OAC Core: Small: Devising Data-driven Methodologies by Employing Large-scale Empirical Data to Fingerprint, Attribute, Remediate and Analyze Internet-scale IoT Maliciousness

OAC 核心：小型：通过使用大规模经验数据来指纹识别、归因、修复和分析互联网规模的物联网恶意行为，设计数据驱动的方法

• 批准号: 1953051
• 负责人: Murtuza Jadliwala
• 金额: $ 49.69万
• 依托单位: University of Texas at San Antonio
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-08-14 至 2024-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1953051&HistoricalAwards=false
• 关键词: OAC; Core; Small; Devising; Data

At least 20 billion devices will be connected to the Internet by 2023. Many of these devices transmit critical and sensitive system and personal data in real-time. Collectively known as "the Internet of Things" (IoT), this market represents a $267 billion per year industry. As valuable as this market is, security spending on the sector barely breaks 1%. Indeed, while IoT vendors continue to push more IoT devices to market, the security of these devices has often fallen in priority, making them easier to exploit. This drastically threatens the privacy of the consumers and the safety of mission-critical systems. While a number of research endeavors are currently taking place to address the IoT security problem, several challenges hinder their success. These include the lack of IoT monitoring capabilities once such devices are deployed, the shortage of remediation techniques when they are compromised, and the inadequacy of methodologies to permit the comprehension of the underlying IoT malicious infrastructures. To this end, this project will serve NSF's mission to promote the progress of science by developing data science methodologies to identify and remediate infected IoT devices in near real-time. The project will also promote cyber security research and training for minorities and K-12 students. Moreover, the project will contribute to operational cyber security by developing a large-scale cyberinfrastructure for IoT-relevant data and threat sharing, enabling hands-on cyber-science at large. The project will scrutinize close to 100 GB/hr of real-time unsolicited Internet-scale traffic to devise and develop efficient deep learning classifiers to fingerprint IoT devices, identifying their types and vendors, and disclosing their large-scale vulnerabilities and hosting environments. The project will design and develop fast greedy approximation algorithms for L1-norm Principal Component Analysis (PCA) data-dimensionality reduction, enabling the real-time execution of the Density Based Spatial Clustering of Application with Noise (DBSCAN) technique for detecting and attributing IoT orchestrated botnets. The project will also design scalable offensive security algorithms based on Internet-wide active measurements to offer macroscopic remediation strategies. The project will curate close to 3.5 million malware samples/day and around 1.3 million passive DNS records/day to build graph-theoretic models to uncover and characterize inter-related components which form the concept of IoT malicious cyberinfrastructure. Further, the project will analyze the evolution of such infrastructures to comprehend their modus operandi by devising efficiency graph similarity techniques in linear time, by designing and implementing algorithms rooted in graph kernels and min-hashing methods. The project will also (i) develop a unique cyberinfrastructure for IoT empirical data and cyber threat indexing and sharing, (ii) automate the devised algorithms and techniques by leveraging high speed, in-memory data processing technologies, (iii) generate IoT-specific detection signatures by exploring fuzzy hashing algorithms, and (iv) enable at-large access to the generated IoT artifacts through a secure API and a front-end mechanism.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

