CRII: OAC: Inferring, Attributing, Mitigating and Analyzing the Malicious Orchestration of Internet-scale Exploited IoT Devices: A Network Telescope Approach

CRII：OAC：推断、归因、减轻和分析互联网规模被利用物联网设备的恶意编排：网络望远镜方法

• 批准号: 1953050
• 负责人: Elias Bou-Harb
• 金额: $ 11.18万
• 依托单位: University of Texas at San Antonio
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-08-20 至 2021-02-28
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1953050&HistoricalAwards=false
• 关键词: CRII; OAC; Inferring; Attributing; Mitigating

Despite the benefits provided by the widespread adoption and deployment of diverse Internet-enabled devices such as phones and smart home components in consumer markets and critical infrastructure - the so called Internet of Things (IoT) devices, security concerns are rising as such devices also introduce new vulnerabilities that could be leveraged by attackers to launch disrupting cyber-attacks. The objective of this project is to enable exploration of the inherent insecurity of the IoT paradigm by exploring innovative data analytics as applied to raw cyber security data. Insights gained will allow detection, characterization and attribution of Internet-scale compromised IoT devices, coupled with their malicious activities, in near real-time. Several technical challenges impede addressing IoT security at large, including, the excessive diversity of IoT devices in addition to their Internet-wide deployment, the lack of IoT-relevant data and the shortage of IoT-specific actionable attack signatures. In this context, this project serves NSF's mission to promote the progress of science by aiming to generate a first-of-a-kind, large-scale analysis of the magnitude of compromised IoT devices. The project also promotes cyber security research and training for minorities, given that it will be executed within the boundaries of a designated Hispanic-serving institution. Moreover, the project will contribute to operational cyber security by developing a real-time capability for storing and sharing IoT-relevant threat information.The project will draw-upon macroscopic, large-scale passive measurement data collected in real-time from a network telescope to highlight the severity of the insecurity of the IoT paradigm. Network telescopes, most commonly known as darknets, constitute a set of routable, allocated yet unused IP addresses. The project will design and develop real-time algorithms that are capable of inferring Internet-scale exploited IoT devices by exploring darknet data. Furthermore, the project will investigate formal correlation approaches rooted in stochastic data structures between IoT-relevant passive measurements and malware samples to aid in the attribution and thus the remediation objective. The project will further explore the orchestration behavior of seemingly independent IoT activities, which operate within well-coordinated IoT botnets. To this end, the project will innovate time series analytics based upon trigonometric interpolation techniques, recursive optimal stochastic estimators, and bitmap matching algorithms to infer such IoT botnets by employing passive measurements.  The project will also (1) develop a unique cyberinfrastructure for IoT cyber threat indexing by automating the proposed algorithms, techniques and methods, (2) generate IoT-specific signatures by employing piecewise hashing techniques, and (3) create access methods based on an API mechanism and a front-end service facilitated by Elasticsearch to allow the sharing of IoT-centric empirical data, threat intelligence and signatures.  This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

尽管采用和部署潜水员互联网的设备（例如手机和智能家庭组件）在消费市场和关键基础架构中带来了宽泛的好处 - 所谓的物联网（IoT）设备，安全问题仍在上升，因此，此类设备也兴起，此类设备也引入了袭击者来介绍袭击者来启动破坏性的攻击者。该项目的目的是通过探索应用于原始网络安全数据的创新数据分析来探索物联网范式的继承不安全感。获得的见解将允许互联网规模折衷的IoT设备的检测，表征和属性以及其恶意活动几乎实时。一些技术挑战阻碍了针对物联网安全性的一些技术挑战，包括除了互联网范围内部署的物联网设备的多样性，缺乏与物联网相关的数据以及特定于IOT特定的可操作攻击标志的短缺。在这种情况下，该项目旨在通过对折衷的IoT设备进行首个大规模的分析来促进科学进步。该项目还促进了少数民族的网络安全研究和培训，因为该项目将在指定的西班牙裔服务机构的边界内执行。此外，该项目将通过开发用于存储和共享相关威胁信息的实时能力来有助于运营网络安全。该项目将在宏观望远镜望远镜中收集的宏观，大规模的被动测量数据，从网络望远镜实时收集，以突出IOT Paradigm的不安全感的严重性。网络望远镜（通常称为DarkNets）构成了一组可路由的，分配但未使用的IP地址。该项目将设计和开发实时算法，这些算法能够通过探索DarkNet数据来推断Internet规模探索的IoT设备。此外，该项目将研究与物联网相关的被动测量和恶意软件样本之间的随机数据结构的形式相关方法，以帮助属性，从而有助于修复目标。该项目将进一步探讨看似独立的物联网活动的编排行为，该活动在协调良好的物联网植物网中运作。为此，该项目将基于三角插值技术，递归最佳随机估计器以及匹配算法的位图来创新时间序列分析，以通过使用被动测量来推断此类IoT僵尸网络。 The project will also (1) develop a unique cyberinfrastructure for IoT cyber threat indexing by automating the proposed algorithms, techniques and methods, (2) generate IoT-specific signatures by employing piecewise hashing techniques, and (3) create access methods Based on an API mechanism and a front-end service prepared by Elasticsearch to allow the sharing of IoT-centric empirical data, threat intelligence and签名。该奖项反映了NSF的法定任务，并通过使用基金会的知识分子优点和更广泛的影响审查标准来评估被认为是宝贵的支持。

项目成果

Data-Driven Intelligence for Characterizing Internet-Scale IoT Exploitations

用于表征互联网规模物联网开发的数据驱动智能

• DOI: 10.1109/glocomw.2018.8644468
• 发表时间: 2018
• 期刊: 2018 IEEE Globecom Workshops (GC Wkshps
• 作者: Neshenko, Nataliia;Husak, Martin;Bou-Harb, Elias;Celeda, Pavel;Al-Mulla, Sameera;Fachkha, Claude
• 通讯作者: Fachkha, Claude

Theoretic derivations of scan detection operating on darknet traffic

对暗网流量进行扫描检测的理论推导

• 发表时间: 2019
• 期刊: Computer communications
• 影响因子: 6
• 作者: Safaei Pour, Morteza;Bou-Harb, Elias
• 通讯作者: Bou-Harb, Elias

Data-driven Curation, Learning and Analysis for Inferring Evolving IoT Botnets in the Wild

• DOI: 10.1145/3339252.3339272
• 发表时间: 2019-08
• 期刊: Proceedings of the 14th International Conference on Availability, Reliability and Security
• 作者: Morteza Safaei Pour;Antonio Mangino;Kurt Friday;Matthias Rathbun;E. Bou-Harb;Farkhund Iqbal;K. Shaban;A. Erradi

Assessing Internet-wide Cyber Situational Awareness of Critical Sectors

评估关键部门的全互联网网络态势感知

• DOI: 10.1145/3230833.3230837
• 发表时间: 2018
• 期刊: Reliability and Security
• 作者: Husák, Martin;Neshenko, Nataliia;Pour, Morteza Safaei;Bou-Harb, Elias;Čeleda, Pavel
• 通讯作者: Čeleda, Pavel