CAREER: An Artificial Intelligence (AI)-enabled Analytics Perspective for Developing Proactive Cyber Threat Intelligence

职业：基于人工智能 (AI) 的分析视角，用于开发主动网络威胁情报

• 批准号: 2338479
• 负责人: Sagar Samtani
• 金额: $ 60.46万
• 依托单位: Indiana University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2024
• 资助国家: 美国
• 起止时间: 2024-07-01 至 2029-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2338479&HistoricalAwards=false
• 关键词: CAREER; Artificial; Intelligence; AI; enabled

Cyber-attacks continue to exact a terrible toll on modern society. Increasingly, many firms seek to integrate cyber threat intelligence (CTI) about emerging threats and their relevance to vulnerabilities within their assets. However, much of the current CTI analyst practice is reactive, in which analysis manually examines exploits (software that circumvents vulnerabilities and allows an attacker to manipulate cyber-assets) after an attack. More proactive approaches to using CTI might prevent many cyber-attacks; in particular, sources such as Dark Web hacker forums often include signals about possible emerging exploit trends and attack vectors. However, these large, international, and ever-evolving platforms often contain millions of posts, a scale that makes conventional CTI analysis prohibitive, limited, error-prone, and time-consuming. Therefore, this project seeks to develop Artificial Intelligence (AI)-enabled analytics techniques based on text analysis and network science to identify emerging trends and to link exploits to vulnerabilities. The models and results produced from this research will be integrated into curricula for cybersecurity students and data scientists to help rapidly grow a well-trained workforce in proactive AI-enabled CTI analytics. This CAREER project seeks to develop two thrusts of proactive CTI research. The first is a novel Diachronic Graph Transformer (DGT) to detect and predict emerging exploit terms, semantics, and trends through advancing methods for balancing word embedding stability and capturing their shifts over time. The second is a self-supervised neural information retrieval method, entitled the Exploit-Vulnerability Self-Supervised Linker, that links hacker exploits to vulnerabilities in a manner consistent with CTI analysts' procedures and that accounts for a technology's configurations, dependencies, and other characteristics. The data and methods from this research will be integrated into three thrusts to improve cyber-AI education: (1) new lessons for an AI for Cybersecurity course at Indiana University, (2) resources to enhance the cybersecurity curricula of NSF CyberCorps Scholarship-for-Service institutions, and (3) proactive CTI learning modules for the AI+ platform offered by the Open Data Science Conference, one of the world's largest data science communities.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

网络攻击继续对现代社会造成可怕的损失。越来越多的公司试图将网络威胁情报（CTI）整合到有关新兴威胁及其与其资产中脆弱性的相关性上。但是，当前的许多CTI分析师实践都是反应性的，其中分析手动检查了攻击后漏洞并允许攻击者操纵网络资产的漏洞利用（软件）。使用CTI的更积极的方法可能会阻止许多网络攻击。特别是，诸如Dark Web Hacker论坛之类的资源通常包含有关可能出现的利用趋势和攻击向量的信号。但是，这些大型，国际和不断发展的平台通常包含数百万个帖子，这使得常规的CTI分析过于效率，有限，容易出错且耗时。因此，该项目旨在基于文本分析和网络科学开发人工智能（AI）启用分析技术，以识别新兴趋势并将利用与漏洞联系起来。这项研究产生的模型和结果将集成到网络安全学生和数据科学家的课程中，以帮助迅速发展积极的AI支持AI支持的CTI分析方面的训练有素的劳动力。这个职业项目旨在开发两种主动的CTI研究。第一个是一种新颖的历时图形变压器（DGT），用于检测和预测新兴的利用术语，语义和趋势，方法是通过前进的方法来平衡单词嵌入稳定性并随着时间的推移捕获其转移。 第二个是一种自我监督的神经信息检索方法，标题为“可剥削性可剥夺性自我监督的连接器”，该方法将黑客链接到与CTI分析师程序一致的方式中，涉及漏洞，并说明了技术的配置，依赖性，以及其他特征。这项研究的数据和方法将被整合到三个推力中，以改善网络-AI教育：（1）印第安纳大学AI的网络安全课程的新课程（2）增强NSF Cyber​​Corps奖学金的网络安全课程的资源，以积极的CTI学习模式提供了AI II II+ AI III Modie+ A I Insport in A A Insport II+ A.最大的数据科学社区。该奖项反映了NSF的法定使命，并被认为是值得通过基金会的知识分子优点和更广泛影响的评论标准来评估的。