CICI: SSC: Proactive Cyber Threat Intelligence and Comprehensive Network Monitoring for Scientific Cyberinfrastructure: The AZSecure Framework

CICI：SSC：科学网络基础设施的主动网络威胁情报和综合网络监控：AZSecure 框架

• 批准号: 1917117
• 负责人: Hsinchun Chen
• 金额: $ 99.8万
• 依托单位: University of Arizona
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-07-01 至 2024-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1917117&HistoricalAwards=false
• 关键词: CICI; SSC; Proactive; Cyber; Threat

The rapid growth of computing technologies in scientific instruments has increased the rate of discovery. Some recent examples include the discovery of new fundamental particles and the first-ever images of a black hole. Unfortunately, the same technologies contributing to these high-impact discoveries are also being targeted by hackers to steal ideas or for profit. These attacks threaten the privacy, integrity, and ability to access valuable scientific data and events. The risks to scientific facilities and how they can be attacked have still not been properly mapped. This project will use novel Artificial Intelligence to (1) study hackers in the international and ever-evolving Dark Web and identify and categorize hundreds of thousands of risks and (2) link those risks to possible attacks on two large-scale science community facilities. One of them is a facility funded by the National Science Foundation offering advanced computing resources for Life Sciences. The other uses a network of sensors around the globe to collect detailed and timely data for Earth Sciences. Studying these valuable targets enables investigation of current and emerging threats that present risk to scientific discovery.Led by the Hispanic Serving Institution (HSI) University of Arizona (UA), this project designs an innovative, holistic, and proactive Cyber Threat Intelligence (CTI) framework with two synergistic research streams. The first builds upon advanced topic modelling and text classification approaches from our NSF Secure and Trustworthy Cyberspace (SaTC) research to systematically collect and explore multi-million record Dark Web hacker forums for scientific cyberinfrastructure exploits. The second designs novel banner data feature extraction, text analytics, and custom vulnerability scanning integrating state-of-the-art tools to comprehensively categorize and assess the vulnerabilities within CyVerse?s (life sciences) and LEO?s (earth sciences) diverse instruments, data, hardware, and software. Exploit and vulnerability assessment results are linked via a novel deep learning-based Exploit Vulnerability Deep Structured Semantic Model (EV-DSSM) based on word embedding. UA?s National Security Agency-designated Center of Academic Excellence in Cyber Defense, Research, and Operations, NSF Scholarship-for-Service (SFS) Cyber-Corps, and Master?s in Cybersecurity programs position the project for synergy with teaching and research. Techniques developed in this project will advance knowledge not only CTI, but network analysis, deep learning, and text analytics across multiple disciplines. Findings from this research will be disseminated to 75+ SFS partner institutions and operational intelligence for the larger scientific community (e.g., NSF Cybersecurity Summits of Large Facilities and Cyberinfrastructure).This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

科学仪器中计算技术的快速发展提高了发现的速度。最近的一些例子包括发现新的基本粒子和第一张黑洞的图像。不幸的是，为这些高影响力的发现做出贡献的技术也成为黑客窃取创意或牟利的目标。这些攻击威胁到隐私、完整性以及访问有价值的科学数据和事件的能力。科学设施面临的风险以及如何攻击它们仍然没有得到适当的映射。该项目将使用新颖的人工智能来(1)研究国际和不断发展的暗网中的黑客，并识别和分类数十万个风险；(2)将这些风险与两个大型科学社区设施可能遭受的攻击联系起来。其中一个是由国家科学基金会资助的设施，为生命科学提供先进的计算资源。另一个利用遍布全球的传感器网络为地球科学收集详细和及时的数据。研究这些有价值的目标，可以调查对科学发现构成风险的当前和新出现的威胁。该项目由亚利桑那大学（UA）西班牙裔服务机构（HSI）领导，设计了一个具有两个协同研究流的创新、整体和主动的网络威胁情报（CTI）框架。第一个是建立在先进的主题建模和文本分类方法的基础上，这些方法来自我们的NSF安全与可信网络空间（SaTC）研究，系统地收集和探索数百万记录的暗网黑客论坛，用于科学的网络基础设施利用。第二种设计新颖的横幅数据特征提取、文本分析和自定义漏洞扫描，集成了最先进的工具，以全面分类和评估CyVerse中的漏洞。s（生命科学）和LEO？S（地球科学）各种仪器、数据、硬件和软件。利用基于词嵌入的基于深度学习的漏洞利用深度结构化语义模型（EV-DSSM）将漏洞利用和漏洞评估结果联系起来。UA ?美国国家安全局指定的网络防御、研究和运营学术卓越中心、美国国家科学基金会服务奖学金（SFS）网络军团和硕士？在网络安全项目中，定位项目与教学和研究的协同作用。该项目开发的技术不仅将推进CTI知识，还将推进跨多个学科的网络分析、深度学习和文本分析。这项研究的结果将传播给75个以上的SFS合作机构，并为更大的科学界提供运营情报（例如，NSF大型设施和网络基础设施网络安全峰会）。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

A Deep Learning Approach for Recognizing Activity of Daily Living (ADL) for Senior Care: Exploiting Interaction Dependency and Temporal Patterns

• DOI: 10.25300/misq/2021/15574
• 发表时间: 2021-06
• 期刊: MIS Q.
• 作者: Hongyi Zhu;Sagar Samtani;Randall A. Brown;Hsinchun Chen

Exploring the Evolution of Exploit-Sharing Hackers: An Unsupervised Graph Embedding Approach

探索漏洞共享黑客的演变：一种无监督的图嵌入方法

• DOI: 10.1109/isi53945.2021.9624846
• 发表时间: 2021
• 期刊: 2021 IEEE Intelligence and Security Informatics (ISI
• 作者: Otto, K;Ampel, A;Zhu, H;Samtani, S;and Chen, H.
• 通讯作者: and Chen, H.

Smart Vulnerability Assessment for Scientific Cyberinfrastructure: An Unsupervised Graph Embedding Approach

• DOI: 10.1109/isi49825.2020.9280545
• 发表时间: 2020-11
• 期刊: 2020 IEEE International Conference on Intelligence and Security Informatics (ISI)
• 作者: Steven Ullman;Sagar Samtani;Ben Lazarine;Hongyi Zhu;Benjamin Ampel;Mark W. Patton;Hsinchun Chen

Distilling Contextual Embeddings Into A Static Word Embedding For Improving Hacker Forum Analytics

将上下文嵌入提炼为静态词嵌入以改进黑客论坛分析

• DOI: 10.1109/isi53945.2021.9624848
• 发表时间: 2021
• 期刊: Proceedings of 2021 IEEE International Conference on Intelligence and Security Informatics (IEEE ISI 2021
• 作者: Ampel, Benjamin;Chen, Hsinchun
• 通讯作者: Chen, Hsinchun

Labeling Hacker Exploits for Proactive Cyber Threat Intelligence: A Deep Transfer Learning Approach

• DOI: 10.1109/isi49825.2020.9280548
• 发表时间: 2020-11
• 期刊: 2020 IEEE International Conference on Intelligence and Security Informatics (ISI)
• 作者: Benjamin Ampel;Sagar Samtani;Hongyi Zhu;Steven Ullman;Hsinchun Chen