CICI: RSSD:Massive Internal System Traffic Research Analysis and Logging

CICI：RSSD：大规模内部系统流量研究分析和记录

• 批准号: 2232819
• 负责人: Alexander Merck
• 金额: $ 60万
• 依托单位: Duke University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-11-01 至 2025-10-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2232819&HistoricalAwards=false
• 关键词: CICI; RSSD; Massive; Internal; System

This project creates a dataset (the MISTRAL Dataset) for cybersecurity researchers and network operators to use in identifying threats and thereby better protect research-related resources. The sources of data contained in the Dataset reflect actual network activity to and from several scientific applications and their related cyberinfrastructure. These data are safely captured, securely stored and accessible through authorized access to associated cybersecurity researchers for in the purpose of detecting abnormal or malicious activities that could represent threats to the identified science applications and cyberinfrastructure. Because the data are collected continuously and through automated means, the MISTRAL Dataset provides a realistic and relevant characterization of threats over time. The project also produces a public version of the Dataset.The MISTRAL project encompasses an Infrastructure, the Dataset and a set of proof-of-concept analytic endeavors. The Infrastructure includes a data storage pipeline for handling an estimated 1TB/day of data stored on-premises and/or in the cloud, a reference monitoring framework, and tools for collecting, analyzing, and sharing the data and relevant metadata that characterize both north-south (Internet-facing) and east-west (lateral) data flows. The Dataset consists of safely captured domain science workflow behavior using production network flows (e.g., source/destination IP, port, protocol, date/time, number, and size of connections) and data centers and research labs, as well as supplemental data from DNS, authentication logs, intrusion detection alerts and other security event alerts (e.g., threat intelligence data detailing Indicators of Compromise). The initial proof-of-concept analytics comprise various researcher and student (graduate and undergraduate course project) data analysis efforts to devise techniques for detecting abnormal or malicious activity or to study that activity; these collaborators also test the MISTRAL environment and Dataset to recommend refinement of the Infrastructure and the data collection process.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目为网络安全研究人员和网络运营商创建了一个数据集（Mistral数据集），以识别威胁，从而更好地保护与研究相关的资源。数据集中包含的数据来源反映了与几个科学应用程序及其相关网络基础结构的实际网络活动。这些数据是通过授权访问相关的网络安全研究人员的授权访问来捕获的，可以安全地捕获和访问的，目的是发现异常或恶意活动，这些活动可能代表对已识别的科学应用程序和Cyber​​infradstructure的威胁。由于数据是连续收集的，并通过自动手段收集，因此Mistral数据集随着时间的推移提供了对威胁的现实和相关表征。该项目还生产了数据集的公共版本。Mistral项目涵盖了基础架构，数据集和一组概念证明分析努力。 基础架构包括一条数据存储管道，用于处理估计的每天存储的本地和/或云中的数据，参考监视框架以及用于收集，分析和共享数据和相关元数据的工具，这些元数据表征了北 - 北 - 纽约（Internet（Internet（Internet-Facing））和East（后期）数据流。 The Dataset consists of safely captured domain science workflow behavior using production network flows (e.g., source/destination IP, port, protocol, date/time, number, and size of connections) and data centers and research labs, as well as supplemental data from DNS, authentication logs, intrusion detection alerts and other security event alerts (e.g., threat intelligence data detailing Indicators of Compromise). 最初的概念证明分析包括各种研究人员和学生（研究生和本科课程项目）数据分析工作，以设计用于检测异常或恶意活动或研究该活动的技术；这些合作者还测试了Mistral环境和数据集，以建议对基础架构和数据收集过程进行改进。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子和更广泛影响的评估评估标准来通过评估来获得支持的。