CIRC: NEW: iVoyager: Internet Voyager for gathering cyber threat intelligence

About This Grant

Researchers have deployed 32-bit Internet address-based (IPv4) network telescopes and honeypots in academic networks and public cloud infrastructure to capture and react to unsolicited Internet traffic that often carries threat intelligence signals. However, the transition to 128-bit Internet addressing (IPv6) presents a fundamental challenge: its vast address space renders traditional (brute force) IPv4 scanning techniques ineffective, requiring new approaches for traffic collection and threat detection. This project introduces iVoyager, a cyberinfrastructure (CI) designed to empower researchers to effectively explore the evolving landscape of Internet threats by gathering cyber threat intelligence across both IPv4 and IPv6 network deployments. This project plans to design and implement iVoyager that provide three capabilities: (1) a flexible virtualized environment to facilitate development and deployment of distributed dual-stack (IPv4 and IPv6) telescopes and honeypots; (2) a proactive telescope that applies novel active techniques to attract malicious IPv6 traffic; (3) deployment of lightweight telescope and honeypot vantage points in public clouds and collaborating networks. The project plans to operationalize the reference design of iVoyager to collect longitudinal datasets that facilitate use of machine learning/artificial intelligence (ML/AI) for cyber threat hunting, anomaly detection, and malware analysis. iVoyager will complement existing CIs by providing additional datasets for more comprehensive cyber threat analysis. The data collected by IPv4 telescopes has enabled hundreds of network researchers to study Internet-wide cybersecurity incidents, such as denial-of-service attacks, malware propagation, and malicious scanning activities. The datasets produced by iVoyager will expand this capability to a dual-stack IPv4 and IPv6 world, with a focus on advanced applications of machine learning and artificial intelligence (ML/AI) for cyber threat hunting, anomaly detection, and malware analysis. The infrastructure will also support deployment of novel experiments and ML/AI-driven methodologies for characterizing IP spoofing, scanning strategies, and other malicious behaviors. These capabilities will inform and enhance cybersecurity practices and policy development. A link to the project website will be provided from https://www.caida.org/funding/circ-ivoyager/ This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.