CAREER: An Artificial Intelligence (AI)-enabled Analytics Perspective for Developing Proactive Cyber Threat Intelligence

职业：基于人工智能 (AI) 的分析视角，用于开发主动网络威胁情报

• 批准号: 2338479
• 负责人: Sagar Samtani
• 金额: $ 60.46万
• 依托单位: Indiana University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2024
• 资助国家: 美国
• 起止时间: 2024-07-01 至 2029-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2338479&HistoricalAwards=false
• 关键词: CAREER; Artificial; Intelligence; AI; enabled

Cyber-attacks continue to exact a terrible toll on modern society. Increasingly, many firms seek to integrate cyber threat intelligence (CTI) about emerging threats and their relevance to vulnerabilities within their assets. However, much of the current CTI analyst practice is reactive, in which analysis manually examines exploits (software that circumvents vulnerabilities and allows an attacker to manipulate cyber-assets) after an attack. More proactive approaches to using CTI might prevent many cyber-attacks; in particular, sources such as Dark Web hacker forums often include signals about possible emerging exploit trends and attack vectors. However, these large, international, and ever-evolving platforms often contain millions of posts, a scale that makes conventional CTI analysis prohibitive, limited, error-prone, and time-consuming. Therefore, this project seeks to develop Artificial Intelligence (AI)-enabled analytics techniques based on text analysis and network science to identify emerging trends and to link exploits to vulnerabilities. The models and results produced from this research will be integrated into curricula for cybersecurity students and data scientists to help rapidly grow a well-trained workforce in proactive AI-enabled CTI analytics. This CAREER project seeks to develop two thrusts of proactive CTI research. The first is a novel Diachronic Graph Transformer (DGT) to detect and predict emerging exploit terms, semantics, and trends through advancing methods for balancing word embedding stability and capturing their shifts over time. The second is a self-supervised neural information retrieval method, entitled the Exploit-Vulnerability Self-Supervised Linker, that links hacker exploits to vulnerabilities in a manner consistent with CTI analysts' procedures and that accounts for a technology's configurations, dependencies, and other characteristics. The data and methods from this research will be integrated into three thrusts to improve cyber-AI education: (1) new lessons for an AI for Cybersecurity course at Indiana University, (2) resources to enhance the cybersecurity curricula of NSF CyberCorps Scholarship-for-Service institutions, and (3) proactive CTI learning modules for the AI+ platform offered by the Open Data Science Conference, one of the world's largest data science communities.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

网络攻击继续对现代社会造成可怕的损失。越来越多的公司寻求整合有关新兴威胁及其与资产中漏洞相关性的网络威胁情报（CTI）。然而，目前CTI分析师的大部分做法都是被动的，在攻击后，分析人员会手动检查漏洞利用（规避漏洞并允许攻击者操纵网络资产的软件）。使用CTI的更积极主动的方法可能会阻止许多网络攻击;特别是，诸如Dark Web黑客论坛之类的来源通常包含有关可能出现的利用趋势和攻击向量的信号。然而，这些大型的、国际化的、不断发展的平台通常包含数百万个帖子，这一规模使得传统的CTI分析令人望而却步、受限、容易出错且耗时。因此，该项目旨在开发基于文本分析和网络科学的人工智能（AI）分析技术，以识别新兴趋势并将漏洞利用与漏洞联系起来。从这项研究中产生的模型和结果将被整合到网络安全学生和数据科学家的课程中，以帮助快速培养一支训练有素的员工队伍，进行主动的AI CTI分析。这个CAREER项目旨在发展两个积极的CTI研究的推动力。第一个是一个新的历时图Transformer（DGT），通过先进的平衡词嵌入稳定性和捕获其变化的方法来检测和预测新兴的利用术语，语义和趋势 随着时间 第二种是一种自我监督的神经信息检索方法，称为漏洞利用自我监督链接器（Exploit-Vulnerability Self-Supervised Linker），它以与CTI分析师程序一致的方式将黑客漏洞利用与漏洞联系起来，并说明技术的配置，依赖关系和其他特征。这项研究的数据和方法将被整合到三个重点中，以改善网络人工智能教育：（1）印第安纳州大学人工智能网络安全课程的新课程，（2）增强NSF CyberCorps奖学金服务机构网络安全课程的资源，以及（3）开放数据科学会议提供的人工智能+平台的主动CTI学习模块，该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。