Internet-Wide Vulnerability Measurement, Assessment, and Notification

Principal Investigator(s): 
Mark Allman

Vulnerable software costs the U.S. economy more than $180 billion a year, and large-scale, remotely exploitable vulnerabilities affecting millions of Internet hosts have become a regular occurrence. This project seeks to reduce the impact of software vulnerabilities in Internet-connected systems by developing measurement-driven techniques for global vulnerability detection, assessment, and mitigation.

Recent advances in Internet-wide scanning make it possible to conduct network surveys of the full public IPv4 address space in minutes. In this project, researchers are applying these measurement techniques to comprehensively identify systems that suffer from vulnerabilities and automatically take steps to help affected system operators correct the problems. This involves developing methods to more quickly, accurately, comprehensively, and ethically discover vulnerable populations, creating tools for analyzing large security measurement datasets to better understand the impact of particular vulnerabilities, and translating this information into actionable advice for vulnerable system operators.

This is a collaborative project between scientists from University of Michigan, University of Illinois, and ICSI, and is funded by NSF.