EAGER: USBRCCR: Improving Network Security at the Network Edge

EAGER：USBRCCR：提高网络边缘的网络安全性

• 批准号: 1740895
• 负责人: Donald Towsley
• 金额: $ 30万
• 依托单位: University of Massachusetts Amherst
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-09-01 至 2021-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1740895&HistoricalAwards=false
• 关键词: EAGER; USBRCCR; Improving; Network; Security

Recent years have seen the Internet playing an increasingly critical role in our daily lives with home networks hosting PCs, tablets, mobile devices along with more specialized devices such as smart televisions, thermostats, and other Internet-of-Things (IoT) devices. While these devices offer users an array of services and conveniences, they come at the cost of introducing security vulnerabilities into the home network. Thus users are confronted with the dual challenges of securing their networks and devices against malicious software (malware) and botnets that may perform distributed denial of service attacks on commercial and public websites and of maintaining the privacy of increasingly personal flows of data through IoT devices.This project takes a multifaceted look at the problem of securing home networks in the face of these challenges. Specifically, it includes a partnership with a Brazilian Internet Service Provider giving access to data from thousands of home network connections. This allows the creation of a baseline of network behavior against which to identify malicious behavior due to malware or compromised devices. Second, the project will develop behavior models of typical use of IoT in the wild. This will allow a better understanding of how sensitive and personal information can leak from IoT devices to IoT providers. The baseline and the IoT behavior models will lead to new methods for identifying the presence of anomalous/malicious behavior as well as leakage of privacy information. The research conducted in this project provides significant benefits to society. First, the results will allow users to enhance the security of their home networks and better protect personal and sensitive information. Second, the project will provide substantial opportunities for students to develop software and research skills along with cybersecurity skills.This project tackles the problem of securing modern home networks. The approach to this problem will be analytical and empirical. The project will consist of:(i) Development of techniques based on statistical analysis and machine learning that rely on data gathered in home networks to detect and classify malicious network activities. These techniques will focus on malicious activities both within and outside home networks.(ii) Fingerprinting of home network traffic to enable detection of compromised devices and characterization of the behavior of such devices even when flows are encrypted. (iii) Development of tools that will help users control access to their data.

近年来，互联网在我们的日常生活中发挥着越来越重要的作用，家庭网络托管电脑、平板电脑、移动设备以及智能电视、恒温器和其他物联网 (IoT) 设备等更专业的设备。虽然这些设备为用户提供了一系列服务和便利，但它们的代价是在家庭网络中引入了安全漏洞。因此，用户面临着双重挑战：保护其网络和设备免受可能对商业和公共网站执行分布式拒绝服务攻击的恶意软件和僵尸网络的侵害，以及维护通过物联网设备的日益个人化的数据流的隐私。面对这些挑战，该项目从多方面审视家庭网络的安全问题。具体来说，它包括与巴西互联网服务提供商的合作，允许访问来自数千个家庭网络连接的数据。这允许创建网络行为基线，根据该基线来识别由恶意软件或受损设备引起的恶意行为。其次，该项目将开发物联网在野外典型使用的行为模型。这将有助于更好地了解敏感信息和个人信息如何从物联网设备泄漏到物联网提供商。基线和物联网行为模型将带来识别异常/恶意行为以及隐私信息泄露的新方法。 该项目进行的研究为社会带来了重大利益。 首先，研究结果将使用户能够增强家庭网络的安全性，更好地保护个人和敏感信息。 其次，该项目将为学生提供大量机会来发展软件和研究技能以及网络安全技能。该项目解决了现代家庭网络的安全问题。解决这个问题的方法将是分析性的和实证性的。该项目将包括：（i）开发基于统计分析和机器学习的技术，依靠家庭网络中收集的数据来检测和分类恶意网络活动。这些技术将重点关注家庭网络内部和外部的恶意活动。(ii) 家庭网络流量指纹识别，即使在流量被加密的情况下，也能够检测受感染的设备并表征此类设备的行为。 (iii) 开发帮助用户控制对其数据的访问的工具。

项目成果

Network Anomaly Detection Based on Tensor Decomposition

基于张量分解的网络异常检测

• 发表时间: 2020-06
• 期刊: 18th Mediterranean Communication and Computer Networking Conference
• 作者: E. de Souza e Silva; A. Streit
• 通讯作者: A. Streit

Characterizing the Deployment and Performance of Multi-CDNs

表征多 CDN 的部署和性能

• 发表时间: 2018-10
• 期刊: Proceedings of the ACM SIGCOMM Internet Measurement Conference
• 作者: Singh, Rachee;Dunna, Arun;Gill, Phillipa
• 通讯作者: Gill, Phillipa

Are Covert DDoS Attacks Facing Multi-Feature Detectors Feasible?

面对多功能检测器的隐蔽 DDoS 攻击是否可行？

• 发表时间: 2021-06
• 期刊: Proceedings of 2021 ACM SIGMETRICS MAMA Workshop
• 作者: Ramtin, Amir Rezae;Towsley, Don;Nain, Philippe;de Souza e Silva, Edmundo;Menasche, Daniel Sadoc
• 通讯作者: Menasche, Daniel Sadoc

A Large-Scale Analysis of Deployed Traffic Differentiation Practices

对已部署的流量差异化实践的大规模分析

• 发表时间: 2019-01
• 期刊: ACM SIGCOMM
• 作者: Li, F.;Akhavan Niaki, A.;Choffnes, D.;Gill, P.;Mislove, A.
• 通讯作者: Mislove, A.

Network anomaly detection based on tensor decomposition

基于张量分解的网络异常检测

• DOI: 10.1016/j.comnet.2021.108503
• 发表时间: 2021-12
• 期刊: Computer Networks
• 影响因子: 5.6
• 作者: Streit, Ananda;Santos, Gustavo H.A.;Leão, Rosa M.M.;de Souza e Silva, Edmundo;Menasché, Daniel;Towsley, Don
• 通讯作者: Towsley, Don