CAREER: Automated Forensic-in-the-Loop Cyber Defense Infrastructure

职业：自动化环路取证网络防御基础设施

• 批准号: 2145616
• 负责人: Yonghwi Kwon
• 金额: $ 54.76万
• 依托单位: University of Virginia Main Campus
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-07-01 至 2027-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2145616&HistoricalAwards=false
• 关键词: CAREER; Automated; Forensic; Loop; Cyber

Cyber-attacks are becoming increasingly advanced and sophisticated. Advanced attackers monitor their targets for a long time to find out about their vulnerabilities and protective strategies. Such advanced attacks are extremely challenging to prevent and investigate due to their sophisticated and advanced tactics and resources and by their strategy to penetrate the system in unexpected/overlooked ways. Worse, attackers use sophisticated tactics, such as obfuscation and evasive techniques, to thwart or delay forensics investigations. Attackers also compromise a wide range of system components and resources, making it extremely difficult to restore and harden the system. Delayed or incomplete forensic analysis makes it difficult to properly secure the victim’s organization on time, leading to significant damages and losses. To this end, this project develops novel techniques to (1) prevent diverse attacks thoroughly, (2) conduct rapid and comprehensive forensic analysis, and (3) protect the victim’s system rigorously. This project also involves educational activities that broadens participation in computing, by organizing mentoring workshops and coaching the University of Virginia’s Collegiate Cyber Defense Competition team, which includes many female students. This project aims to develop an automated forensic-in-the-loop cyber defense infrastructure that coherently integrates novel defenses, forensic analysis, and hardening approaches. First, the investigator develops attack vector agnostic protection and detection approaches by perturbing inputs and runtime environments that are the weakest links of the attacks. Second, the investigator develops novel automated techniques to detect and eliminate anti-forensic techniques applied to malware. Furthermore, to handle evasive malware, the investigator introduces the adaptive counterfactual execution technique to evolve the runtime environment and execution context. Finally, the investigator develops an automated root cause analysis technique that diagnoses loopholes and identifies potential fixes (e.g., secure configurations).This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

网络攻击正变得越来越先进和复杂。高级攻击者对目标进行长时间监控，以了解他们的漏洞和保护策略。这类高级攻击由于其复杂和先进的战术和资源，以及以意想不到/被忽视的方式渗透系统的战略，在预防和调查方面极具挑战性。更糟糕的是，攻击者使用复杂的策略，如混淆和回避技术，来阻挠或拖延取证调查。攻击者还会危害广泛的系统组件和资源，使恢复和加固系统变得极其困难。延迟或不完整的法医分析使受害者的组织很难按时得到适当的保护，从而导致重大损害和损失。为此，该项目开发了新技术，以(1)彻底防止各种攻击，(2)进行快速和全面的法医分析，(3)严格保护受害者的系统。该项目还包括教育活动，通过组织指导研讨会和指导弗吉尼亚大学的大学生网络防御竞赛团队，扩大对计算机的参与，其中包括许多女学生。该项目旨在开发一个自动化的环路取证网络防御基础设施，该基础设施连贯地集成了新的防御、取证分析和加固方法。首先，调查者通过干扰作为攻击最薄弱环节的输入和运行时环境来开发攻击向量不可知的保护和检测方法。其次，调查者开发了新的自动化技术来检测和消除应用于恶意软件的反取证技术。此外，为了处理规避恶意软件，调查者引入了自适应反事实执行技术来演化运行环境和执行上下文。最后，调查员开发了一种自动根本原因分析技术，该技术可以诊断漏洞并确定潜在的修复程序(例如，安全配置)。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

BFTDETECTOR: Automatic Detection of Business Flow Tampering for Digital Content Service

• DOI: 10.1109/icse48619.2023.00048
• 发表时间: 2023-05
• 期刊: 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)
• 作者: I. L. Kim;Weihang Wang;Yonghwi Kwon;X. Zhang

PyFET: Forensically Equivalent Transformation for Python Binary Decompilation

PyFET：Python 二进制反编译的取证等效转换

• 发表时间: 2023
• 期刊: Proceedings IEEE Symposium on Security and Privacy
• 作者: Ahad, Ali;Jung, Chijung;Askar, Ammar;Kim, Doowon;Kim, Taesoo;Kwon, Yonghwi
• 通讯作者: Kwon, Yonghwi

SynthDB: Synthesizing Database via Program Analysis for Security Testing of Web Applications

• DOI: 10.14722/ndss.2023.24632
• 发表时间: 2023
• 期刊: Proceedings 2023 Network and Distributed System Security Symposium
• 作者: An Chen;Jiho Lee;Basanta Chaulagain;Yonghwi Kwon;K. H. Lee