CICI: SSC: Proactive Cyber Threat Intelligence and Comprehensive Network Monitoring for Scientific Cyberinfrastructure: The AZSecure Framework

CICI：SSC：科学网络基础设施的主动网络威胁情报和综合网络监控：AZSecure 框架

基本信息

批准号：
1917117
负责人：
Hsinchun Chen
金额：
$ 99.8万
依托单位：
University of Arizona
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2019
资助国家：
美国
起止时间：
2019-07-01 至 2024-06-30
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1917117&HistoricalAwards=false
关键词：
CICI SSC Proactive Cyber Threat

项目摘要

The rapid growth of computing technologies in scientific instruments has increased the rate of discovery. Some recent examples include the discovery of new fundamental particles and the first-ever images of a black hole. Unfortunately, the same technologies contributing to these high-impact discoveries are also being targeted by hackers to steal ideas or for profit. These attacks threaten the privacy, integrity, and ability to access valuable scientific data and events. The risks to scientific facilities and how they can be attacked have still not been properly mapped. This project will use novel Artificial Intelligence to (1) study hackers in the international and ever-evolving Dark Web and identify and categorize hundreds of thousands of risks and (2) link those risks to possible attacks on two large-scale science community facilities. One of them is a facility funded by the National Science Foundation offering advanced computing resources for Life Sciences. The other uses a network of sensors around the globe to collect detailed and timely data for Earth Sciences. Studying these valuable targets enables investigation of current and emerging threats that present risk to scientific discovery.Led by the Hispanic Serving Institution (HSI) University of Arizona (UA), this project designs an innovative, holistic, and proactive Cyber Threat Intelligence (CTI) framework with two synergistic research streams. The first builds upon advanced topic modelling and text classification approaches from our NSF Secure and Trustworthy Cyberspace (SaTC) research to systematically collect and explore multi-million record Dark Web hacker forums for scientific cyberinfrastructure exploits. The second designs novel banner data feature extraction, text analytics, and custom vulnerability scanning integrating state-of-the-art tools to comprehensively categorize and assess the vulnerabilities within CyVerse?s (life sciences) and LEO?s (earth sciences) diverse instruments, data, hardware, and software. Exploit and vulnerability assessment results are linked via a novel deep learning-based Exploit Vulnerability Deep Structured Semantic Model (EV-DSSM) based on word embedding. UA?s National Security Agency-designated Center of Academic Excellence in Cyber Defense, Research, and Operations, NSF Scholarship-for-Service (SFS) Cyber-Corps, and Master?s in Cybersecurity programs position the project for synergy with teaching and research. Techniques developed in this project will advance knowledge not only CTI, but network analysis, deep learning, and text analytics across multiple disciplines. Findings from this research will be disseminated to 75+ SFS partner institutions and operational intelligence for the larger scientific community (e.g., NSF Cybersecurity Summits of Large Facilities and Cyberinfrastructure).This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

科学仪器中计算技术的快速发展提高了发现速度。最近的一些例子包括发现新的基本粒子和首张黑洞图像。不幸的是，促成这些高影响力发现的相同技术也成为黑客窃取创意或牟利的目标。这些攻击威胁到隐私、完整性以及访问有价值的科学数据和事件的能力。科学设施面临的风险以及它们如何受到攻击尚未得到正确的描绘。该项目将使用新颖的人工智能来（1）研究国际和不断发展的暗网中的黑客，识别和分类数十万种风险，（2）将这些风险与对两个大型科学界设施的可能攻击联系起来。其中之一是由美国国家科学基金会资助的设施，为生命科学提供先进的计算资源。另一个使用全球传感器网络来收集地球科学详细且及时的数据。研究这些有价值的目标可以调查对科学发现构成风险的当前和新兴威胁。该项目由亚利桑那大学 (UA) 西班牙裔服务机构 (HSI) 领导，设计了创新、全面和主动的网络威胁情报 (CTI)具有两个协同研究流的框架。第一个基于 NSF 安全可信网络空间 (SaTC) 研究的先进主题建模和文本分类方法，系统地收集和探索数百万条记录的暗网黑客论坛，以利用科学的网络基础设施。第二个设计新颖的横幅数据特征提取、文本分析和自定义漏洞扫描，集成最先进的工具，以全面分类和评估 CyVerse（生命科学）和 LEO（地球科学）不同仪器中的漏洞、数据、硬件和软件。漏洞利用和漏洞评估结果通过基于词嵌入的新颖的基于深度学习的利用漏洞深度结构化语义模型（EV-DSSM）联系起来。 UA 的国家安全局指定的网络防御、研究和运营学术卓越中心、NSF 服务奖学金 (SFS) 网络军团和网络安全硕士项目使该项目与教学和研究产生协同作用。该项目开发的技术不仅将促进 CTI 知识的发展，还将促进跨多个学科的网络分析、深度学习和文本分析。这项研究的结果将传播给超过 75 个 SFS 合作机构和更大科学界的运营情报（例如 NSF 大型设施和网络基础设施网络安全峰会）。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准。