CICI: RSSD: DISCERN: Datasets to Illuminate Suspicious Computations on Engineering Research Networks

CICI：RSSD：DISCERN：阐明工程研究网络上可疑计算的数据集

• 批准号: 2319864
• 负责人: Brian Kocoloski
• 金额: $ 60万
• 依托单位: University of Southern California
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-09-01 至 2025-08-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2319864&HistoricalAwards=false
• 关键词: CICI; RSSD; DISCERN; Datasets; Illuminate

Scientific cyberinfrastructures (CIs) contain rich and powerful resources to support a wide range of experiments across the science and engineering research communities. However, CI resources and the experimental data they generate are compelling attack targets for cyber threat actors, who may seek to abuse CIs through activities such as (1) exfiltration or encryption of valuable experiment data; (2) enlistment of compromised resources into botnets, for purposes such as denial of service attacks; or (3) illicit non-scientific activities such as cryptocurrency mining. The DISCERN project (Datasets Illuminating Suspicious Computations on Engineering Research Networks) seeks to improve the cybersecurity posture of CIs by producing datasets that capture both legitimate and illegitimate use of CI resources. DISCERN's primary goal is to produce rich and diverse datasets that capture many realistic legitimate and illegitimate usage scenarios, thereby enabling cybersecurity innovations in areas such as threat detection and workload classification, to better secure the national CI ecosystem.DISCERN's methods and datasets are developed through DeterLab, a leading networking and cybersecurity testbed. DISCERN first instruments DeterLab to collect data about user activities at multiple levels of abstraction, including (1) interactions with user interfaces, (2) process, network, and file system events on platform operating systems and hypervisors, and (3) experimental node resource usage and internal and external traffic interacting with user experiments. All data is collected in a privacy-preserving and intellectual-property-preserving manner to protect users and their research. DISCERN also captures rich illegitimate use data through deployment of carefully designed ethical attacks that misuse DeterLab nodes in a variety of realistic misuse scenarios. All datasets and instrumentation tools developed by DISCERN are designed to be portable to other scientific CIs, and the DISCERN team engages in close collaboration with operators of those CIs to promote adoption of DISCERN tools and enable production of their own CI-usage datasets.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

科学网络基础设施（CIs）包含丰富而强大的资源，以支持科学和工程研究界的广泛实验。然而，CI资源及其生成的实验数据对于网络威胁行为者来说是引人注目的攻击目标，他们可能会通过以下活动寻求滥用CI:(1)泄露或加密有价值的实验数据；(2)将受损资源纳入僵尸网络，用于拒绝服务攻击等目的；或者(3)非法的非科学活动，如加密货币挖矿。DISCERN项目（照亮工程研究网络可疑计算的数据集）旨在通过生成捕获CI资源合法和非法使用的数据集来改善CI的网络安全状况。DISCERN的主要目标是生成丰富多样的数据集，捕获许多现实的合法和非法使用场景，从而实现威胁检测和工作负载分类等领域的网络安全创新，以更好地保护国家CI生态系统。DISCERN的方法和数据集是通过领先的网络和网络安全测试平台detlab开发的。DISCERN首先使用detlab在多个抽象级别收集用户活动的数据，包括(1)与用户界面的交互，(2)平台操作系统和管理程序上的进程、网络和文件系统事件，以及(3)实验节点资源使用以及与用户实验交互的内部和外部流量。所有数据的收集在隐私保护和知识产权保护的方式，以保护用户和他们的研究。DISCERN还通过部署精心设计的道德攻击来捕获丰富的非法使用数据，这些攻击在各种现实的滥用场景中滥用detlab节点。由DISCERN开发的所有数据集和仪器工具都被设计为可移植到其他科学ci，并且DISCERN团队与这些ci的运营商密切合作，以促进对DISCERN工具的采用，并使他们能够生产自己的ci使用数据集。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。