EAGER: Privacy Preserving Synthetic Graph Generation for System Provenance

EAGER：用于系统起源的隐私保护合成图生成

• 批准号: 2331424
• 负责人: Kangkook Jee
• 金额: $ 25万
• 依托单位: University of Texas at Dallas
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2331424&HistoricalAwards=false
• 关键词: EAGER; Privacy; Preserving; Synthetic; Graph

System provenance has emerged as an area of prominent research in recent years, garnering attention from both academia and industry. The escalating proliferation of Advanced Persistent Threat (APT) campaigns has been a key driver behind it. Compounding this issue is the growing dependency on open-source software for supply chain components. The origins and potential threats associated with these components are often unclear and difficult to trace, thereby highlighting the importance of a dynamic security defense built on system provenance data collection. However, lack of robust and reliable datasets significantly hinders the progress of system provenance research. While data collection itself is costly due to the overhead of deployment and maintenance, the public sharing of existing datasets is also obstructed due to potential privacy risks. The granular, comprehensive nature of system provenance carries significant sources of privacy leakage, captured during dynamic runtime. System provenance graphs often carry privacy-sensitive information, not only in their explicit textual and numerical attributes but also in their implicit structural relationships, which can easily span high-order interactions. Distinct in their privacy implications from traditional security datasets, system provenance datasets offer a new perspective for privacy research.Composed of four separate research thrusts, the project aims to address the discrepancy between the privacy risks associated with system provenance and the high demand for publicly available system provenance datasets. Firstly, to accurately assess and understand the privacy implications of system provenance graphs, a systematic study will be conducted to identify potential privacy risks associated with these graphs. Secondly, various approaches will be explored to construct models for synthetic graph generation, leveraging paths extracted from system provenance graphs. To restructure the synthetically generated paths and reconstruct realistic synthetic graphs, a series of post-processing techniques will be applied. Thirdly, a set of metrics will be designed to measure both the forensic plausibility and the privacy protections provided by the generated synthetic data. Finally, the project will develop synthetic provenance graph generation techniques to encompass a wider range of graph-structured datasets for system and security applications. The project is founded on extensive system provenance datasets from real-world deployments, collected with end-user consent and under the university's IRB review.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

近年来，系统起源已成为一个重要的研究领域，引起了学术界和工业界的关注。高级持续威胁(APT)活动的不断扩散一直是其背后的关键驱动因素。加剧这一问题的是，供应链组件对开源软件的依赖程度越来越高。与这些组件相关的来源和潜在威胁往往不清楚，难以追踪，因此突出了建立在系统来源数据收集基础上的动态安全防御的重要性。然而，缺乏稳健可靠的数据集严重阻碍了系统种源研究的进展。虽然数据收集本身由于部署和维护的开销而成本高昂，但由于潜在的隐私风险，现有数据集的公共共享也受到阻碍。系统来源的细粒度、全面性带来了在动态运行时捕获的大量隐私泄漏来源。系统起源图通常携带隐私敏感信息，不仅在其显式的文本和数字属性中，而且在其隐含的结构关系中，这很容易跨越高阶交互。与传统安全数据集不同的是，系统来源数据集为隐私研究提供了一个新的视角。该项目由四个独立的研究主题组成，旨在解决与系统来源相关的隐私风险与对公开可用的系统来源数据集的高需求之间的差异。首先，为了准确评估和了解系统种源图表对隐私的影响，我们将进行一项系统研究，以确定与这些图表相关的潜在隐私风险。其次，将探索各种方法来构建合成图形生成的模型，利用从系统起源图中提取的路径。为了重建合成路径和重建逼真的合成图形，将应用一系列的后处理技术。第三，将设计一套衡量标准，以衡量所生成的合成数据所提供的取证可信度和隐私保护。最后，该项目将开发合成种源图表生成技术，以涵盖更广泛的系统和安全应用程序的图表结构数据集。该项目基于来自真实世界部署的广泛的系统起源数据集，经最终用户同意并根据大学的IRB审查收集。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。