CRII: SaTC: Identifying Emerging Threats in the Online Hacker Community for Proactive Cyber Threat Intelligence: A Diachronic Graph Convolutional Autoencoder Framework

CRII：SaTC：识别在线黑客社区中的新兴威胁以实现主动网络威胁情报：历时图卷积自动编码器框架

• 批准号: 2041770
• 负责人: Sagar Samtani
• 金额: $ 16万
• 依托单位: Indiana University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-07-08 至 2023-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2041770&HistoricalAwards=false
• 关键词: CRII; SaTC; Identifying; Emerging; Threats

Hackers often target the information systems that underlie critical systems in domains ranging from finance to healthcare. The estimated cost of defending against and responding to hacking incidents currently runs at hundreds of billions of dollars annually. To reduce these costs, many organizations have aimed to develop timely, relevant, actionable, and shareable Cyber Threat Intelligence (CTI) about security and privacy threats to support cybersecurity decision-making. However, existing methods tend to react to known threats rather than proactively detecting emerging ones. One promising approach to proactive exploit detection is mining large, international, and rapidly evolving online hacker community platforms to detect emerging threats and key actors. To this end, this project aims to develop advanced, proactive CTI capabilities through (1) collecting large, dynamic datasets of hacker forum posts and (2) developing methods to analyze them to extract emerging threats, particularly malware, through a novel graph-based method for modeling text content. To achieve these goals, this project aims to develop a novel CTI framework designed to collect and identify emerging threats from multi-million record hacker forums. To address the problem of collecting large-scale and dynamic datasets, the team will develop advanced obfuscated crawling mechanisms that bypass automated collection countermeasures while requiring minimal human involvement. The data collected will be segmented into time spells and analyzed by a novel computational algorithm, the Diachronic Graph Convolutional Autoencoder (D-GCAE). D-GCAE is rooted in methods drawn from the diachronic linguistics, network science, text mining, and deep learning communities. In this project, D-GCAE will extract graph embeddings at each time spell, align embeddings, and analyze semantic shifts of hacker terminology to identify potential emerging threats. These tools will be evaluated against both state-of-the-art benchmarks proposed in computer science and related domains and through analysis of their outputs by leading CTI sharing organizations. The datasets and tools will also be disseminated for use by cybersecurity researchers, practitioners, and educators.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

黑客经常把从金融到医疗保健等领域关键系统的基础信息系统作为攻击目标。目前，每年用于防御和应对黑客事件的成本估计高达数千亿美元。为了降低这些成本，许多组织都致力于开发有关安全和隐私威胁的及时、相关、可操作和可共享的网络威胁情报（CTI），以支持网络安全决策。然而，现有的方法倾向于对已知的威胁做出反应，而不是主动检测新出现的威胁。一种有前景的主动漏洞检测方法是挖掘大型、国际和快速发展的在线黑客社区平台，以检测新出现的威胁和关键参与者。为此，该项目旨在通过(1)收集黑客论坛帖子的大型动态数据集和(2)开发分析方法来提取新出现的威胁，特别是恶意软件，通过一种新颖的基于图形的文本内容建模方法来开发先进的、主动的CTI功能。为了实现这些目标，该项目旨在开发一种新的CTI框架，旨在收集和识别来自数百万记录黑客论坛的新威胁。为了解决收集大规模和动态数据集的问题，该团队将开发先进的模糊爬行机制，绕过自动收集对策，同时需要最少的人工参与。收集到的数据将被分割成时间片段，并通过一种新的计算算法进行分析，即历时图卷积自编码器（D-GCAE）。D-GCAE根植于历时语言学、网络科学、文本挖掘和深度学习社区的方法。在本项目中，D-GCAE将在每次拼写时提取图嵌入，对齐嵌入，并分析黑客术语的语义变化，以识别潜在的新威胁。这些工具将根据计算机科学和相关领域提出的最先进的基准进行评估，并通过主要CTI共享组织对其产出进行分析。这些数据集和工具也将被网络安全研究人员、从业人员和教育工作者使用。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

A Deep Learning Approach for Recognizing Activity of Daily Living (ADL) for Senior Care: Exploiting Interaction Dependency and Temporal Patterns

• DOI: 10.25300/misq/2021/15574
• 发表时间: 2021-06
• 期刊: MIS Q.
• 作者: Hongyi Zhu;Sagar Samtani;Randall A. Brown;Hsinchun Chen

Smart Vulnerability Assessment for Scientific Cyberinfrastructure: An Unsupervised Graph Embedding Approach

• DOI: 10.1109/isi49825.2020.9280545
• 发表时间: 2020-11
• 期刊: 2020 IEEE International Conference on Intelligence and Security Informatics (ISI)
• 作者: Steven Ullman;Sagar Samtani;Ben Lazarine;Hongyi Zhu;Benjamin Ampel;Mark W. Patton;Hsinchun Chen

Identifying Vulnerable GitHub Repositories and Users in Scientific Cyberinfrastructure: An Unsupervised Graph Embedding Approach

• DOI: 10.1109/isi49825.2020.9280544
• 发表时间: 2020-11
• 期刊: 2020 IEEE International Conference on Intelligence and Security Informatics (ISI)
• 作者: Ben Lazarine;Sagar Samtani;Mark W. Patton;Hongyi Zhu;Steven Ullman;Benjamin Ampel;Hsinchun Chen

Labeling Hacker Exploits for Proactive Cyber Threat Intelligence: A Deep Transfer Learning Approach

• DOI: 10.1109/isi49825.2020.9280548
• 发表时间: 2020-11
• 期刊: 2020 IEEE International Conference on Intelligence and Security Informatics (ISI)
• 作者: Benjamin Ampel;Sagar Samtani;Hongyi Zhu;Steven Ullman;Hsinchun Chen

Behavioral Biometrics for Continuous Authentication in the Internet-of-Things Era: An Artificial Intelligence Perspective

• DOI: 10.1109/jiot.2020.3004077
• 发表时间: 2020-09-01
• 期刊: IEEE INTERNET OF THINGS JOURNAL
• 影响因子: 10.6
• 作者: Liang, Yunji;Samtani, Sagar;Yu, Zhiwen
• 通讯作者: Yu, Zhiwen