Excellence in Research: Collaborative Research: Detecting Vulnerabilities in Internet of Things with Deep Learning

卓越研究：协作研究：利用深度学习检测物联网漏洞

• 批准号: 2101161
• 负责人: Hongmei Chi
• 金额: $ 40.17万
• 依托单位: Florida Agricultural and Mechanical University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2101161&HistoricalAwards=false
• 关键词: Excellence; Research; Collaborative; Detecting; Vulnerabilities

The Internet of Things (IoT) integrates software applications, physical devices, and algorithms to interact with the physical world and humans. The economic and societal potential of such systems is vastly greater than has been realized, and major investments are being made worldwide to develop the technology. The technology for building IoT is based on embedded systems, scientific computations, and software embedded in devices. Because the physical components of IoT are directly interactive with humans, the security and reliability requirements are qualitatively different from those in general purpose computing. Failure to meet the security and reliability requirements exposes IoT and humans to malignant attacks. The goal of this project is to conduct interdisciplinary research that utilizes artificial intelligence methodologies against cybercriminals who initiate attacks or target internet connected devices and users. This project aims to explore applications of Deep Learning in cybersecurity research to detect security vulnerabilities in the Internet of Things through automated digital forensic evidence analytics. The project will actively engage a team of researchers in the investigation of deep learning, which includes a broader family of Artificial Intelligence that has produced results comparable and in some cases superior to human experts, to conduct the following research activities: (1) Assessing potential data vulnerabilities related to personal data privacy violations by analyzing the extracted hidden contents evidence and encrypted messages from IoT devices in a forensically sound manner; (2) Evaluating IoT software forensic evidence. Analyzing software vulnerabilities in IoT application source code to better mitigate the risk to software systems. Typical source code vulnerability evidence in applications includes buffer overflow, integer overflow, and Carriage Return and Line Feed injection; (3) Reconstructing attack scenes based on forensic evidence to find existing system vulnerabilities of IoT; (4) Increase research capacity and collaborations to generate new research opportunities for undergraduates from underrepresented communities to pursue advanced degrees in computer science.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

物联网（Internet of Things, IoT）将软件应用、物理设备和算法集成在一起，与物理世界和人类进行交互。这种系统的经济和社会潜力远远大于已经实现的，世界各地正在进行重大投资以开发这项技术。构建物联网的技术基于嵌入式系统、科学计算和嵌入设备的软件。由于物联网的物理组件直接与人类交互，因此其安全性和可靠性要求与通用计算中的安全性和可靠性要求有质的不同。不满足安全性和可靠性要求会使物联网和人类面临恶性攻击。该项目的目标是开展跨学科研究，利用人工智能方法对抗发起攻击或针对互联网连接设备和用户的网络犯罪分子。该项目旨在探索深度学习在网络安全研究中的应用，通过自动化数字取证证据分析来检测物联网中的安全漏洞。该项目将积极邀请一组研究人员参与深度学习的调查，其中包括更广泛的人工智能家族，这些人工智能已经产生了与人类专家相当的结果，在某些情况下甚至优于人类专家，以开展以下研究活动：(1)通过以法医合理的方式分析从物联网设备中提取的隐藏内容证据和加密消息，评估与个人数据隐私侵犯相关的潜在数据漏洞；(2)评估物联网软件取证证据。分析物联网应用源代码中的软件漏洞，以更好地降低软件系统的风险。应用程序中典型的源代码漏洞证据包括缓冲区溢出、整数溢出、回车和换行注入；(3)基于取证证据重构攻击场景，发现物联网存在的系统漏洞；(4)增加研究能力和合作，为来自代表性不足的社区的本科生提供新的研究机会，以攻读计算机科学的高级学位。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Unmanned Aerial Vehicle Forensics Investigation Performance under Different Attacks

不同攻击下无人机取证调查表现

• DOI: 10.1109/csci58124.2022.00171
• 发表时间: 2022
• 期刊: IEEE
• 作者: Ojo, Taiwo;Chi, Hongmei;Erskine, Samuel Kofi
• 通讯作者: Erskine, Samuel Kofi

Enhancing Object Detection in YouTube Thumbnails Forensics with YOLOv4

• DOI: 10.1109/bigdata59044.2023.10386427
• 发表时间: 2023-12
• 期刊: 2023 IEEE International Conference on Big Data (BigData)
• 作者: Shahrzad Sayyafzadeh;Hongmei Chi;Shuyuan Mary Ho;Idongesit Mkpong-Ruffin

2023 IEEE 2nd International Conference on AI in Cybersecurity (ICAIC)

2023年IEEE第二届网络安全人工智能国际会议（ICAIC）

• DOI: 10.1109/icaic57335.2023
• 发表时间: 2023
• 期刊: IEEE
• 作者: Ogundiran, A;Chi, H;Yan, J.;Agada, R.
• 通讯作者: Agada, R.

Design Hands-on Lab Exercises for Cyber-physical Systems Security Education

为网络物理系统安全教育设计实践实验室练习

• DOI: 10.53735/cisse.v9i1.140
• 发表时间: 2022
• 期刊: Journal of The Colloquium for Information Systems Security Education
• 作者: Chi, Hongmei;Liu, Jinwei;Xu, Weifeng;Peng, Mingming;DeGoicoechea, Jon
• 通讯作者: DeGoicoechea, Jon