IUCRC Phase II Colorado State University: Center for Cybersecurity Analytics and Automation CCAA

IUCRC 第二阶段科罗拉多州立大学：网络安全分析和自动化中心 CCAA

• 批准号: 1822118
• 负责人: Indrakshi Ray
• 金额: $ 50万
• 依托单位: Colorado State University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-03-01 至 2025-02-28
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1822118&HistoricalAwards=false
• 关键词: IUCRC; Phase; II; Colorado; State

Failure to protect systems from cyberattacks in an increasingly interconnected world has severe consequences. The Center for Cybersecurity Analytics and Automation (CCAA) with its universities, government and commercial partners will embark on the development of science and technology to protect, defend, and survive such attacks that are launched by advanced, persistent, and evolving adversaries. The multi-disciplinary and collaborative approach will provide research and technological solutions that will improve sense-making, decision making, and resiliency to sustain cyber missions in the event of cyber warfare and sophisticated cyberattacks.CCAA with its experts in cybersecurity, formal modeling, and data-driven analytics will advance cybersecurity in multiple ways including (a) robust and scalable sense-making for dynamic and predictive cyber risk analytics using large-scale heterogeneous cyber artifacts, (b) adaptive and autonomic decision-making for creating defense strategies and courses of action that are provably correct and operationally safe using mission requirements, security policies and guidelines, and system configurations, (c) making resilience and agility inherent properties of cyber and cyber physical systems to enable real-time deterrence, deception, and mitigation. The Colorado State University (CSU) site will contribute in formal methods, cyber physical systems, machine learning, and networking.The Center's research will advance the field of cyber security through its research in preventing, detecting, recovering, and surviving cyberattacks in a connected world and make systems safe, secure, and resilient. Technology transfer will occur through start-ups, student and faculty internships at the member organizations. Students at all levels, high-school, undergraduates, and graduates will be involved in the projects. Minority students, especially first generation, will be actively recruited. Efforts will be made to have students do internships at the industrial organizations and the partner universities.The Center will make all the artifacts developed in this project in a central repository that will be accessible to all its members. The repository will be accessible through the Center's website (http://www.ccaa-nsf.org/). The artifacts include manuscripts, code, datasets, and experimental results. Some of these materials will also be disseminated to the public, selected external organizations conforming to the bylaws of the Center, the NSF policies, and the individual universities requirements. The repository will be available for the duration of the Phase II project, and an earnest attempt will be made to maintain the repository after the project ends.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在日益互联的世界中，未能保护系统免受网络攻击会产生严重后果。网络安全分析和自动化中心（CCAA）及其大学，政府和商业合作伙伴将着手开发科学和技术，以保护，防御和抵御由先进，持久和不断发展的对手发起的此类攻击。多学科和协作的方法将提供研究和技术解决方案，这些解决方案将改善感知，决策和弹性，以在网络战争和复杂的网络攻击事件中维持网络任务。CCAA拥有网络安全，正式建模，数据驱动的分析将以多种方式推进网络安全，包括（a）强大和可扩展的意义，使用大规模异构网络工件进行动态和预测性网络风险分析，（B）自适应和自主决策，用于创建使用使命要求、安全策略和指南以及系统配置可证明正确和操作安全的防御策略和行动过程，（c）使网络和网络物理系统具有弹性和灵活性的固有属性，以实现实时威慑、欺骗和缓解。 科罗拉多州立大学（CSU）将在正式方法、网络物理系统、机器学习和网络方面做出贡献。该中心的研究将通过在互联世界中预防、检测、恢复和生存网络攻击的研究来推进网络安全领域，并使系统安全、可靠和有弹性。技术转让将通过成员组织的初创企业、学生和教师实习进行。所有级别的学生，高中，本科生和研究生都将参与这些项目。将积极招收少数民族学生，特别是第一代学生。将努力让学生在工业组织和合作大学实习。中心将把该项目中开发的所有工件放在一个中央存储库中，供所有成员访问。可通过该中心的网站（http：//www.ccaa-nsf.org/）访问该储存库。这些工件包括手稿、代码、数据集和实验结果。其中一些材料也将分发给公众，选择符合中心章程，NSF政策和个别大学要求的外部组织。该储存库将在第二阶段项目期间使用，并将在项目结束后认真努力维护储存库。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Context-Aware IoT Device Functionality Extraction from Specifications for Ensuring Consumer Security

• DOI: 10.1109/cns53000.2021.9705050
• 发表时间: 2021-10
• 期刊: 2021 IEEE Conference on Communications and Network Security (CNS)
• 作者: Upakar Paudel;Andy Dolan;Suryadipta Majumdar;I. Ray

“X-Phish: Days of Future Past”‡: Adaptive & Privacy Preserving Phishing Detection

—X-Phish：Days of Future Past —：自适应

• DOI: 10.1109/cns53000.2021.9705052
• 发表时间: 2021
• 期刊: 2021 IEEE Conference on Communications and Network Security (CNS
• 作者: Deval, Shalin Kumar;Tripathi, Meenakshi;Bezawada, Bruhadeshwar;Ray, Indrakshi
• 通讯作者: Ray, Indrakshi

Seeing Should Probably not be Believing: The Role of Deceptive Support in COVID-19 Misinformation on Twitter

眼见为实：欺骗性支持在 Twitter 上的 COVID-19 错误信息中所扮演的角色

• DOI: 10.1145/3546914
• 发表时间: 2022
• 期刊: Journal of Data and Information Quality
• 作者: Zuo, Chaoyuan;Banerjee, Ritwik;Shirazi, Hossein;Chaleshtori, Fateme Hashemi;Ray, Indrakshi
• 通讯作者: Ray, Indrakshi

Sparse Binary Transformers for Multivariate Time Series Modeling

• DOI: 10.1145/3580305.3599508
• 发表时间: 2023-08
• 期刊: Proceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining
• 作者: Matt Gorbett;H. Shirazi;I. Ray

Synthesizing and Analyzing Attribute-Based Access Control Model Generated from Natural Language Policy Statements

综合和分析从自然语言策略语句生成的基于属性的访问控制模型

• DOI: 10.1145/3589608.3593844
• 发表时间: 2023
• 期刊: ACM
• 作者: Abdelgawad, Mahmoud;Ray, Indrakshi;Alqurashi, Saja;Venkatesha, Videep;Shirazi, Hosein
• 通讯作者: Shirazi, Hosein