CRII: OAC: Inferring, Attributing, Mitigating and Analyzing the Malicious Orchestration of Internet-scale Exploited IoT Devices: A Network Telescope Approach

CRII：OAC：推断、归因、减轻和分析互联网规模被利用物联网设备的恶意编排：网络望远镜方法

• 批准号: 1755179
• 负责人: Elias Bou-Harb
• 金额: $ 17.5万
• 依托单位: Florida Atlantic University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-03-01 至 2019-11-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1755179&HistoricalAwards=false
• 关键词: CRII; OAC; Inferring; Attributing; Mitigating

Despite the benefits provided by the widespread adoption and deployment of diverse Internet-enabled devices such as phones and smart home components in consumer markets and critical infrastructure - the so called Internet of Things (IoT) devices, security concerns are rising as such devices also introduce new vulnerabilities that could be leveraged by attackers to launch disrupting cyber-attacks. The objective of this project is to enable exploration of the inherent insecurity of the IoT paradigm by exploring innovative data analytics as applied to raw cyber security data. Insights gained will allow detection, characterization and attribution of Internet-scale compromised IoT devices, coupled with their malicious activities, in near real-time. Several technical challenges impede addressing IoT security at large, including, the excessive diversity of IoT devices in addition to their Internet-wide deployment, the lack of IoT-relevant data and the shortage of IoT-specific actionable attack signatures. In this context, this project serves NSF's mission to promote the progress of science by aiming to generate a first-of-a-kind, large-scale analysis of the magnitude of compromised IoT devices. The project also promotes cyber security research and training for minorities, given that it will be executed within the boundaries of a designated Hispanic-serving institution. Moreover, the project will contribute to operational cyber security by developing a real-time capability for storing and sharing IoT-relevant threat information.The project will draw-upon macroscopic, large-scale passive measurement data collected in real-time from a network telescope to highlight the severity of the insecurity of the IoT paradigm. Network telescopes, most commonly known as darknets, constitute a set of routable, allocated yet unused IP addresses. The project will design and develop real-time algorithms that are capable of inferring Internet-scale exploited IoT devices by exploring darknet data. Furthermore, the project will investigate formal correlation approaches rooted in stochastic data structures between IoT-relevant passive measurements and malware samples to aid in the attribution and thus the remediation objective. The project will further explore the orchestration behavior of seemingly independent IoT activities, which operate within well-coordinated IoT botnets. To this end, the project will innovate time series analytics based upon trigonometric interpolation techniques, recursive optimal stochastic estimators, and bitmap matching algorithms to infer such IoT botnets by employing passive measurements.  The project will also (1) develop a unique cyberinfrastructure for IoT cyber threat indexing by automating the proposed algorithms, techniques and methods, (2) generate IoT-specific signatures by employing piecewise hashing techniques, and (3) create access methods based on an API mechanism and a front-end service facilitated by Elasticsearch to allow the sharing of IoT-centric empirical data, threat intelligence and signatures.  This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

尽管在消费者市场和关键基础设施中广泛采用和部署各种支持互联网的设备（如电话和智能家居组件）（所谓的物联网（IoT）设备）带来了好处，但安全问题正在上升，因为这些设备也引入了新的漏洞，攻击者可能会利用这些漏洞发动破坏性的网络攻击。 该项目的目标是通过探索应用于原始网络安全数据的创新数据分析来探索物联网范式的固有不安全性。 获得的见解将允许近实时地检测、表征和归因互联网规模的受损物联网设备及其恶意活动。 一些技术挑战阻碍了物联网安全的解决，包括物联网设备的过度多样性以及互联网范围内的部署，缺乏物联网相关数据以及缺乏特定于物联网的可操作攻击特征。 在这种情况下，该项目服务于NSF的使命，旨在通过对受损物联网设备的规模进行首次大规模分析来促进科学进步。 该项目还促进了对少数民族的网络安全研究和培训，因为它将在指定的西班牙裔服务机构范围内执行。 此外，该项目还将通过开发实时存储和共享物联网相关威胁信息的能力，为运营网络安全做出贡献。该项目将利用从网络望远镜实时收集的宏观、大规模被动测量数据，突出物联网范式不安全的严重性。 网络望远镜，通常被称为暗网，构成了一组可路由的，已分配但未使用的IP地址。 该项目将设计和开发实时算法，能够通过探索暗网数据来推断互联网规模的物联网设备。 此外，该项目还将研究基于物联网相关被动测量和恶意软件样本之间随机数据结构的正式相关方法，以帮助确定归因，从而实现补救目标。 该项目将进一步探索看似独立的物联网活动的编排行为，这些活动在协调良好的物联网僵尸网络中运行。 为此，该项目将创新基于三角插值技术、递归最优随机估计器和位图匹配算法的时间序列分析，通过采用被动测量来推断此类物联网僵尸网络。该项目还将（1）通过自动化所提出的算法、技术和方法，为物联网网络威胁索引开发独特的网络基础设施，（2）通过采用分段散列技术生成物联网特定签名，以及（3）基于API机制和Elasticsearch促进的前端服务创建访问方法，以允许共享以物联网为中心的经验数据，该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Inferring, Characterizing, and Investigating Internet-Scale Malicious IoT Device Activities: A Network Telescope Perspective

推断、表征和调查互联网规模的恶意物联网设备活动：网络望远镜视角

• DOI: 10.1109/dsn.2018.00064
• 发表时间: 2018
• 期刊: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN
• 作者: Torabi, Sadegh;Bou-Harb, Elias;Assi, Chadi;Galluscio, Mario;Boukhtouta, Amine;Debbabi, Mourad
• 通讯作者: Debbabi, Mourad

Implications of Theoretic Derivations on Empirical Passive Measurements for Effective Cyber Threat Intelligence Generation

理论推导对有效生成网络威胁情报的实证被动测量的影响

• DOI: 10.1109/icc.2018.8422720
• 发表时间: 2018
• 期刊: IEEE International Conference on Communications (ICC
• 作者: Pour, Morteza Safaei;Bou-Harb, Elias
• 通讯作者: Bou-Harb, Elias

A first empirical look on internet-scale exploitations of IoT devices

对物联网设备的互联网规模利用的首次实证研究

• DOI: 10.1109/pimrc.2017.8292628
• 发表时间: 2017
• 期刊: and Mobile Radio Communications (PIMRC
• 作者: Galluscio, Mario;Neshenko, Nataliia;Bou-Harb, Elias;Huang, Yongliang;Ghani, Nasir;Crichigno, Jorge;Kaddoum, Georges
• 通讯作者: Kaddoum, Georges

Theoretic derivations of scan detection operating on darknet traffic

对暗网流量进行扫描检测的理论推导

• 发表时间: 2019
• 期刊: Computer communications
• 影响因子: 6
• 作者: Safaei Pour, Morteza;Bou-Harb, Elias
• 通讯作者: Bou-Harb, Elias

Demystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-Scale IoT Exploitations

• DOI: 10.1109/comst.2019.2910750
• 发表时间: 2019-01-01
• 期刊: IEEE COMMUNICATIONS SURVEYS AND TUTORIALS
• 影响因子: 35.6
• 作者: Neshenko, Nataliia;Bou-Harb, Elias;Ghani, Nasir
• 通讯作者: Ghani, Nasir