CICI: SSC: Proactive Cyber Threat Intelligence and Comprehensive Network Monitoring for Scientific Cyberinfrastructure: The AZSecure Framework

CICI：SSC：科学网络基础设施的主动网络威胁情报和综合网络监控：AZSecure 框架

• 批准号: 1917117
• 负责人: Hsinchun Chen
• 金额: $ 99.8万
• 依托单位: University of Arizona
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-07-01 至 2024-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1917117&HistoricalAwards=false
• 关键词: CICI; SSC; Proactive; Cyber; Threat

The rapid growth of computing technologies in scientific instruments has increased the rate of discovery. Some recent examples include the discovery of new fundamental particles and the first-ever images of a black hole. Unfortunately, the same technologies contributing to these high-impact discoveries are also being targeted by hackers to steal ideas or for profit. These attacks threaten the privacy, integrity, and ability to access valuable scientific data and events. The risks to scientific facilities and how they can be attacked have still not been properly mapped. This project will use novel Artificial Intelligence to (1) study hackers in the international and ever-evolving Dark Web and identify and categorize hundreds of thousands of risks and (2) link those risks to possible attacks on two large-scale science community facilities. One of them is a facility funded by the National Science Foundation offering advanced computing resources for Life Sciences. The other uses a network of sensors around the globe to collect detailed and timely data for Earth Sciences. Studying these valuable targets enables investigation of current and emerging threats that present risk to scientific discovery.Led by the Hispanic Serving Institution (HSI) University of Arizona (UA), this project designs an innovative, holistic, and proactive Cyber Threat Intelligence (CTI) framework with two synergistic research streams. The first builds upon advanced topic modelling and text classification approaches from our NSF Secure and Trustworthy Cyberspace (SaTC) research to systematically collect and explore multi-million record Dark Web hacker forums for scientific cyberinfrastructure exploits. The second designs novel banner data feature extraction, text analytics, and custom vulnerability scanning integrating state-of-the-art tools to comprehensively categorize and assess the vulnerabilities within CyVerse?s (life sciences) and LEO?s (earth sciences) diverse instruments, data, hardware, and software. Exploit and vulnerability assessment results are linked via a novel deep learning-based Exploit Vulnerability Deep Structured Semantic Model (EV-DSSM) based on word embedding. UA?s National Security Agency-designated Center of Academic Excellence in Cyber Defense, Research, and Operations, NSF Scholarship-for-Service (SFS) Cyber-Corps, and Master?s in Cybersecurity programs position the project for synergy with teaching and research. Techniques developed in this project will advance knowledge not only CTI, but network analysis, deep learning, and text analytics across multiple disciplines. Findings from this research will be disseminated to 75+ SFS partner institutions and operational intelligence for the larger scientific community (e.g., NSF Cybersecurity Summits of Large Facilities and Cyberinfrastructure).This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

科学仪器中计算技术的快速发展提高了发现速度。最近的一些例子包括发现新的基本粒子和首张黑洞图像。不幸的是，促成这些高影响力发现的相同技术也成为黑客窃取创意或牟利的目标。这些攻击威胁到隐私、完整性以及访问有价值的科学数据和事件的能力。科学设施面临的风险以及它们如何受到攻击尚未得到正确的描绘。该项目将使用新颖的人工智能来（1）研究国际和不断发展的暗网中的黑客，识别和分类数十万种风险，（2）将这些风险与对两个大型科学界设施的可能攻击联系起来。其中之一是由美国国家科学基金会资助的设施，为生命科学提供先进的计算资源。另一个使用全球传感器网络来收集地球科学的详细且及时的数据。研究这些有价值的目标可以调查对科学发现构成风险的当前和新兴威胁。该项目由亚利桑那大学 (UA) 西班牙裔服务机构 (HSI) 领导，设计了创新、全面和主动的网络威胁情报 (CTI)具有两个协同研究流的框架。第一个基于 NSF 安全可信网络空间 (SaTC) 研究的先进主题建模和文本分类方法，系统地收集和探索数百万条记录的暗网黑客论坛，以利用科学的网络基础设施。第二个设计新颖的横幅数据特征提取、文本分析和自定义漏洞扫描，集成最先进的工具，以全面分类和评估 CyVerse（生命科学）和 LEO（地球科学）不同仪器中的漏洞、数据、硬件和软件。漏洞利用和漏洞评估结果通过基于词嵌入的新颖的基于深度学习的利用漏洞深度结构化语义模型（EV-DSSM）联系起来。 UA 的国家安全局指定的网络防御、研究和运营学术卓越中心、NSF 服务奖学金 (SFS) 网络军团和网络安全硕士项目使该项目与教学和研究产生协同作用。该项目开发的技术不仅将促进 CTI 知识的发展，还将促进跨多个学科的网络分析、深度学习和文本分析。这项研究的结果将传播给超过 75 个 SFS 合作机构和更大科学界的运营情报（例如 NSF 大型设施和网络基础设施网络安全峰会）。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准。

项目成果

A Deep Learning Approach for Recognizing Activity of Daily Living (ADL) for Senior Care: Exploiting Interaction Dependency and Temporal Patterns

• DOI: 10.25300/misq/2021/15574
• 发表时间: 2021-06
• 期刊: MIS Q.
• 作者: Hongyi Zhu;Sagar Samtani;Randall A. Brown;Hsinchun Chen

Labeling Hacker Exploits for Proactive Cyber Threat Intelligence: A Deep Transfer Learning Approach

• DOI: 10.1109/isi49825.2020.9280548
• 发表时间: 2020-11
• 期刊: 2020 IEEE International Conference on Intelligence and Security Informatics (ISI)
• 作者: Benjamin Ampel;Sagar Samtani;Hongyi Zhu;Steven Ullman;Hsinchun Chen

Identifying Patterns of Vulnerability Incidence in Foundational Machine Learning Repositories on GitHub: An Unsupervised Graph Embedding Approach

• DOI: 10.1109/icdmw58026.2022.00084
• 发表时间: 2022-11
• 期刊: 2022 IEEE International Conference on Data Mining Workshops (ICDMW)
• 作者: Agrim Sachdeva;Ben Lazarine;Ruchik Dama;Sagar Samtani;Hongyi Zhu

Distilling Contextual Embeddings Into A Static Word Embedding For Improving Hacker Forum Analytics

将上下文嵌入提炼为静态词嵌入以改进黑客论坛分析

• DOI: 10.1109/isi53945.2021.9624848
• 发表时间: 2021
• 期刊: Proceedings of 2021 IEEE International Conference on Intelligence and Security Informatics (IEEE ISI 2021
• 作者: Ampel, Benjamin;Chen, Hsinchun
• 通讯作者: Chen, Hsinchun

Human Identification for Activities of Daily Living: A Deep Transfer Learning Approach

• DOI: 10.1080/07421222.2020.1759961
• 发表时间: 2020-04
• 期刊: Journal of Management Information Systems
• 影响因子: 7.7
• 作者: Hongyi Zhu;Sagar Samtani;Hsinchun Chen;J. Nunamaker