Retro-future: The Retrospective Future in the Internet

Project Summary

New network security events, from new zero-day attacks to insider threats, are only apparent after they have occurred. By definition, these events work in unexpected ways and only through hindsight may one learns what should have been collected and analyzed. To address these events, one either needs to predict the unexpected or travel back in time to replay the event. The premise of this project is to record enough network state to replay network security events and effectively travel back in time--in effect, to provide an Internet Digital Video Recorder (DVR).

The challenge in this effort is to provide Internet time-travel that is efficient, maximizing the effective history that is saved, to be cost-effective commodity hardware and software, and most importantly, to accommodate permission and privacy constraints that are necessary to deploy this system.

We expect that the resulting Internet DVR will help aid development and testing of network defenses.

Retro-future is a joint research effort of USC Information Sciences Institute, Colorado State University's Network Security lab, and Los Alamos National Laboratory. It is part of the ANT: the Analysis of Network Traffic research group.

This work supported (2012-2016) by Department of Homeland Security Science and Technology Directorate, Cyber Security Division, via SPAWAR Systems Center Pacific under Contract No. N66001-13-C-3001. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of SSC-Pacific.

It is also supported (starting in 2016) by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD) via contract number HHSP233201600010C. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Department of Homeland Security.



In addition, we thank Dan Massey for his involvement early in the effort. He is current on leave from Colorado State and this project.


For related publications, please see the ANT publications web page.


See the see the ANT distribution web page.


The primary goal of retro-future is to develop new network measurement capabilities. When we generate new datasets we can release as a side-effect of this process we will announce them here.

Related Links

ANT: the Analysis of Network Traffic research group