Excellence in Research: Collaborative Research: Detecting Vulnerabilities in Internet of Things with Deep Learning

卓越研究：协作研究：利用深度学习检测物联网漏洞

基本信息

批准号：
2101161
负责人：
Hongmei Chi
金额：
$ 40.17万
依托单位：
Florida Agricultural and Mechanical University
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2021
资助国家：
美国
起止时间：
2021-10-01 至 2024-09-30
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2101161&HistoricalAwards=false
关键词：
Excellence Research Collaborative Detecting Vulnerabilities

项目摘要

The Internet of Things (IoT) integrates software applications, physical devices, and algorithms to interact with the physical world and humans. The economic and societal potential of such systems is vastly greater than has been realized, and major investments are being made worldwide to develop the technology. The technology for building IoT is based on embedded systems, scientific computations, and software embedded in devices. Because the physical components of IoT are directly interactive with humans, the security and reliability requirements are qualitatively different from those in general purpose computing. Failure to meet the security and reliability requirements exposes IoT and humans to malignant attacks. The goal of this project is to conduct interdisciplinary research that utilizes artificial intelligence methodologies against cybercriminals who initiate attacks or target internet connected devices and users. This project aims to explore applications of Deep Learning in cybersecurity research to detect security vulnerabilities in the Internet of Things through automated digital forensic evidence analytics. The project will actively engage a team of researchers in the investigation of deep learning, which includes a broader family of Artificial Intelligence that has produced results comparable and in some cases superior to human experts, to conduct the following research activities: (1) Assessing potential data vulnerabilities related to personal data privacy violations by analyzing the extracted hidden contents evidence and encrypted messages from IoT devices in a forensically sound manner; (2) Evaluating IoT software forensic evidence. Analyzing software vulnerabilities in IoT application source code to better mitigate the risk to software systems. Typical source code vulnerability evidence in applications includes buffer overflow, integer overflow, and Carriage Return and Line Feed injection; (3) Reconstructing attack scenes based on forensic evidence to find existing system vulnerabilities of IoT; (4) Increase research capacity and collaborations to generate new research opportunities for undergraduates from underrepresented communities to pursue advanced degrees in computer science.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

物联网 (IoT) 集成了软件应用程序、物理设备和算法，与物理世界和人类进行交互。此类系统的经济和社会潜力远远大于人们所认识到的，全球范围内正在进行大量投资来开发该技术。构建物联网的技术基于嵌入式系统、科学计算和设备中嵌入的软件。由于物联网的物理组件直接与人类交互，因此安全性和可靠性要求与通用计算中的安全性和可靠性要求有质的不同。未能满足安全性和可靠性要求会使物联网和人类面临恶意攻击。该项目的目标是进行跨学科研究，利用人工智能方法来打击发起攻击或针对互联网连接设备和用户的网络犯罪分子。该项目旨在探索深度学习在网络安全研究中的应用，通过自动化数字取证证据分析来检测物联网中的安全漏洞。该项目将积极让研究人员团队参与深度学习的研究，其中包括更广泛的人工智能系列，其产生的结果可与人类专家相媲美，在某些情况下优于人类专家，以开展以下研究活动：（1）评估潜力通过以取证方式分析从物联网设备提取的隐藏内容证据和加密消息，与个人数据隐私侵犯相关的数据漏洞； (2) 评估物联网软件取证证据。分析物联网应用程序源代码中的软件漏洞，以更好地降低软件系统的风险。应用程序中典型的源代码漏洞证据包括缓冲区溢出、整数溢出以及回车换行注入；（3）基于取证证据重建攻击场景，发现物联网现有系统漏洞； (4) 提高研究能力和合作，为代表性不足的社区的本科生创造新的研究机会，攻读计算机科学的高级学位。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查进行评估，被认为值得支持标准。