Excellence in Research: Collaborative Research: Detecting Vulnerabilities in Internet of Things with Deep Learning

卓越研究：协作研究：利用深度学习检测物联网漏洞

• 批准号: 2101161
• 负责人: Hongmei Chi
• 金额: $ 40.17万
• 依托单位: Florida Agricultural and Mechanical University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2101161&HistoricalAwards=false
• 关键词: Excellence; Research; Collaborative; Detecting; Vulnerabilities

The Internet of Things (IoT) integrates software applications, physical devices, and algorithms to interact with the physical world and humans. The economic and societal potential of such systems is vastly greater than has been realized, and major investments are being made worldwide to develop the technology. The technology for building IoT is based on embedded systems, scientific computations, and software embedded in devices. Because the physical components of IoT are directly interactive with humans, the security and reliability requirements are qualitatively different from those in general purpose computing. Failure to meet the security and reliability requirements exposes IoT and humans to malignant attacks. The goal of this project is to conduct interdisciplinary research that utilizes artificial intelligence methodologies against cybercriminals who initiate attacks or target internet connected devices and users. This project aims to explore applications of Deep Learning in cybersecurity research to detect security vulnerabilities in the Internet of Things through automated digital forensic evidence analytics. The project will actively engage a team of researchers in the investigation of deep learning, which includes a broader family of Artificial Intelligence that has produced results comparable and in some cases superior to human experts, to conduct the following research activities: (1) Assessing potential data vulnerabilities related to personal data privacy violations by analyzing the extracted hidden contents evidence and encrypted messages from IoT devices in a forensically sound manner; (2) Evaluating IoT software forensic evidence. Analyzing software vulnerabilities in IoT application source code to better mitigate the risk to software systems. Typical source code vulnerability evidence in applications includes buffer overflow, integer overflow, and Carriage Return and Line Feed injection; (3) Reconstructing attack scenes based on forensic evidence to find existing system vulnerabilities of IoT; (4) Increase research capacity and collaborations to generate new research opportunities for undergraduates from underrepresented communities to pursue advanced degrees in computer science.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

物联网（IoT）集成了软件应用程序，物理设备和算法，以与物理世界和人类进行交互。这种系统的经济和社会潜力远大于意识到的要大得多，并且在全球范围内进行了大量投资来开发这项技术。建立IoT的技术基于嵌入式系统，科学计算和嵌入设备中的软件。由于物联网的物理成分与人类直接互动，因此安全性和可靠性要求在质量上与通用计算的安全性不同。无法满足安全性和可靠性要求会使物联网和人类发生恶性攻击。该项目的目的是进行跨学科研究，该研究利用人工智能方法来针对发起攻击或目标互联网连接的设备和用户的网络犯罪分子。该项目旨在通过自动数字法医证据分析来探讨网络安全研究中深度学习的应用，以检测物联网中的安全漏洞。该项目将积极吸引一群研究人员参与深度学习的调查，其中包括一个更广泛的人工智能系列，产生了可比的结果，在某些情况下，在某些情况下与人类专家相比，进行以下研究活动：（1）评估与个人数据隐私相关的潜在数据脆弱性，通过分析提取的隐藏内容和从Iot from in Iot设备中分析Iot设备，以侵犯了个人数据隐私性，该活动是一种依据，该研究的方式是从Iot设备中添加的。 （2）评估物联网软件法医证据。分析IoT应用程序源代码中的软件漏洞，以更好地减轻软件系统的风险。应用程序中的典型源代码脆弱性证据包括缓冲区溢出，整数溢出以及运输返回和线饲料注入； （3）基于法医证据重建攻击场景以找到现有的系统漏洞； （4）提高研究能力和协作，为从代表性不足的社区提供新的研究机会，以攻读计算机科学领域的高级学位。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子优点和更广泛的影响审查标准通过评估来获得支持的。

项目成果

Unmanned Aerial Vehicle Forensics Investigation Performance under Different Attacks

不同攻击下无人机取证调查表现

• DOI: 10.1109/csci58124.2022.00171
• 发表时间: 2022
• 期刊: IEEE
• 作者: Ojo, Taiwo;Chi, Hongmei;Erskine, Samuel Kofi
• 通讯作者: Erskine, Samuel Kofi

Enhancing Object Detection in YouTube Thumbnails Forensics with YOLOv4

• DOI: 10.1109/bigdata59044.2023.10386427
• 发表时间: 2023-12
• 期刊: 2023 IEEE International Conference on Big Data (BigData)
• 作者: Shahrzad Sayyafzadeh;Hongmei Chi;Shuyuan Mary Ho;Idongesit Mkpong-Ruffin

2023 IEEE 2nd International Conference on AI in Cybersecurity (ICAIC)

2023年IEEE第二届网络安全人工智能国际会议（ICAIC）

• DOI: 10.1109/icaic57335.2023
• 发表时间: 2023
• 期刊: IEEE
• 作者: Ogundiran, A;Chi, H;Yan, J.;Agada, R.
• 通讯作者: Agada, R.

Design Hands-on Lab Exercises for Cyber-physical Systems Security Education

为网络物理系统安全教育设计实践实验室练习

• DOI: 10.53735/cisse.v9i1.140
• 发表时间: 2022
• 期刊: Journal of The Colloquium for Information Systems Security Education
• 作者: Chi, Hongmei;Liu, Jinwei;Xu, Weifeng;Peng, Mingming;DeGoicoechea, Jon
• 通讯作者: DeGoicoechea, Jon