SaTC: CORE: Medium: Collaborative: RADAR: Real-time Advanced Detection and Attack Reconstruction
SaTC:核心:中等:协作:雷达:实时高级检测和攻击重建
基本信息
- 批准号:1918667
- 负责人:
- 金额:$ 59.99万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Standard Grant
- 财政年份:2019
- 资助国家:美国
- 起止时间:2019-10-01 至 2024-09-30
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
There has been a rapid escalation of targeted cyber-attacks, called Advanced Persistent Threats (APTs), on high-profile enterprises. These skilled attacks routinely bypass widely deployed protection mechanisms. Existing second-line cyber defenses (e.g., intrusion detection systems) are helpful, but they often generate a flood of information that overwhelms cyber analysts. Moreover, analysts lack the tools to piece together attack fragments spanning multiple applications and/or hosts. This project will hence focus on developing the principles, techniques, and tools for accurate attack detection and real-time reconstruction of attacker activities across large enterprises.Many intellectual challenges arise in APT campaign reconstruction, including: (a) developing a wide range of policy-based, anomaly-based and signature-based attack detectors, (b) connecting the dots in the presence of unreliable detectors, (c) scaling to large enterprise networks, and (d) resisting adversarial manipulation. To overcome these challenges, this project will explore several novel directions, including (i) domain-specific languages for cyber attack detection and forensics, (ii) novel detection techniques that leverage natural language descriptions of recent attacks, (iii) alternative dependence propagation semantics that mitigate dependence explosion, and (iv) mapping attack steps to the high-level objectives ("kill-chain") of APT actors.Cyber technologies are inextricably woven into the fabric of today's society. Repeated cyber attacks undermine the society's trust in this fabric. Even in purely economic terms, worldwide cybercrime led to $600 billion in losses in 2017 (Source: McAfee). This project will help arrest these downward trends. It will also educate graduate, undergraduate and K-12 students through cybersecurity coursework, research, and outreach activities. Enhanced participation of women and minorities will be targeted through alliances with partners, including the National Center for Women & Information Technology, Governor's State University, and Chicago Public Schools. Project-related data, results, publications and tools will be made available through the web sites of the research laboratories collaborating on this project: http://seclab.cs.stonybrook.edu/ and http://sisl.lab.uic.edu/.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
有针对性的网络攻击迅速升级,称为“高级持续威胁”(APTS),对备受瞩目的企业。这些熟练的攻击通常会绕过广泛部署的保护机制。现有的二线网络防御(例如,入侵检测系统)很有帮助,但它们通常会产生大量的信息,使网络分析师淹没。此外,分析师缺乏将跨越多个应用程序和/或主机的攻击片段组合在一起的工具。 This project will hence focus on developing the principles, techniques, and tools for accurate attack detection and real-time reconstruction of attacker activities across large enterprises.Many intellectual challenges arise in APT campaign reconstruction, including: (a) developing a wide range of policy-based, anomaly-based and signature-based attack detectors, (b) connecting the dots in the presence of unreliable detectors, (c) scaling to large enterprise networks, and (d)抵抗对抗操作。 To overcome these challenges, this project will explore several novel directions, including (i) domain-specific languages for cyber attack detection and forensics, (ii) novel detection techniques that leverage natural language descriptions of recent attacks, (iii) alternative dependence propagation semantics that mitigate dependence explosion, and (iv) mapping attack steps to the high-level objectives ("kill-chain") of APT actors.Cyber技术与当今社会的结构密不可分。反复的网络攻击破坏了社会对这种结构的信任。即使以经济方式,全球网络犯罪也导致了2017年6000亿美元的损失(资料来源:McAfee)。该项目将有助于阻止这些下降趋势。它还将通过网络安全课程,研究和外展活动来教育研究生,本科和K-12学生。妇女和少数民族的加强参与将通过与合作伙伴的联盟,包括国家妇女与信息技术中心,州长州立大学和芝加哥公立学校。与项目相关的数据,结果,出版物和工具将通过研究实验室的网站提供该项目:http://seclab.cs.stonybrook.edu// and http://sisl.lab.uic.edu/. 标准。
项目成果
期刊论文数量(5)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows
- DOI:10.1109/sp.2019.00026
- 发表时间:2018-10
- 期刊:
- 影响因子:0
- 作者:Sadegh M. Milajerdi;Rigel Gjomemo;Birhanu Eshete;R. Sekar;V. Venkatakrishnan
- 通讯作者:Sadegh M. Milajerdi;Rigel Gjomemo;Birhanu Eshete;R. Sekar;V. Venkatakrishnan
On the Impact of Exception Handling Compatibility on Binary Instrumentation
异常处理兼容性对二进制仪器的影响
- DOI:10.1145/3411502.3418428
- 发表时间:2020
- 期刊:
- 影响因子:0
- 作者:Priyadarshan, Soumyakant;Nguyen, Huan;Sekar, R.
- 通讯作者:Sekar, R.
Practical Fine-Grained Binary Code Randomization†
实用的细粒度二进制代码随机化
- DOI:10.1145/3427228.3427292
- 发表时间:2020
- 期刊:
- 影响因子:0
- 作者:Priyadarshan, Soumyakant;Nguyen, Huan;Sekar, R.
- 通讯作者:Sekar, R.
