Conference: Post-Alert: Data Attribution and Attack-Response

会议：警报后：数据归因和攻击响应

• 批准号: 2321134
• 负责人: Alvaro Cardenas
• 金额: $ 5万
• 依托单位: University of California-Santa Cruz
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-07-01 至 2024-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2321134&HistoricalAwards=false
• 关键词: Conference; Post; Alert; Data; Attribution

Over the past decades, research and industry have provided several tools for preventing and detecting attacks; however, what to do after an attack is detected has comparatively received less attention. This workshop brings together an interdisciplinary team of scientists looking at future research directions for attack recovery. The workshop's novelties are the multidisciplinary focus on attack recovery and the plan to define a future roadmap of open challenges and research directions to solve them. The workshop's broader significance and importance are to improve the security of our networks. The workshop will also look into inclusive best practices in technology and education to attract a diverse population to fulfill the nation's needs for incident response in our critical computer networks.The specific technical subtopics required for fast and effective incident response include (1) data provenance, (2) persistence, and (3) automated recovery. Each category requires deep technical expertise to develop the next-generation tools to protect our networks. For example, grammar induction techniques can be applied to provenance graphs to eliminate redundancy and correlate events. The rise of artificial intelligence tools like reinforcement learning can also be used to teach agents to operate through post-breach behavior. The outcome of this workshop will provide future guidance on research directions for real-time incident response and automated forensics.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在过去的几十年里，研究和工业界已经提供了几种工具来防止和检测攻击;然而，在检测到攻击后该怎么办相对较少受到关注。该研讨会汇集了一个跨学科的科学家团队，他们正在研究攻击恢复的未来研究方向。该研讨会的创新之处在于对攻击恢复的多学科关注，以及定义未来开放挑战路线图和解决这些挑战的研究方向的计划。该研讨会更广泛的意义和重要性在于提高我们网络的安全性。该研讨会还将探讨技术和教育方面的包容性最佳实践，以吸引多样化的人群，满足国家对关键计算机网络事件响应的需求。快速有效的事件响应所需的具体技术子主题包括（1）数据来源，（2）持久性和（3）自动恢复。每个类别都需要深厚的技术专业知识来开发下一代工具来保护我们的网络。例如，可以将语法归纳技术应用于起源图以消除冗余并关联事件。强化学习等人工智能工具的兴起也可以用来教代理通过违规后的行为进行操作。本次研讨会的成果将为实时事件响应和自动取证的研究方向提供未来的指导。该奖项反映了NSF的法定使命，并被认为值得通过使用基金会的知识价值和更广泛的影响审查标准进行评估来支持。