Collaborative Research: SaTC: EDU: Authentic Learning of Machine Learning in Cybersecurity with Portable Hands-on Labware

协作研究：SaTC：EDU：使用便携式动手实验室软件对网络安全中的机器学习进行真实学习

• 批准号: 2100134
• 负责人: Fan Wu
• 金额: $ 12万
• 依托单位: Tuskegee University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-09-01 至 2024-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2100134&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; EDU; Authentic

This award is funded in whole or in part under the American Rescue Plan Act of 2021 (Public Law 117-2).As cybersecurity threats grow in complexity, the burden of responding to these threats also increases. Early detection of security vulnerabilities and threats is needed. Machine learning (ML) approaches enable the analysis of large amounts of data and could be used to predict and prevent future cybersecurity threats. This project will enhance the cybersecurity curricula across computing disciplines using an authentic learning approach. Authentic learning approaches engage students’ active learning and problem-solving capabilities by using hands-on approaches and real-world topics. This approach has been increasingly popular for teaching cybersecurity but is less commonly used to teach ML in cybersecurity. The project will design and develop ten portable labware modules that will support a broad audience to learn ML in cybersecurity effectively and result in more efficient student engagement. The resources developed will support authentic learning of cybersecurity topics, and increase student learning and interests as well as faculty collaboration between Kennesaw State University and Tuskegee University. The project will disseminate the resources via faculty workshops, conference publications, and webinars.The design of the proposed learning modules will be based on popular machine learning algorithms and publicly available free datasets related to common cybersecurity problems such as Denial of Service, CAPTCHA bypassing, and SQL Injection attacks. The modules will be deployed on the open-source Google CoLaboratory (CoLab) environment. Learners will access and practice all labs interactively using a browser anywhere and anytime without a need for time-consuming installation and configuration. The hands-on labs will provide students with step-by-step interactive activities to learn ML models in the CoLab environment, followed by testing of models. The project will seek to answer the following research questions: (i) Do innovative, authentic learning-based ML in cybersecurity resources increase learners’ knowledge and interest in solving real-world problems and careers in the cybersecurity workforce? (ii) Does the hands-on labware developed by the project impact students’ grades, learning, attitudes, motivation, and self-efficacy towards ML in cybersecurity? (iii) What is the relationship between students’ motivation and ML in cybersecurity learning? (iv) Do participating faculty perceive the ML in cybersecurity authentic learning resources as effective in engaging diverse, underrepresented students in cybersecurity? The project evaluation will use a mixed-methods design and administrative data, focus groups, and survey data. The quantitative and qualitative data generated from these sources will be used for formative and summative assessments. This project is supported by the Secure and Trustworthy Cyberspace (SaTC) program, which funds proposals that address cybersecurity and privacy, and in this case specifically cybersecurity education. The SaTC program aligns with the Federal Cybersecurity Research and Development Strategic Plan and the National Privacy Research Strategy to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该奖项全部或部分由2021年美国救援计划法案（公法117-2）资助。随着网络安全威胁的复杂性增加，应对这些威胁的负担也会增加。需要及早发现安全漏洞和威胁。机器学习（ML）方法可以分析大量数据，并可用于预测和预防未来的网络安全威胁。该项目将使用真实的学习方法加强跨计算学科的网络安全课程。真实的学习方法通过使用实践方法和现实世界的主题来培养学生的主动学习和解决问题的能力。这种方法在网络安全教学中越来越受欢迎，但在网络安全中不太常用。该项目将设计和开发10个便携式实验室软件模块，以支持广泛的受众有效地学习网络安全中的ML，并提高学生的参与度。 开发的资源将支持网络安全主题的真实学习，并增加学生的学习和兴趣，以及肯尼索州立大学和塔斯基吉大学之间的教师合作。该项目将通过教师研讨会、会议出版物和网络研讨会来传播这些资源。拟议的学习模块的设计将基于流行的机器学习算法和与常见网络安全问题相关的公开可用的免费数据集，如拒绝服务、CAPTCHA绕过和SQL注入攻击。这些模块将部署在开源的Google CoLab（CoLab）环境中。学员将随时随地使用浏览器交互式地访问和练习所有实验，而无需耗时的安装和配置。实践实验室将为学生提供一步一步的互动活动，以在CoLab环境中学习ML模型，然后测试模型。该项目将寻求回答以下研究问题：（i）网络安全资源中创新的，真实的基于学习的ML是否增加了学习者解决现实世界问题和网络安全劳动力职业的知识和兴趣？(ii)该项目开发的动手实验室软件是否会影响学生的成绩、学习、态度、动机和对网络安全中ML的自我效能？ (iii)在网络安全学习中，学生的动机与ML之间的关系是什么？(iv)参与教师是否认为网络安全中的ML真实学习资源有效地吸引了网络安全中多样化，代表性不足的学生？项目评估将使用混合方法设计和行政数据，焦点小组和调查数据。从这些来源产生的定量和定性数据将用于形成性和总结性评估。 该项目得到了安全和值得信赖的网络空间（SaTC）计划的支持，该计划为解决网络安全和隐私问题的提案提供资金，在这种情况下，特别是网络安全教育。SATC计划与联邦网络安全研究和发展战略计划和国家隐私研究战略保持一致，以保护和维护网络系统日益增长的社会和经济效益，同时确保安全和隐私。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Bayesian Hyperparameter Optimization for Deep Neural Network-Based Network Intrusion Detection

