Inc., Ann Arbor MI
Investigators
Abstract
This project addresses the problems of designing, engineering and maintaining an effective and scalable networking and cybersecurity infrastructure that would enable unique research opportunities that span the areas of Internet freedom, networking monitoring, threat intelligence and security and privacy, while at the same empowering the protection of member institutions within Merit Network (Michigan’s research and education network) from cyber threats. There are significant barriers to effective cybersecurity, including constrained cybersecurity budgets, inadequate staffing, and the need for continuous infrastructure maintenance. Small, low-resourced institutions within Merit’s membership are especially challenged by these barriers, finding it difficult to remain competitive and relevant in today’s Internet in which cyber-attacks are growing both in frequency and sophistication. Under these considerations, the project creates a Merit-managed, shared infrastructure that allows these entities to focus on their missions and be confident that they have a baseline level of cybersecurity defense. This project develops situational awareness infrastructure to efficiently monitor Internet traffic entering and leaving Merit’s network border, and to detect and help mitigate cyber-threats destined to Merit’s member institutions (i.e., universities, K12 schools, etc.). The so-called IRIS (Instrumentation of Research and Inter-institutional Security Operations Center (SOC)) infrastructure has the capability of monitoring ultra high speeds of network traffic in a streaming manner in a centralized, configurable, and sustainable manner. This high-speed network monitoring infrastructure is deployed on the Merit backbone network at key peering locations and provides a constant feed of rich network research data as well as distilled cyber-security threats (e.g., malware downloads, denial of service attacks, etc.). The SOC platform gleans such threats via state-of-the-art cybersecurity solutions (including open source ones) and passes them to a data pipeline for further analysis, enrichment and research. These analysis products provide to security analysts and researchers up-to-date insights with regards to the current malware ecosystem, actionable threat intelligence regarding compromised computer systems and malicious Internet sites, and exploitable vulnerabilities which require remediation. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →