SaTC: CORE: Small: A Deep Learning Framework for Intelligent Active and Passive Measurements in the Age of Internet of Things

SaTC：CORE：Small：物联网时代智能主动和被动测量的深度学习框架

• 批准号: 2012001
• 负责人: Armin Sarabi
• 金额: $ 50万
• 依托单位: Regents of the University of Michigan - Ann Arbor
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2012001&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Deep; Learning

The rapid proliferation of Internet-connected devices, specially Internet-of-Things (IoT) devices, has led to mounting concerns regarding their security and the security of the Internet. This project seeks to harness the power of big data analytics and machine/deep learning to enhance Internet measurement techniques and associated information processing, to make them more scalable, efficient, and produce more actionable information. It aims to develop techniques for automated monitoring and data analysis to gain insight into the range of Internet-connected devices, their security vulnerabilities, and the ever-changing activities of malicious entities on the public Internet. The ensuing information will help software/hardware vendors and Internet-connected entities identify vulnerabilities and protect themselves against cyber-attacks, and move toward a more secure and transparent Internet.This project aims to significantly advance the state of the art in using active and passive measurements to (1) effectively monitor and track Internet devices, (2) accelerate scanning and improve their efficacy, and design and develop an intelligent honeypot that can learn responses mimicking a wide range of vulnerable devices, in order to fool attackers into engaging and revealing their attack vector. The project seeks to develop software, as well as deep learning and other machine learning models to build new Internet measurement capabilities and process datasets captured from passive/active measurements to distill data consumable by machine learning algorithms and instrumental in security analysis and network monitoring. The resulting automated tools can monitor the Internet in a continuous manner, to maintain an up-to-date view of the devices/machines that comprise the Internet, susceptible and infected devices, and vulnerabilities that are being actively exploited in-the-wild. The final result of this project is a generalized framework of interconnected components that applies deep learning to active/passive network measurements to gain actionable insights with respect to the Internet and its security, a set of scalable tools that model and enable real-time decision making regarding Internet addresses and network traffic, and a large number of raw and curated datasets shared with the research community while protecting the privacy and security of all parties involved. Automatically detecting software/hardware vulnerabilities as exploits are observed by these techniques allows vendors and network administrators to address critical vulnerabilities while enhancing intrusion detection and DDoS mitigation techniques. The data can also transform risk assessment techniques for gauging the security of networks by exposing host-level risk factors, for self-assessment as well as assisting third-party assessment, e.g., by security vendors and cyber insurance underwriters.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

互联网连接的设备，特别是物联网（IoT）设备的快速增长，导致人们越来越担心它们的安全性和互联网的安全性。该项目旨在利用大数据分析和机器/深度学习的力量来增强互联网测量技术和相关信息处理，使其更具可扩展性，更高效，并产生更多可操作的信息。它旨在开发自动监控和数据分析技术，以深入了解互联网连接设备的范围，其安全漏洞以及公共互联网上恶意实体不断变化的活动。由此产生的信息将帮助软件/硬件供应商和互联网连接实体识别漏洞，保护自己免受网络攻击，并向更安全和透明的互联网迈进。该项目旨在显著推进使用主动和被动测量的最新技术水平，以（1）有效地监控和跟踪互联网设备，（2）加速扫描并提高其效率，（3）提高其安全性和可靠性。设计和开发一个智能蜜罐，可以学习模仿各种易受攻击设备的响应，以欺骗攻击者参与并揭示他们的攻击载体。该项目旨在开发软件以及深度学习和其他机器学习模型，以构建新的互联网测量功能，并处理从被动/主动测量中捕获的数据集，以提取机器学习算法可消耗的数据，并有助于安全分析和网络监控。由此产生的自动化工具可以以连续的方式监控互联网，以保持对包括互联网的设备/机器、易受感染和受感染的设备以及正在被积极利用的漏洞的最新视图。该项目的最终成果是一个通用的互联组件框架，将深度学习应用于主动/被动网络测量，以获得有关互联网及其安全性的可操作见解，一套可扩展的工具，用于建模并实现有关互联网地址和网络流量的实时决策，与研究社区共享大量原始和精心策划的数据集，同时保护所有相关方的隐私和安全。通过这些技术自动检测软件/硬件漏洞，使供应商和网络管理员能够解决关键漏洞，同时增强入侵检测和DDoS缓解技术。这些数据还可以改变风险评估技术，通过暴露主机级风险因素来衡量网络的安全性，用于自我评估以及协助第三方评估，例如，该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Deterrence, Backup, or Insurance: A Game-Theoretic Analysis of Ransomware

威慑、备份或保险：勒索软件的博弈论分析

• 发表时间: 2021
• 期刊: The Annual Workshop on the Economics of Information Security (WEIS
• 作者: Yin, Tongxin;Sarabi, Armin;Liu, Mingyan
• 通讯作者: Liu, Mingyan