基于深度神经网络的网络入侵检测的贝叶斯超参数优化

• DOI: 10.1109/bigdata52589.2021.9671576
• 发表时间: 2021
• 期刊: 2021 IEEE International Conference on Big Data (Big Data
• 作者: Masum, Mohammad;Shahriar, Hossain;Haddad, Hisham;Faruk, Md Jobair;Valero, Maria;Khan, Md Abdullah;Rahman, Mohammad A.;Adnan, Muhaiminul I.;Cuzzocrea, Alfredo;Wu, Fan
• 通讯作者: Wu, Fan

Authentic Learning Approach for Artificial Intelligence Systems Security and Privacy

人工智能系统安全和隐私的真实学习方法

• DOI: 10.1109/compsac57700.2023.00151
• 发表时间: 2023
• 期刊: and Applications Conference (COMPSAC
• 作者: Akter, Mst Shapna;Shahriar, Hossain;Lo, Dan;Sakib, Nazmus;Qian, Kai;Whitman, Michael;Wu, Fan
• 通讯作者: Wu, Fan

Security Risk and Attacks in AI: A Survey of Security and Privacy

• DOI: 10.1109/compsac57700.2023.00284
• 发表时间: 2023-06
• 期刊: 2023 IEEE 47th Annual Computers, Software, and Applications Conference (COMPSAC)
• 作者: Md Mostafizur Rahman;Aiasha Siddika Arshi;Md. Golam Moula Mehedi Hasan;Sumayia Farzana Mishu;Hossain Shahriar-Hossain-Sh

Systematic Analysis of Deep Learning Model for Vulnerable Code Detection

漏洞代码检测深度学习模型系统分析

• 发表时间: 2022
• 期刊: Software & Applications
• 作者: Mohammad Taneem Bin Nazim, Md Jobair

Colab Cloud Based Portable and Shareable Hands-on Labware for Machine Learning to Cybersecurity

基于 Colab 云的便携式和可共享实践实验室软件，用于机器学习和网络安全

• DOI: 10.1109/bigdata52589.2021.9671541
• 发表时间: 2021
• 期刊: 2021 IEEE International Conference on Big Data (Big Data
• 作者: Lo, Dan;Shahriar, Hossain;Qian, Kai;Whitman, Michael;Wu, Fan
• 通讯作者: Wu, Fan