CRII: SaTC: RUI: An Intelligent Data-Driven Framework to Achieve Proactive Cybersecurity

CRII：SaTC：RUI：实现主动网络安全的智能数据驱动框架

• 批准号: 2246220
• 负责人: Ericsson Santana Marin
• 金额: $ 17.5万
• 依托单位: Cal Poly Pomona Foundation, Inc.
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-04-15 至 2025-03-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2246220&HistoricalAwards=false
• 关键词: CRII; SaTC; RUI; Intelligent; Data

Information for cyber-attack deployment has been increasingly shared by hackers on the underground world of the darkweb. In those hidden and anonymous environments, cyber criminals discuss how to 1) identify software vulnerabilities, 2) create or purchase exploits, 3) choose a target and recruit collaborators, 4) obtain access to the infrastructure needed, and 5) plan and execute the attack. Although this behavior helps hackers to produce a huge amount of malware, it also provides valuable intelligence for defenders, as the information shared online can be leveraged as precursors to various types of cyber threats. By relying on proactive cyber-threat intelligence analysis, this project addresses the following key research question: can emerging cyber-threats be accurately and aforesaid predicted? With continuous retrieval and analysis of hacker communication, this research will shed light on the assets, capabilities, behaviors, and interests of malicious hackers that can be leveraged for establishing cyber threat prediction.To accomplish that, two finer-grained problems are being investigated. These investigations constitute the project’s novelties and are key factors for the design of better cyber-defense systems. First, the prediction of software vulnerability exploitation is conducted through classification techniques that correlate hackers' digital traces on hacker forums and marketplaces, and security advisories with real- world hacking attempts. The positive predictions (i.e., it will be exploited) are then ranked for patch prioritization, overcoming two current shortcomings not addressed by machine learning work in this domain: 1) the lack of differentiation of the predicted exploitation and 2) the lack of time interval for predictions. Second, the anticipation of malicious information cascades that might propagate to viral proportions is also performed. Here, classification techniques leveraging social network analysis are used to extract hacker topological information and to estimate social influence, predicting which techniques, strategies, or exploits included in hacking forums might be widely adopted in the near future. Both project efforts will lead to new techniques to predict cyber threats that are time sensitive, giving defenders a better chance in the fight against attackers. The project deliverables, data and models, will be disseminated through the security community.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

黑客在Darkweb的基本世界上越来越多地分享了网络攻击部署的信息。在那些隐藏和匿名的环境中，网络犯罪分子讨论如何确定软件漏洞，2）创建或购买漏洞利用，3）选择目标和招聘协作者，4）获得访问所需的基础结构，以及5）计划并执行攻击。尽管这种行为有助于黑客制造大量恶意软件，但它也为防御者提供了宝贵的智能，因为可以将在线共享的信息作为各种类型的网络威胁的先驱。通过依靠积极的网络威胁情报分析，该项目解决了以下关键研究问题：可以准确地预测新兴的网络威胁吗？通过对黑客交流的持续检索和分析，这项研究将阐明可利用恶意黑客的资产，能力，行为和利益，这些黑客可以利用建立网络威胁预测。这些投资构成了该项目的新颖性，并且是设计更好的网络防御系统的关键因素。首先，软件漏洞开发的预测是通过分类技术进行的，这些技术将黑客在黑客论坛和市场上的数字痕迹以及与现实世界黑客尝试的安全咨询相关联。然后对积极的预测（即将探讨）进行贴片优先次序排名，克服了该领域中机器学习工作未解决的两个当前缺点：1）缺乏预测的剥削的区分； 2）缺乏预测时间间隔。其次，还进行了可能传播病毒比例的恶意信息级联的预期。在这里，利用社交网络分析的分类技术用于提取黑客拓扑信息并估计社会影响力，预测黑客论坛中包含的哪些技术，策略或利用可能在不久的将来被广泛采用。这两项项目的努力都将导致新技术预测对时间敏感的网络威胁，从而使后卫有更好的机会与攻击者进行斗争。该项目将通过安全界传播项目，数据和模型。该奖项反映了NSF的法定任务，并通过使用基金会的知识分子优点和更广泛的影响审查标准来评估，被认为是珍贵的支持。

项目成果

The Art of Cybercrime Community Research

• DOI: 10.1145/3639362
• 发表时间: 2024-01
• 期刊: ACM Computing Surveys
• 影响因子: 16.6
• 作者: Jack Hughes;Sergio Pastrana;Alice Hutchings;Sadia Afroz;Sagar Samtani;Weifeng Li;Ericsson Santana Marin