Professor Aims to Bolster Internet Research Infrastructure

Network telescopes detect cybersecurity threats, measure internet traffic, and serve many research purposes. Despite these benefits, the use of this technology has declined in recent years.

School of Computer Science Associate Professor Alberto Dainotti, however, is revolutionizing network telescopes through a $1.2 million grant from the National Science Foundation.

Network telescopes use large sets of inactive IP addresses to observe unsolicited internet traffic, typically considered “pollution,” to reveal many internet phenomena. These observations can be used to detect denial-of-service attacks and find viruses or other malicious activity.

Network telescopes' ability to monitor this pollution also provides a way to track internet connectivity. Network telescopes are one of the tools used by IODA, a system tracking connectivity worldwide created by Dainotti’s lab.

The larger and more accurate the telescope, the more inactive IP addresses it has. Due to the increasing cost and decreasing availability of IP addresses, creating and maintaining large network telescopes has become difficult for universities. Institutions have sold many of the addresses they own or allocated them to devices using the internet.

Dainotti will use his NSF grant to help universities and other organizations again have powerful network telescopes.

“If we stop seeing pollution coming from a particular area, maybe there’s something wrong with connectivity there since that pollution is typically happening constantly,” Dainotti said.

While universities might not have large numbers of inactive IP addresses to dedicate solely to a network telescope, many addresses aren’t always in use. Until now, it has not been easy to track this activity. However, Dainotti has created a system to detect this automatically. Using this method, organizations can create what Dainotti calls a dynamic network telescope.

The dynamic network telescopes also solve another problem: some malicious actors have learned how to detect and block the sets of IP addresses used in network telescopes. Using the dynamic approach makes it harder for them to track which addresses are currently being used.

“The spirit of this proposal is to reenable organizations to have this precious research infrastructure in a different way, but with the same purpose,” Dainotti said.