Our critical infrastructures continue to be vulnerable to cyber attack, and the nation is at risk from the convergence of cyber attack and more traditional terrorist activities. As the Internet has become pervasive and all of our critical infrastructures inextricably tied to information systems, we are increasingly at risk for economic, social and physical disruption through the rampant insecurities of information systems today. The urgent application of cyber defense technologies is required in order to adequately protect the nation's information infrastructures.

Over the past ten years there has been an increasing investment in research aimed at developing cyber security technologies, by government agencies (NSF, DARPA, armed services) and by industry. However, we still lack large scale deployment of security technology sufficient to protect our vital infrastructure. One important reason is the lack of an experimental infrastructure for developing and testing next-generation cyber security technology. Neither existing research network infrastructures (Abilene, vBNS) nor the operational Internet meet this need, due to the inherent risks of testing malicious behavior in operational networks. New security technologies have been tested and validated only in small- to medium-scale private research laboratories, which are not representative of large operational networks or of the portion of the Internet that might be involved in a security attack. Furthermore, the methods that have been used for generating background and attack traffic typically do not adequately simulate a real networking environment.

To fill this critical gap, we propose to create an experimental infrastructure network to support the development and demonstration of next-generation information security technologies for cyber defense.
This cyber Defense Technology Experimental Research Network (DETER Network) will provide the necessary infrastructure - networks, tools, methodologies and supporting process - to support national-scale experimentation on emerging security research and advanced development technologies. The DETER project will facilitate scientific experimentation and validation against established baselines of attack behavior and allow experimental approaches that involve breaking the network infrastructure. The existence of the DETER network should promote and catalyze expanded research efforts in this vital area.

A separate experimental network is necessary to provide the necessary isolation for computer security tests. Certain attacks, e.g., denial of service attacks, generate significant traffic which adversely affect production/ research networks by utilizing all available bandwidth even if isolated through VPN's/tunnels. Special tools are also needed to ensure that there are no interconnections with the production networks to prevent leakage of malicious code. Isolation from the production internet is also necessary to allow controlled experiments without unmanaged effects changing results from one run to the next.

The DETER project will create, operate, and support a researcher- and vendor-neutral experimental infrastructure that is open to a wide community of users. Furthermore, we will work in tight coordination with researchers on a sister proposal being submitted by researchers at UC Davis to the NRT solicitation to apply scientific benchmarks and measurements to both the creation of the experimental infrastructure itself and to validation of the experimental results.