Collaborative Research: CISE-MSI: Active and Passive Internet Measurements for Inferring IoT Maliciousness at Scale

合作研究：CISE-MSI：用于大规模推断物联网恶意行为的主动和被动互联网测量

• 批准号: 2219773
• 负责人: Morteza Safaei Pour
• 金额: $ 24.5万
• 依托单位: San Diego State University Foundation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2219773&HistoricalAwards=false
• 关键词: Collaborative; Research; CISE; MSI; Active

Smart sensing technologies within the context of the Internet-of-Things (IoT) paradigm continue to be deployed in key sectors such as health, agriculture, energy and manufacturing. Indeed, it is estimated that around 30 billion IoT devices will be instrumented by 2030 to increase efficiencies and usability while decreasing costs and maintenance time. Nevertheless, such IoT devices lack even the most fundamental security measures, access policy controls, and patch management capabilities, making them attractive targets for attackers and state-sponsored actors who will abuse them to gain illegitimate access into critical networks while orchestrating them in order to impair other Internet-connected entities. Given the widespread deployment of such IoT devices, it becomes extremely challenging to promptly address their security concerns at-scale. This is mainly due to the lack of scalable methods, which could analyze large-scale, representative data, and the shortage of techniques that are efficient enough to be operated in near real-time. To this end, this project servers NSF’s mission to promote the progress of science by developing empirically-driven methods and techniques to quantity IoT insecurities at-large, while offering digital forensics means to comprehend the causes of their inherit vulnerabilities. The project also offers IoT-centric remediation tactics for supporting Internet security. The project fosters a number of educational activities while organizing female-focused workshops in addition to mentoring students within underrepresented groups from the three collaborating minority institutions. The project devises data-driven methodologies operating on actively and passively-collected network traffic and associated service banners to establish unique malicious IoT labeled empirical datasets. The project then designs and implements algorithms and formal methods rooted in supervised deep learning to fingerprint Internet-scale exploited IoT devices while developing IoT-specific feature engineering and clustering algorithms for characterizing and analyzing the malicious orchestration of IoT campaigns. Additionally, the project executes malware automated disassembly, decompilation, and analysis while engineering computational approaches on packet sequences via solving linear equation sets to investigate IoT stateless scanning modules and related deceiving techniques. This is leveraged to establish bogus connections with the infected devices using crafted packets in order to capture key IoT malware and digital forensic artifacts. To support operational IoT-specific cyber security operations, the project builds and makes available to the public a cyberinfrastructure, which indexes the inferred compromised IoT devices along with their related threat information including employed malware binaries and attacks’ tactics, techniques, and procedures. This aims at enabling proactive IoT security remediation, hands-on research and training, and forensic investigations.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

物联网（IoT）范式背景下的智能传感技术继续在卫生、农业、能源和制造业等关键部门得到部署。事实上，据估计，到2030年，将有大约300亿个物联网设备被用于提高效率和可用性，同时降低成本和维护时间。然而，这些物联网设备甚至缺乏最基本的安全措施、访问策略控制和补丁管理功能，这使得它们成为攻击者和国家资助的行为者的诱人目标，他们会滥用它们来非法访问关键网络，同时精心设计它们，以损害其他互联网连接实体。鉴于此类物联网设备的广泛部署，迅速大规模解决其安全问题变得极具挑战性。这主要是由于缺乏可扩展的方法，这种方法可以分析大规模的、有代表性的数据，并且缺乏足够有效的、可以近实时操作的技术。为此，该项目服务于NSF的使命，即通过开发经验驱动的方法和技术来大规模量化物联网不安全，同时提供数字取证手段来理解其继承漏洞的原因，从而促进科学进步。该项目还提供以物联网为中心的补救策略，以支持互联网安全。该项目促进了一些教育活动，同时组织了以女性为重点的讲习班，此外还指导来自三个合作的少数民族机构的代表性不足群体的学生。该项目设计了数据驱动的方法，在主动和被动收集的网络流量和相关服务横幅上运行，以建立独特的恶意物联网标记经验数据集。然后，该项目设计并实现基于监督深度学习的算法和形式化方法，以指纹互联网规模的被利用的物联网设备，同时开发物联网特定的特征工程和聚类算法，用于表征和分析物联网活动的恶意编排。此外，该项目执行恶意软件自动反汇编、反编译和分析，同时通过求解线性方程组对数据包序列进行工程计算方法，以研究物联网无状态扫描模块和相关欺骗技术。利用这一点，利用精心制作的数据包与受感染设备建立虚假连接，以捕获关键的物联网恶意软件和数字取证工件。为了支持可操作的物联网特定网络安全操作，该项目构建并向公众提供网络基础设施，该基础设施对推断的受损物联网设备及其相关威胁信息（包括使用的恶意软件二进制文件和攻击策略、技术和程序）进行索引。这旨在实现主动的物联网安全修复、实践研究和培训以及法医调查。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Helium-based IoT Devices: Threat Analysis and Internet-scale Exploitations

基于氦的物联网设备：威胁分析和互联网规模的利用

• DOI: 10.1109/wimob58348.2023.10187762
• 发表时间: 2023
• 期刊: IEEE
• 作者: Rammouz, Veronica;Khoury, Joseph;Klisura, Ðorđe;Safaei Pour, Morteza;Safaei Pour, Mostafa;Fachkha, Claude;Bou-Harb, Elias
• 通讯作者: Bou-Harb, Elias

On The Provision of Network-Wide Cyber Situational Awareness via Graph-Based Analytics

关于通过基于图的分析提供全网网络态势感知

• 发表时间: 2023
• 期刊: Springer
• 作者: Husák, M.;Khoury, J.;Klisura, Ð.;Bou-Harb, E.
• 通讯作者: Bou-Harb, E.

A Comprehensive Survey of Recent Internet Measurement Techniques for Cyber Security

• DOI: 10.1016/j.cose.2023.103123
• 发表时间: 2023-02-08
• 期刊: COMPUTERS & SECURITY
• 影响因子: 5.6
• 作者: Pour, Morteza Safaei;Naderb, Christelle;Bou-Harb, Elias
• 通讯作者: Bou-Harb, Elias

An Unbiased Transformer Source Code Learning with Semantic Vulnerability Graph

• DOI: 10.1109/eurosp57164.2023.00018
• 发表时间: 2023-04
• 期刊: 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)
• 作者: Nafis Tanveer Islam;G. Parra;Dylan Manuel;E. Bou-Harb;Peyman Najafirad

Data-Centric Machine Learning Approach for Early Ransomware Detection and Attribution

用于早期勒索软件检测和归因的以数据为中心的机器学习方法

• DOI: 10.1109/noms56928.2023.10154378
• 发表时间: 2023
• 期刊: IEEE
• 作者: Vehabovic, A.;Zanddizari, H.;Ghani, N.;Shaikh, F.;Bou-Harb, E.;Pour, M. Safaei;Crichigno, J.
• 通讯作者: Crichigno, J.