Collaborative Research: CISE-MSI: Active and Passive Internet Measurements for Inferring IoT Maliciousness at Scale

合作研究：CISE-MSI：用于大规模推断物联网恶意行为的主动和被动互联网测量

• 批准号: 2219772
• 负责人: Murtuza Jadliwala
• 金额: $ 26万
• 依托单位: University of Texas at San Antonio
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2219772&HistoricalAwards=false
• 关键词: Collaborative; Research; CISE; MSI; Active

Smart sensing technologies within the context of the Internet-of-Things (IoT) paradigm continue to be deployed in key sectors such as health, agriculture, energy and manufacturing. Indeed, it is estimated that around 30 billion IoT devices will be instrumented by 2030 to increase efficiencies and usability while decreasing costs and maintenance time. Nevertheless, such IoT devices lack even the most fundamental security measures, access policy controls, and patch management capabilities, making them attractive targets for attackers and state-sponsored actors who will abuse them to gain illegitimate access into critical networks while orchestrating them in order to impair other Internet-connected entities. Given the widespread deployment of such IoT devices, it becomes extremely challenging to promptly address their security concerns at-scale. This is mainly due to the lack of scalable methods, which could analyze large-scale, representative data, and the shortage of techniques that are efficient enough to be operated in near real-time. To this end, this project servers NSF’s mission to promote the progress of science by developing empirically-driven methods and techniques to quantity IoT insecurities at-large, while offering digital forensics means to comprehend the causes of their inherit vulnerabilities. The project also offers IoT-centric remediation tactics for supporting Internet security. The project fosters a number of educational activities while organizing female-focused workshops in addition to mentoring students within underrepresented groups from the three collaborating minority institutions. The project devises data-driven methodologies operating on actively and passively-collected network traffic and associated service banners to establish unique malicious IoT labeled empirical datasets. The project then designs and implements algorithms and formal methods rooted in supervised deep learning to fingerprint Internet-scale exploited IoT devices while developing IoT-specific feature engineering and clustering algorithms for characterizing and analyzing the malicious orchestration of IoT campaigns. Additionally, the project executes malware automated disassembly, decompilation, and analysis while engineering computational approaches on packet sequences via solving linear equation sets to investigate IoT stateless scanning modules and related deceiving techniques. This is leveraged to establish bogus connections with the infected devices using crafted packets in order to capture key IoT malware and digital forensic artifacts. To support operational IoT-specific cyber security operations, the project builds and makes available to the public a cyberinfrastructure, which indexes the inferred compromised IoT devices along with their related threat information including employed malware binaries and attacks’ tactics, techniques, and procedures. This aims at enabling proactive IoT security remediation, hands-on research and training, and forensic investigations.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

物联网（IoT）模式背景下的智能传感技术继续部署在卫生、农业、能源和制造业等关键领域。事实上，据估计，到2030年将有大约300亿台物联网设备被安装，以提高效率和可用性，同时降低成本和维护时间。然而，这些物联网设备甚至缺乏最基本的安全措施，访问策略控制和补丁管理功能，使它们成为攻击者和国家支持的行为者的有吸引力的目标，他们将滥用它们来非法访问关键网络，同时协调它们以损害其他互联网连接的实体。鉴于此类物联网设备的广泛部署，迅速大规模解决其安全问题变得极具挑战性。这主要是由于缺乏可扩展的方法，可以分析大规模的，有代表性的数据，以及缺乏足够有效的技术，可以在近实时操作。为此，该项目服务于NSF的使命，即通过开发实验驱动的方法和技术来量化物联网的不安全性，同时提供数字取证手段来理解其固有漏洞的原因，从而促进科学的进步。该项目还提供以物联网为中心的补救策略，以支持互联网安全。该项目促进了一些教育活动，同时组织了以女性为重点的讲习班，此外还对来自三个合作少数群体机构的代表性不足群体的学生进行了辅导。该项目设计了基于主动和被动收集的网络流量和相关服务横幅的数据驱动方法，以建立独特的恶意物联网标记的经验数据集。然后，该项目设计和实现了基于监督式深度学习的算法和正式方法，以识别互联网规模的物联网设备，同时开发物联网特定的特征工程和聚类算法，用于表征和分析物联网活动的恶意编排。此外，该项目还执行恶意软件自动反汇编、反编译和分析，同时通过求解线性方程组对数据包序列进行工程计算，以调查物联网无状态扫描模块和相关欺骗技术。这被用来使用特制的数据包与受感染的设备建立虚假连接，以捕获关键的物联网恶意软件和数字取证工件。为了支持可操作的物联网特定网络安全操作，该项目构建并向公众提供网络基础设施，该网络基础设施将推断出的受损物联网设备沿着其相关威胁信息，包括所采用的恶意软件二进制文件和攻击的策略，技术和程序。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Helium-based IoT Devices: Threat Analysis and Internet-scale Exploitations

基于氦的物联网设备：威胁分析和互联网规模的利用

• DOI: 10.1109/wimob58348.2023.10187762
• 发表时间: 2023
• 期刊: IEEE
• 作者: Rammouz, Veronica;Khoury, Joseph;Klisura, Ðorđe;Safaei Pour, Morteza;Safaei Pour, Mostafa;Fachkha, Claude;Bou-Harb, Elias
• 通讯作者: Bou-Harb, Elias

A Comprehensive Survey of Recent Internet Measurement Techniques for Cyber Security

• DOI: 10.1016/j.cose.2023.103123
• 发表时间: 2023-02-08
• 期刊: COMPUTERS & SECURITY
• 影响因子: 5.6
• 作者: Pour, Morteza Safaei;Naderb, Christelle;Bou-Harb, Elias
• 通讯作者: Bou-Harb, Elias

An Unbiased Transformer Source Code Learning with Semantic Vulnerability Graph

• DOI: 10.1109/eurosp57164.2023.00018
• 发表时间: 2023-04
• 期刊: 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)
• 作者: Nafis Tanveer Islam;G. Parra;Dylan Manuel;E. Bou-Harb;Peyman Najafirad

Data-Centric Machine Learning Approach for Early Ransomware Detection and Attribution

用于早期勒索软件检测和归因的以数据为中心的机器学习方法

• DOI: 10.1109/noms56928.2023.10154378
• 发表时间: 2023
• 期刊: IEEE
• 作者: Vehabovic, A.;Zanddizari, H.;Ghani, N.;Shaikh, F.;Bou-Harb, E.;Pour, M. Safaei;Crichigno, J.
• 通讯作者: Crichigno, J.