SBIR Phase II: Advanced Ransomware Countermeasure

SBIR 第二阶段：高级勒索软件对策

• 批准号: 2304216
• 负责人: Sudesh Kumar
• 金额: $ 99.44万
• 依托单位: Kapalya Inc
• 依托单位国家: 美国
• 项目类别: Cooperative Agreement
• 财政年份: 2024
• 资助国家: 美国
• 起止时间: 2024-02-01 至 2026-01-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2304216&HistoricalAwards=false
• 关键词: SBIR; Phase; II; Advanced; Ransomware

This Small Business Innovation Research (SBIR) Phase II project will develop the first universally aware software for ransomware protection with a proactive approach to stop incoming file-based and file-less attacks. The number of ransomware attacks launched globally has grown substantially over the years. To exploit previously undiscovered weaknesses and conduct more effective attacks, cybercriminals take advantage of the rising number of workers accessing business networks from home through a virtual private network (VPN) while working remotely. Current ransomware countermeasure solutions are not comprehensive and generally fail in tackling sustained and persistent attacks. Moreover, the current solutions track threats only at the operating system level and can be disabled. This solution features universal awareness based on a combination of characteristics related to user, ransomware, non-specific environment indicators, and non-ransomware metrics. The comprehensive ransomware detection, remediation, eradication, and data recovery solution enable unmatched protection from cyberattacks and allow timely detection and shutdown of cyberattacks thus, significantly reducing the amount of compromised data. This enhanced protection will have security benefits for a wide range of critical infrastructures, ranging from energy and finances to the protection of medical data.This Small Business Innovation Research (SBIR) Phase II project seeks to develop an advanced ransomware countermeasure (ARC) platform which will represent the most advanced and effective protection against ransomware attacks. The technology will enforce four synergistic actions: (1) precondition observation and characterization, (2) incoming interactions validation, (3) internal contents observation and characterization, and (4) outgoing interactions validation. In this project, the research and development efforts will be dedicated towards the (1) the development of the framework of communication between the inoculator and watch-dog and its deployment for effective countermeasure, (2) design and development of user-friendly interface providing simple user experience, (3) seamless integration of the ARC platform with existing Security Information and Event Management (SIEM) tools, (4) implementation of artificial intelligence/machine learning models in the ARC platform for the effective defense against zero-day ransomware exploits, and 5) validation of the ARC platform against known ransomware to ensure the proper function of all the modules. The successful completion of the SBIR Phase II activities will deliver a fully functional, commercially viable product with general availability that can seamlessly run/work along with existing SIEM tools and successfully defend against known ransomware attacks and zero-day exploits.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该小型企业创新研究(SBIR)第二阶段项目将开发第一个全球皆知的勒索软件保护软件，并采用主动方法来阻止传入的基于文件和无文件的攻击。多年来，全球发起的勒索软件攻击数量大幅增加。为了利用以前未发现的弱点并进行更有效的攻击，网络犯罪分子利用越来越多的员工在远程工作时从家里通过虚拟专用网络(VPN)访问企业网络。当前的勒索软件对策解决方案不全面，通常无法应对持续和持续的攻击。此外，当前的解决方案仅在操作系统级别跟踪威胁，并且可以禁用。此解决方案基于与用户、勒索软件、非特定环境指标和非勒索软件指标相关的特征组合，具有普遍感知功能。全面的勒索软件检测、补救、根除和数据恢复解决方案实现了针对网络攻击的无与伦比的保护，并允许及时检测和关闭网络攻击，从而显著减少了受危害的数据量。这种增强的保护将为从能源和金融到医疗数据保护的广泛关键基础设施带来安全好处。该小型企业创新研究(SBIR)第二阶段项目旨在开发高级勒索软件对策(ARC)平台，该平台将代表针对勒索软件攻击的最先进和最有效的保护。该技术将实施四个协同行动：(1)前提观察和表征，(2)传入交互验证，(3)内部内容观察和表征，以及(4)传出交互验证。在这个项目中，研发工作将致力于(1)开发接种程序和看门狗之间的通信框架并部署有效的对策，(2)设计和开发用户友好的界面，提供简单的用户体验，(3)ARC平台与现有的安全信息和事件管理(SIEM)工具的无缝集成，(4)在ARC平台中实施人工智能/机器学习模型，以有效防御零日勒索软件攻击，以及5)ARC平台针对已知勒索软件进行验证，以确保所有模块的正常功能。SBIR第二阶段活动的成功完成将提供一个功能齐全、商业上可行的产品，该产品可以与现有的SIEM工具无缝运行/协同工作，并成功防御已知的勒索软件攻击和零日攻击。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。