CRI: II-New: ORION: Observatory for Cyber-Risk Insights and Outages of Networks

CRI：II-新：ORION：网络风险洞察和网络中断观察站

• 批准号: 1823192
• 负责人: Michael Kallitsis
• 金额: $ 69.4万
• 依托单位: Regents of the University of Michigan - Ann Arbor
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2022-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1823192&HistoricalAwards=false
• 关键词: CRI; II; New; ORION; Observatory

Advancing the security of Internet-connected devices and networks entails the detection and understanding of changes in adversarial behavior in real time. Hence, there is a need to develop methodologies and deploy infrastructure that can automatically diagnose macroscopic trends in Internet activity and provide to researchers and security analysts visibility into botnet infections, denial of service attacks, network outages, and malware campaigns. Network telescopes--networking instrumentation that collects and records unsolicited Internet traffic destined to a routed but unused Internet address space--are one avenue for detecting shifts in global Internet behavior. However, while network telescopes provide a powerful perspective, they have primarily been used for retroactively understanding Internet events. This project will design and deploy new infrastructure to modernize a large academic network telescope in order to offer unique real-time insights into malicious Internet activity and other threats. This project will introduce a new real-time data processing pipeline to parse incoming traffic and detect individual network events. It will explore emerging data science techniques to identify variations in Internet-wide trends and to produce terse, human-readable summaries of changes in Internet activity. To contextualize these events, this project will integrate external data sources into the processing pipeline including network reputation data, unique patterns of known malware and other security-focused resources (i.e., the Censys search engine). Furthermore, to boost the telescope's usability, this work will build accessible interfaces that would enable researchers to easily ask questions about telescope-detected events. The infrastructure will be broadly available to Computer and Information Science and Engineering researchers interested in understanding, measuring, modeling and defining Internet's evolution. It builds on Merit Network's decade-long experience in operating large-scale network telescopes in an ethically responsible manner. It will also leverage the expertise of researchers at Stanford University, University of California at San Diego, and Colorado State University. On the educational front, network telescope data can serve as a vehicle for inter-disciplinary training of the future workforce in areas that lie at the intersection of network security, computer systems, data science and engineering. Even at the graduate level, network telescope data analysis remains a relatively unexplored topic; this project will heighten the scientific utility of the data and will provide unique opportunities for educating students with real-world, heterogeneous network security data.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

提高互联网连接设备和网络的安全性需要实时检测和了解对手行为的变化。因此，需要开发方法和部署基础设施，以自动诊断互联网活动的宏观趋势，并为研究人员和安全分析师提供僵尸网络感染、拒绝服务攻击、网络中断和恶意软件活动的可见性。网络望远镜是一种收集和记录发往已路由但未使用的互联网地址空间的未经请求的互联网流量的网络仪器，是检测全球互联网行为变化的一种途径。然而，虽然网络望远镜提供了强大的视角，但它们主要用于追溯了解互联网事件。该项目将设计和部署新的基础设施，对大型学术网络望远镜进行现代化改造，以便对恶意互联网活动和其他威胁提供独特的实时洞察。该项目将引入新的实时数据处理管道来解析传入流量并检测单个网络事件。它将探索新兴的数据科学技术，以识别互联网范围内趋势的变化，并生成互联网活动变化的简洁、人类可读的摘要。为了将这些事件置于上下文中，该项目将把外部数据源集成到处理管道中，包括网络信誉数据、已知恶意软件的独特模式和其他以安全为中心的资源（即 Censys 搜索引擎）。 此外，为了提高望远镜的可用性，这项工作将建立可访问的界面，使研究人员能够轻松地询问有关望远镜探测到的事件的问题。该基础设施将广泛供对理解、测量、建模和定义互联网发展感兴趣的计算机和信息科学与工程研究人员使用。它建立在 Merit Network 长达十年的以道德负责的方式运营大型网络望远镜的经验之上。它还将利用斯坦福大学、加州大学圣地亚哥分校和科罗拉多州立大学研究人员的专业知识。在教育方面，网络望远镜数据可以作为网络安全、计算机系统、数据科学和工程交叉领域未来劳动力跨学科培训的工具。即使在研究生阶段，网络望远镜数据分析仍然是一个相对未经探索的话题；该项目将提高数据的科学实用性，并为用真实世界的异构网络安全数据教育学生提供独特的机会。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优势和更广泛的评估进行评估，被认为值得支持。影响审查标准。

项目成果

Poster: Shedding light into the darknet: scanning characterization and detection of temporal changes

海报：将光线投射到暗网：扫描表征和时间变化检测

• DOI: 10.1145/3485983.3493347
• 发表时间: 2021-01
• 期刊: CoNEXT '21: Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies
• 作者: Prajapati, Rupesh;Honavar, Vasant;Wu, Dinghao;Yen, John;Kallitsis, Michalis
• 通讯作者: Kallitsis, Michalis

All Things Considered: An Analysis of IoT Devices on Home Networks

综合考虑：家庭网络上的物联网设备分析

• 发表时间: 2024-09-13
• 作者: Deepak Kumar;K. Shen;Benton Case;D. Garg;Galina Alperovich;Dmitry Kuznetsov;Rajarshi Gupta;Zakir Durumeric
• 通讯作者: Zakir Durumeric

AMON-SENSS: Scalable and Accurate Detection of Volumetric DDoS Attacks at ISPs

AMON-SENSS：可扩展且准确地检测 ISP 的流量 DDoS 攻击

• 发表时间: 2022-01
• 期刊: IEEE Global Communications Conference
• 作者: Tandon, Rajat;Charnsethikul, Pithayuth;Kallitsis, Michalis;Mirkovic, Jelena
• 通讯作者: Mirkovic, Jelena

Detecting and Interpreting Changes in Scanning Behavior in Large Network Telescopes

检测和解释大型网络望远镜扫描行为的变化

• DOI: 10.1109/tifs.2022.3211644
• 发表时间: 2024-09-14
• 期刊: IEEE Transactions on Information Forensics and Security
• 影响因子: 6.8
• 作者: Michalis Kallitsis;Rupesh Prajapati;Vasant G Honavar;Dinghao Wu
• 通讯作者: Dinghao Wu