CRI: II-New: ORION: Observatory for Cyber-Risk Insights and Outages of Networks

CRI：II-新：ORION：网络风险洞察和网络中断观察站

• 批准号: 1823192
• 负责人: Michael Kallitsis
• 金额: $ 69.4万
• 依托单位: Regents of the University of Michigan - Ann Arbor
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2022-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1823192&HistoricalAwards=false
• 关键词: CRI; II; New; ORION; Observatory

Advancing the security of Internet-connected devices and networks entails the detection and understanding of changes in adversarial behavior in real time. Hence, there is a need to develop methodologies and deploy infrastructure that can automatically diagnose macroscopic trends in Internet activity and provide to researchers and security analysts visibility into botnet infections, denial of service attacks, network outages, and malware campaigns. Network telescopes--networking instrumentation that collects and records unsolicited Internet traffic destined to a routed but unused Internet address space--are one avenue for detecting shifts in global Internet behavior. However, while network telescopes provide a powerful perspective, they have primarily been used for retroactively understanding Internet events. This project will design and deploy new infrastructure to modernize a large academic network telescope in order to offer unique real-time insights into malicious Internet activity and other threats. This project will introduce a new real-time data processing pipeline to parse incoming traffic and detect individual network events. It will explore emerging data science techniques to identify variations in Internet-wide trends and to produce terse, human-readable summaries of changes in Internet activity. To contextualize these events, this project will integrate external data sources into the processing pipeline including network reputation data, unique patterns of known malware and other security-focused resources (i.e., the Censys search engine). Furthermore, to boost the telescope's usability, this work will build accessible interfaces that would enable researchers to easily ask questions about telescope-detected events. The infrastructure will be broadly available to Computer and Information Science and Engineering researchers interested in understanding, measuring, modeling and defining Internet's evolution. It builds on Merit Network's decade-long experience in operating large-scale network telescopes in an ethically responsible manner. It will also leverage the expertise of researchers at Stanford University, University of California at San Diego, and Colorado State University. On the educational front, network telescope data can serve as a vehicle for inter-disciplinary training of the future workforce in areas that lie at the intersection of network security, computer systems, data science and engineering. Even at the graduate level, network telescope data analysis remains a relatively unexplored topic; this project will heighten the scientific utility of the data and will provide unique opportunities for educating students with real-world, heterogeneous network security data.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

提高与Internet连接的设备和网络的安全性需要实时检测和理解对抗行为的变化。因此，有必要开发方法和部署基础架构，这些方法和基础架构可以自动诊断互联网活动的宏观趋势，并为研究人员和安全分析师提供对僵尸网络感染的可见性，拒绝服务攻击，网络中断和恶意软件活动。网络望远镜 - 收集和记录原定为路由但未使用的Internet地址空间的未经请求的互联网流量的网络仪器，这是检测全球互联网行为变化的途径。但是，尽管网络望远镜提供了有力的观点，但它们主要用于追溯了解互联网事件。该项目将设计和部署新的基础架构，以现代化大型的学术网络望远镜，以便为恶意的互联网活动和其他威胁提供独特的实时见解。该项目将引入新的实时数据处理管道，以解析传入的流量并检测各个网络事件。它将探索新兴的数据科学技术，以识别互联网范围的趋势的变化，并产生简短的人类可读性的互联网活动变化摘要。为了将这些事件进行上下文化，该项目将将外部数据源集成到处理管道中，包括网络信誉数据，已知恶意软件的唯一模式和其他以安全性为中心的资源（即Censys搜索引擎）。 此外，为了提高望远镜的可用性，这项工作将构建可访问的接口，使研究人员可以轻松地提出有关望远镜检测事件的问题。这些基础架构将广泛用于计算机和信息科学和工程研究人员，对理解，测量，建模和定义Internet的演变感兴趣。它以优异网络在以道德负责的方式运行大规模网络望远镜的十年经验。它还将利用斯坦福大学，加州大学圣地亚哥大学和科罗拉多州立大学的研究人员的专业知识。在教育方面，网络望远镜数据可以作为在网络安全，计算机系统，数据科学和工程相交区域中对未来劳动力进行跨学科培训的工具。即使在研究生级别，网络望远镜数据分析仍然是一个相对尚未探索的主题。该项目将加强数据的科学实用性，并将为通过现实世界，异构网络安全数据教育学生提供独特的机会。该奖项反映了NSF的法定任务，并被认为是通过基金会的智力优点和更广泛的影响来通过评估来获得支持的审查标准。

项目成果

All Things Considered: An Analysis of IoT Devices on Home Networks

• 发表时间: 2019
• 作者: Deepak Kumar;K. Shen;Benton Case;D. Garg;Galina Alperovich;Dmitry Kuznetsov;Rajarshi Gupta;Zakir Durumeric

Detecting and Interpreting Changes in Scanning Behavior in Large Network Telescopes

• DOI: 10.1109/tifs.2022.3211644
• 发表时间: 2022
• 期刊: IEEE Transactions on Information Forensics and Security
• 影响因子: 6.8
• 作者: Michalis Kallitsis;Rupesh Prajapati;Vasant G Honavar;Dinghao Wu

AMON-SENSS: Scalable and Accurate Detection of Volumetric DDoS Attacks at ISPs

AMON-SENSS：可扩展且准确地检测 ISP 的流量 DDoS 攻击

• 发表时间: 2022
• 期刊: IEEE Global Communications Conference
• 作者: Tandon, Rajat;Charnsethikul, Pithayuth;Kallitsis, Michalis;Mirkovic, Jelena
• 通讯作者: Mirkovic, Jelena

Poster: Shedding light into the darknet: scanning characterization and detection of temporal changes

海报：将光线投射到暗网：扫描表征和时间变化检测

• DOI: 10.1145/3485983.3493347
• 发表时间: 2021
• 期刊: CoNEXT '21: Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies
• 作者: Prajapati, Rupesh;Honavar, Vasant;Wu, Dinghao;Yen, John;Kallitsis, Michalis
• 通讯作者: Kallitsis, Michalis