Information Flow: A Unified Basis for Vulnerability Mitigation, Malware Defense and Attack Scenario Reconstruction (Keynote Presentation)
信息流:漏洞缓解、恶意软件防御和攻击场景重构的统一基础(主题演讲)
- DOI:10.1145/3411502.3418421
- 发表时间:2020
- 期刊:
- 影响因子:0
- 作者:Sekar, R.
- 通讯作者:Sekar, R.
Combating Dependence Explosion in Forensic Analysis Using Alternative Tag Propagation Semantics
使用替代标签传播语义来对抗取证分析中的依赖爆炸
- DOI:10.1109/sp40000.2020.00064
- 发表时间:2020
- 期刊:
- 影响因子:1.9
- 作者:Hossain, Md Nahid;Sheikhi, Sanaz;Sekar, R
- 通讯作者:Sekar, R
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Ramasubramanian Sekar其他文献
Ramasubramanian Sekar的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Ramasubramanian Sekar', 18)}}的其他基金
SaTC: CORE: Medium: WebSheets: A New Privacy-Centric Framework for Web Applications
SaTC:核心:媒介:WebSheets:一种新的以隐私为中心的 Web 应用程序框架
- 批准号:
2153056 - 财政年份:2022
- 资助金额:
$ 59.99万 - 项目类别:
Standard Grant
TWC: Small: A platform for enhancing security of binary code
TWC:小型:增强二进制代码安全性的平台
- 批准号:
1319137 - 财政年份:2013
- 资助金额:
$ 59.99万 - 项目类别:
Standard Grant
Collaborative Project: An Extensible Software Platform for a Virtual Cyber Security Laboratory
合作项目:虚拟网络安全实验室的可扩展软件平台
- 批准号:
0817188 - 财政年份:2008
- 资助金额:
$ 59.99万 - 项目类别:
Standard Grant
CT-T: Proactive Techniques for Preserving System Integrity: A Basis for Robust Defense Against Malware
CT-T:保护系统完整性的主动技术:强大防御恶意软件的基础
- 批准号:
0831298 - 财政年份:2008
- 资助金额:
$ 59.99万 - 项目类别:
Continuing Grant
Center for Information Protection: A Multi-University Industry/University Collaborative Research Center
信息保护中心:多大学产学合作研究中心
- 批准号:
0733935 - 财政年份:2007
- 资助金额:
$ 59.99万 - 项目类别:
Continuing Grant
CT: New Techniques for Attack Detection, Prevention and Immunization
CT:攻击检测、预防和免疫的新技术
- 批准号:
0627687 - 财政年份:2006
- 资助金额:
$ 59.99万 - 项目类别:
Continuing Grant
A Plan for Developing a Multi-University Industry/University Collaborative Research Center on Cyber Security
建立多所大学网络安全产学合作研究中心计划
- 批准号:
0532030 - 财政年份:2005
- 资助金额:
$ 59.99万 - 项目类别:
Standard Grant
Scholarship for Service in Information Assurance
信息保障服务奖学金
- 批准号:
0417103 - 财政年份:2004
- 资助金额:
$ 59.99万 - 项目类别:
Continuing Grant
Collaborative Research: Capacity Expansion in Information Assurance
合作研究:信息保障能力扩展
- 批准号:
0313858 - 财政年份:2003
- 资助金额:
$ 59.99万 - 项目类别:
Standard Grant
A New Approach for Securing Systems Using Automated Adaptive Intrusion Response
使用自动自适应入侵响应保护系统安全的新方法
- 批准号:
0208877 - 财政年份:2002
- 资助金额:
$ 59.99万 - 项目类别:
Continuing Grant
相似国自然基金
中等质量丰中子核区的新核结构模型方法
- 批准号:
- 批准年份:2020
- 资助金额:18 万元
- 项目类别:专项基金项目
伏隔核D1/D2共表达中等多棘神经元在孤独症小鼠社交奖赏障碍中的作用及机制研究
- 批准号:81901381
- 批准年份:2019
- 资助金额:20.5 万元
- 项目类别:青年科学基金项目
星系中心的中等质量黑洞研究
- 批准号:11473062
- 批准年份:2014
- 资助金额:90.0 万元
- 项目类别:面上项目
过渡区中等质量原子核结构的配对壳模型研究
- 批准号:11305101
- 批准年份:2013
- 资助金额:22.0 万元
- 项目类别:青年科学基金项目
中等和大质量黑洞的潮汐瓦解及其吸积与辐射
- 批准号:10873015
- 批准年份:2008
- 资助金额:42.0 万元
- 项目类别:面上项目
相似海外基金
Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
- 批准号:
2330940 - 财政年份:2024
- 资助金额:
$ 59.99万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
- 批准号:
2317232 - 财政年份:2024
- 资助金额:
$ 59.99万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
- 批准号:
2317233 - 财政年份:2024
- 资助金额:
$ 59.99万 - 项目类别:
Continuing Grant
SaTC: CORE: Medium: Increasing user autonomy and advertiser and platform responsibility in online advertising
SaTC:核心:中:增加在线广告中的用户自主权以及广告商和平台责任
- 批准号:
2318290 - 财政年份:2024
- 资助金额:
$ 59.99万 - 项目类别:
Continuing Grant
SaTC: CORE: Medium: Testing the causal influence of social media on well-being and animosity
SaTC:核心:中:测试社交媒体对幸福感和敌意的因果影响
- 批准号:
2334148 - 财政年份:2024
- 资助金额:
$ 59.99万 - 项目类别:
Standard Grant