CICI: RSSD: DISCERN: Datasets to Illuminate Suspicious Computations on Engineering Research Networks

CICI：RSSD：DISCERN：阐明工程研究网络上可疑计算的数据集

• 批准号: 2319864
• 负责人: Brian Kocoloski
• 金额: $ 60万
• 依托单位: University of Southern California
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-09-01 至 2025-08-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2319864&HistoricalAwards=false
• 关键词: CICI; RSSD; DISCERN; Datasets; Illuminate

Scientific cyberinfrastructures (CIs) contain rich and powerful resources to support a wide range of experiments across the science and engineering research communities. However, CI resources and the experimental data they generate are compelling attack targets for cyber threat actors, who may seek to abuse CIs through activities such as (1) exfiltration or encryption of valuable experiment data; (2) enlistment of compromised resources into botnets, for purposes such as denial of service attacks; or (3) illicit non-scientific activities such as cryptocurrency mining. The DISCERN project (Datasets Illuminating Suspicious Computations on Engineering Research Networks) seeks to improve the cybersecurity posture of CIs by producing datasets that capture both legitimate and illegitimate use of CI resources. DISCERN's primary goal is to produce rich and diverse datasets that capture many realistic legitimate and illegitimate usage scenarios, thereby enabling cybersecurity innovations in areas such as threat detection and workload classification, to better secure the national CI ecosystem.DISCERN's methods and datasets are developed through DeterLab, a leading networking and cybersecurity testbed. DISCERN first instruments DeterLab to collect data about user activities at multiple levels of abstraction, including (1) interactions with user interfaces, (2) process, network, and file system events on platform operating systems and hypervisors, and (3) experimental node resource usage and internal and external traffic interacting with user experiments. All data is collected in a privacy-preserving and intellectual-property-preserving manner to protect users and their research. DISCERN also captures rich illegitimate use data through deployment of carefully designed ethical attacks that misuse DeterLab nodes in a variety of realistic misuse scenarios. All datasets and instrumentation tools developed by DISCERN are designed to be portable to other scientific CIs, and the DISCERN team engages in close collaboration with operators of those CIs to promote adoption of DISCERN tools and enable production of their own CI-usage datasets.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

科学网络基础设施 (CI) 包含丰富而强大的资源，可支持科学和工程研究社区的广泛实验。 然而，CI 资源及其生成的实验数据对于网络威胁行为者来说是引人注目的攻击目标，他们可能会通过以下活动来滥用 CI：(1) 窃取或加密有价值的实验数据； (2) 将受损资源纳入僵尸网络，用于拒绝服务攻击等目的； (3) 加密货币挖矿等非法非科学活动。 DISCERN 项目（揭示工程研究网络上可疑计算的数据集）旨在通过生成捕获 CI 资源的合法和非法使用的数据集来改善 CI 的网络安全状况。 DISCERN 的主要目标是生成丰富多样的数据集，捕获许多现实的合法和非法使用场景，从而实现威胁检测和工作负载分类等领域的网络安全创新，更好地保护国家 CI 生态系统。DISCERN 的方法和数据集是通过领先的网络和网络安全测试平台 DeterLab 开发的。 DISCERN 首先使用 DeterLab 收集多个抽象级别的用户活动数据，包括 (1) 与用户界面的交互，(2) 平台操作系统和虚拟机管理程序上的进程、网络和文件系统事件，以及 (3) 实验节点资源使用情况以及与用户实验交互的内部和外部流量。所有数据均以保护隐私和知识产权的方式收集，以保护用户及其研究。 DISCERN 还通过部署精心设计的道德攻击来捕获丰富的非法使用数据，这些攻击在各种现实的滥用场景中滥用 DeterLab 节点。 DISCERN 开发的所有数据集和仪器工具均设计为可移植到其他科学 CI，并且 DISCERN 团队与这些 CI 的运营商密切合作，以促进 DISCERN 工具的采用并能够生成自己的 CI 使用数据集。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。