With new financial backing from the National Science Foundation, local computer scientists have created a Center for Epidemiology and Defenses to investigate Internet-borne viruses, worms and plagues.
The NSF, as part of its new $30 million Cyber Trust program, has allocated $6.2 million over five years for the new center. The award is expected to be announced Tuesday.
The Center for Epidemiology and Defenses will be a collaboration of scientists at the University of California, San Diego and the International Computer Science Institute, an affiliate of University of California, Berkeley.
The federal dollars -- coupled with financial and equipment contributions from Microsoft (Nasdaq: MSFT), Intel (Nasdaq: INTC) and Hewlett-Packard (NYSE: HPQ), and funding under UCSD's new Center for Networked Systems -- sustain research that began on a smaller scale in late-2002.
Computer scientists from San Diego and Berkeley began working together in earnest in January 2003 to understand the propagation of the Slammer or Sapphire worm, according to UCSD computer science professor Stefan Savage.
The worm was considered the fastest of its kind in history, at a peak rate of 55 million infections per minute, Savage said. Slammer was able to infect most of the world's computers within minutes, by exploiting a vulnerability in computers with Internet access that were running Microsoft's SQL Server or MSDE 2000.
"Any defense mechanism that had a human in place wasn't going to work," Savage said of the worm's spread. Short of unplugging networks from the wall, it became clear, "you need defenses that don't shut down all the positive benefits of the Internet."
Savage will serve as the Center for Epidemiology and Defenses' project director. While this is perhaps the largest effort by academic scientists to understand and stop epidemic-style online attacks, Savage notes that plenty of software and anti-virus companies are pursuing the same ends.
Still, at the academic level, scientists can take a longer view than might be possible at a corporation, and aren't limited by shareholder wants or industry competition, he said.
"Industry has to implement a solution," said Savage. "We're good at coming up with the seeds of those solutions."
The Center for Internet Epidemiology and Defenses, with an expected staff of about two-dozen researchers, can in fact collaborate with neighbors including the San Diego Supercomputer Center.
"There's not a lot of turf wars over this stuff," Savage said.
This is the first round of funding under NSF's Cyber Trust program, launched last December. The Center for Epidemiology and Defenses was selected out of a candidate pool of 25 applicants. The only other recipient of funding, also to be announced Tuesday, is the Security Through Interaction Modeling Center at Carnegie Mellon University. That program intends to look at the Internet environment for cyber-crimes.
Scientists for the Center for Internet Epidemiology and Defenses say the Internet's relatively high level of homogeneity mean that, unlike human disease, a computer worm or virus' spread isn't limited to geography or natural immunity.
That makes Internet-enabled epidemics all the more difficult to control, Vern Paxson, principal investigator for the International Computer Science Institute, said in a statement.
"It is easy to build a defense against one particular known virus or worm; this is what we do now," said Paxson. "But to stop whole classes of these pathogens requires far more insight into what it means to be an epidemic and how infectious behavior stands apart from legitimate use."