到2023年，至少有200亿个设备将连接到Internet。这些设备中的许多设备实时传输关键，敏感的系统和个人数据。该市场统称为“物联网”（物联网），代表着每年2670亿美元的行业。尽管这个市场很有价值，但该行业的安全支出几乎没有打破1％。确实，尽管物联网供应商继续将更多的物联网设备推向市场，但这些设备的安全通常已经优先考虑，使它们更容易利用。这大大威胁了消费者的隐私和关键任务系统的安全。尽管目前正在进行许多研究努力来解决IoT安全问题，但一些挑战阻碍了他们的成功。其中包括一旦部署了此类设备，就缺乏物联网监测功能，在遭到损害时的补救技术短缺以及方法不足，无法理解基本的IoT恶意基础架构。为此，该项目将通过开发数据科学方法来识别和补救受感染的物联网设备，以近乎实时的实时来促进科学的进步。该项目还将促进针对少数民族和K-12学生的网络安全研究和培训。此外，该项目将通过开发与物联网相关的数据和威胁共享的大规模的网络基础结构来有助于运营网络安全，从而使整个网络科学能够进行。 该项目将仔细检查实时未经请求的互联网规模流量的近100 GB/HR，以设计和开发有效的深度学习分类器，以向指纹IoT设备，识别其类型和供应商，并披露其大规模的漏洞和托管环境。该项目将设计和开发快速贪婪的近似算法，用于L1-NORM主成分分析（PCA）数据差异性降低，从而实现了使用噪声（DBSCAN）技术的基于密度的空间群集的实时执行，以检测和归因于IOT归因于IOT IOT所策划的僵尸网络。该项目还将基于范围内的主动测量值设计可扩展的进攻安全算法，以提供宏观的补救策略。该项目每天将策划接近350万个恶意软件样本，约130万个被动DNS记录/天，以构建图形理论模型，以揭示和表征相关组件，这些组件构成了IoT恶意网络基础结构的概念。此外，该项目将通过设计和实施植根于图形内核和最小用途方法的算法来分析此类基础架构的演变，以在线性时间中设计和实施效率图相似性技术来理解其作案操作。该项目还将（i）开发一种独特的网络基础架构，用于物联网经验数据和网络威胁索引和共享，（ii）通过利用高速，内存性数据处理技术来自动化设计的算法和技术，（III）通过探索fuzzy atherming Algorith和（IOT）的启用符号（III），并启用了fluzzy Algorith，（并）通过安全的API和前端机制进行物联网工件。该奖项反映了NSF的法定任务，并且使用基金会的知识分子优点和更广泛的影响审查标准，被认为值得通过评估来获得支持。

项目成果

Revisiting IoT Fingerprinting behind a NAT

重新审视 NAT 背后的物联网指纹识别

• DOI: 10.1109/ispa-bdcloud-socialcom-sustaincom52081.2021.00235
• 发表时间: 2021
• 期刊: 2021 IEEE Intl Conf on Parallel & Distributed Processing with Applications
• 作者: Nader, Christelle;Bou-Harb, Elias
• 通讯作者: Bou-Harb, Elias

A Collaborative Security Framework for Software-Defined Wireless Sensor Networks

• DOI: 10.1109/tifs.2020.2973875
• 发表时间: 2020
• 期刊: IEEE Transactions on Information Forensics and Security
• 影响因子: 6.8
• 作者: Christian Miranda;Georges Kaddoum;E. Bou-Harb;S. Garg;K. Kaur

Method for Securing and Terminating a CS Call over a VoIP System with Multi-Device Support

用于在具有多设备支持的VoIP系统上保护和终止CS呼叫的方法

• DOI: 10.1109/tsp.2019.8768893
• 发表时间: 2019
• 期刊: International Conference on Telecommunications and Signal Processing
• 作者: Khoury, D;Kfoury, EF;Ged, J;Crichigno, J;Bou-Harb, E
• 通讯作者: Bou-Harb, E

A Scalable Platform for Enabling the Forensic Investigation of Exploited IoT Devices and Their Generated Unsolicited Activities

• DOI: 10.1016/j.fsidi.2020.300922
• 发表时间: 2020-04
• 期刊: Digit. Investig.
• 作者: Sadegh Torabi;E. Bou-Harb;C. Assi;M. Debbabi

Sanitizing the IoT Cyber Security Posture: An Operational CTI Feed Backed up by Internet Measurements

净化物联网网络安全态势：由互联网测量支持的运营 CTI 源

• DOI: 10.1109/dsn48987.2021.00059
• 发表时间: 2021
• 期刊: 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN
• 作者: Pour, Morteza Safaei;Watson, Dylan;Bou-Harb, Elias
• 通讯作者: Bou-Harb, Elias