FMitF: Track I: Synthesis of Quantitative Network Analytics: From Left-of-Launch to Right-of-Boom

FMITF：第一轨：定量网络分析的综合：从启动左侧到繁荣右侧

• 批准号: 2124431
• 负责人: Mukund Raghothaman
• 金额: $ 75万
• 依托单位: University of Southern California
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-09-01 至 2024-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2124431&HistoricalAwards=false
• 关键词: FMitF; Track; Synthesis; Quantitative; Network

Network-security analysis is currently a tedious and detailed exercise that starts with analysts collecting data from diverse sources (such as network traffic, server histories and individual computer states), and then cross-comparing this information against attack data, such as malicious host names or malware descriptions. Analysts then make security decisions by manually inspecting these data sets and looking for rare but dangerous events. Unsurprisingly, this is an error-prone process, which is further complicated by rising traffic volumes, complex network structures, and confounding factors such as proxies and Network Address Translation (NAT) boxes. This project's goal is to use ideas inspired by formal methods to develop a novel framework to automate network-traffic analysis. By improving data collection through better sensor placement and by analyzing the provenance of hostile events, the project's impacts are an improvement in security analysis, better situational awareness and lowered response times.The project develops a query language that allows network analysts to describe the structure of the network and the desired analysis objective assuming complete observability across the network. To account for elements that confound such analyses, the project investigates automatic methods to test feasibility of analysis under partial observability. If this does not hold, it identifies statistically correlated alternative quantities that can be used to give approximately correct results with high probability. The framework also allows for the automatic synthesis of necessary monitors and their optimal placement so as to minimize errors and resource overheads. The system is equipped with mechanisms to track the provenance of measurements from all deployed sensors, thus enabling researchers to diagnose root causes after warnings are triggered or attacks uncovered.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

网络安全分析目前是一项繁琐而详细的工作，首先是分析师从不同来源收集数据（例如网络流量，服务器历史记录和单个计算机状态），然后将这些信息与攻击数据进行交叉比较，例如恶意主机名或恶意软件描述。然后，分析师通过手动检查这些数据集并寻找罕见但危险的事件来做出安全决策。不出所料，这是一个容易出错的过程，而不断增长的流量、复杂的网络结构以及诸如代理和网络地址转换（NAT）盒之类的混淆因素使这一过程变得更加复杂。这个项目的目标是利用形式化方法的启发来开发一个新的框架来自动化网络流量分析。通过更好地放置传感器和分析敌对事件的起源来改善数据收集，该项目的影响是改进安全分析，提高态势感知能力和缩短响应时间。该项目开发了一种查询语言，允许网络分析师描述网络结构和所需的分析目标，假设整个网络完全可观察。为了解释混淆这种分析的因素，该项目研究了在部分可观测性下测试分析可行性的自动方法。如果这不成立，它识别统计相关的替代量，可以用来以高概率给出近似正确的结果。该框架还允许自动合成必要的监视器及其最佳位置，以尽量减少错误和资源开销。该系统配备了跟踪所有部署传感器测量结果来源的机制，从而使研究人员能够在触发警报或发现攻击后诊断根本原因。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Synthesizing Formal Network Specifications From Input-Output Examples

从输入输出示例综合正式网络规范

• DOI: 10.1109/tnet.2022.3208551
• 发表时间: 2023
• 期刊: IEEE/ACM Transactions on Networking
• 作者: Chen, Haoxian;Wu, Chenyuan;Zhao, Andrew;Raghothaman, Mukund;Naik, Mayur;Loo, Boon Thau
• 通讯作者: Loo, Boon Thau

Secure and Reliable Network Updates

安全可靠的网络更新

• DOI: 10.1145/3556542
• 发表时间: 2023
• 期刊: ACM Transactions on Privacy and Security
• 影响因子: 2.3
• 作者: Lembke, James;Ravi, Srivatsan;Roman, Pierre-Louis;Eugster, Patrick
• 通讯作者: Eugster, Patrick