OAC Core: Small: Devising Data-driven Methodologies by Employing Large-scale Empirical Data to Fingerprint, Attribute, Remediate and Analyze Internet-scale IoT Maliciousness

OAC 核心：小型：通过使用大规模经验数据来指纹识别、归因、修复和分析互联网规模的物联网恶意行为，设计数据驱动的方法

• 批准号: 1907821
• 负责人: Elias Bou-Harb
• 金额: $ 49.69万
• 依托单位: Florida Atlantic University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-07-01 至 2019-10-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1907821&HistoricalAwards=false
• 关键词: OAC; Core; Small; Devising; Data

At least 20 billion devices will be connected to the Internet by 2023. Many of these devices transmit critical and sensitive system and personal data in real-time. Collectively known as "the Internet of Things" (IoT), this market represents a $267 billion per year industry. As valuable as this market is, security spending on the sector barely breaks 1%. Indeed, while IoT vendors continue to push more IoT devices to market, the security of these devices has often fallen in priority, making them easier to exploit. This drastically threatens the privacy of the consumers and the safety of mission-critical systems. While a number of research endeavors are currently taking place to address the IoT security problem, several challenges hinder their success. These include the lack of IoT monitoring capabilities once such devices are deployed, the shortage of remediation techniques when they are compromised, and the inadequacy of methodologies to permit the comprehension of the underlying IoT malicious infrastructures. To this end, this project will serve NSF's mission to promote the progress of science by developing data science methodologies to identify and remediate infected IoT devices in near real-time. The project will also promote cyber security research and training for minorities and K-12 students. Moreover, the project will contribute to operational cyber security by developing a large-scale cyberinfrastructure for IoT-relevant data and threat sharing, enabling hands-on cyber-science at large. The project will scrutinize close to 100 GB/hr of real-time unsolicited Internet-scale traffic to devise and develop efficient deep learning classifiers to fingerprint IoT devices, identifying their types and vendors, and disclosing their large-scale vulnerabilities and hosting environments. The project will design and develop fast greedy approximation algorithms for L1-norm Principal Component Analysis (PCA) data-dimensionality reduction, enabling the real-time execution of the Density Based Spatial Clustering of Application with Noise (DBSCAN) technique for detecting and attributing IoT orchestrated botnets. The project will also design scalable offensive security algorithms based on Internet-wide active measurements to offer macroscopic remediation strategies. The project will curate close to 3.5 million malware samples/day and around 1.3 million passive DNS records/day to build graph-theoretic models to uncover and characterize inter-related components which form the concept of IoT malicious cyberinfrastructure. Further, the project will analyze the evolution of such infrastructures to comprehend their modus operandi by devising efficiency graph similarity techniques in linear time, by designing and implementing algorithms rooted in graph kernels and min-hashing methods. The project will also (i) develop a unique cyberinfrastructure for IoT empirical data and cyber threat indexing and sharing, (ii) automate the devised algorithms and techniques by leveraging high speed, in-memory data processing technologies, (iii) generate IoT-specific detection signatures by exploring fuzzy hashing algorithms, and (iv) enable at-large access to the generated IoT artifacts through a secure API and a front-end mechanism.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

到 2023 年，至少有 200 亿台设备将连接到互联网。其中许多设备实时传输关键且敏感的系统和个人数据。该市场统称为“物联网”(IoT)，代表着每年价值 2,670 亿美元的产业。尽管这个市场很有价值，但该行业的安全支出几乎不超过 1%。事实上，虽然物联网供应商不断将更多物联网设备推向市场，但这些设备的安全性往往被放在优先考虑的位置，这使得它们更容易被利用。这极大地威胁了消费者的隐私和关键任务系统的安全。虽然目前正在进行许多研究工作来解决物联网安全问题，但一些挑战阻碍了它们的成功。这些问题包括部署此类设备后缺乏物联网监控功能、受到损害时缺乏补救技术，以及无法充分理解底层物联网恶意基础设施的方法。为此，该项目将服务于 NSF 的使命，即通过开发数据科学方法来近乎实时地识别和修复受感染的物联网设备，从而促进科学进步。该项目还将促进针对少数族裔和 K-12 学生的网络安全研究和培训。此外，该项目将通过开发用于物联网相关数据和威胁共享的大规模网络基础设施，为运营网络安全做出贡献，从而实现大规模的网络科学实践。 该项目将审查近 100 GB/小时的实时未经请求的互联网规模流量，以设计和开发高效的深度学习分类器来识别物联网设备，识别其类型和供应商，并披露其大规模漏洞和托管环境。该项目将设计和开发用于 L1 范数主成分分析 (PCA) 数据降维的快速贪婪近似算法，从而能够实时执行基于密度的噪声应用空间聚类 (DBSCAN) 技术来检测和归因物联网精心策划的僵尸网络。该项目还将基于互联网范围内的主动测量设计可扩展的攻击性安全算法，以提供宏观补救策略。该项目将每天管理近 350 万个恶意软件样本和约 130 万个被动 DNS 记录，以构建图论模型，以发现和表征形成物联网恶意网络基础设施概念的相互关联的组件。此外，该项目将通过设计和实现基于图内核和最小哈希方法的算法，在线性时间内设计高效图相似性技术，分析此类基础设施的演变，以理解其操作方式。该项目还将 (i) 为物联网经验数据和网络威胁索引和共享开发独特的网络基础设施，(ii) 通过利用高速内存数据处理技术来自动化设计的算法和技术，(iii) 生成物联网特定的通过探索模糊哈希算法来检测签名，以及 (iv) 通过安全 API 和前端机制实现对生成的物联网工件的普遍访问。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准。