Collaborative Research: CISE-MSI: Active and Passive Internet Measurements for Inferring IoT Maliciousness at Scale

合作研究：CISE-MSI：用于大规模推断物联网恶意行为的主动和被动互联网测量

• 批准号: 2219773
• 负责人: Morteza Safaei Pour
• 金额: $ 24.5万
• 依托单位: San Diego State University Foundation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2219773&HistoricalAwards=false
• 关键词: Collaborative; Research; CISE; MSI; Active

Smart sensing technologies within the context of the Internet-of-Things (IoT) paradigm continue to be deployed in key sectors such as health, agriculture, energy and manufacturing. Indeed, it is estimated that around 30 billion IoT devices will be instrumented by 2030 to increase efficiencies and usability while decreasing costs and maintenance time. Nevertheless, such IoT devices lack even the most fundamental security measures, access policy controls, and patch management capabilities, making them attractive targets for attackers and state-sponsored actors who will abuse them to gain illegitimate access into critical networks while orchestrating them in order to impair other Internet-connected entities. Given the widespread deployment of such IoT devices, it becomes extremely challenging to promptly address their security concerns at-scale. This is mainly due to the lack of scalable methods, which could analyze large-scale, representative data, and the shortage of techniques that are efficient enough to be operated in near real-time. To this end, this project servers NSF’s mission to promote the progress of science by developing empirically-driven methods and techniques to quantity IoT insecurities at-large, while offering digital forensics means to comprehend the causes of their inherit vulnerabilities. The project also offers IoT-centric remediation tactics for supporting Internet security. The project fosters a number of educational activities while organizing female-focused workshops in addition to mentoring students within underrepresented groups from the three collaborating minority institutions. The project devises data-driven methodologies operating on actively and passively-collected network traffic and associated service banners to establish unique malicious IoT labeled empirical datasets. The project then designs and implements algorithms and formal methods rooted in supervised deep learning to fingerprint Internet-scale exploited IoT devices while developing IoT-specific feature engineering and clustering algorithms for characterizing and analyzing the malicious orchestration of IoT campaigns. Additionally, the project executes malware automated disassembly, decompilation, and analysis while engineering computational approaches on packet sequences via solving linear equation sets to investigate IoT stateless scanning modules and related deceiving techniques. This is leveraged to establish bogus connections with the infected devices using crafted packets in order to capture key IoT malware and digital forensic artifacts. To support operational IoT-specific cyber security operations, the project builds and makes available to the public a cyberinfrastructure, which indexes the inferred compromised IoT devices along with their related threat information including employed malware binaries and attacks’ tactics, techniques, and procedures. This aims at enabling proactive IoT security remediation, hands-on research and training, and forensic investigations.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

物联网 (IoT) 范式背景下的智能传感技术继续在健康、农业、能源和制造等关键领域得到部署。事实上，预计到 2030 年将有约 300 亿个物联网设备被采用。然而，此类物联网设备甚至缺乏最基本的安全措施、访问策略控制和补丁管理功能，这使得它们成为攻击者和国家资助行为者的有吸引力的目标，他们会滥用它们来进行攻击。获得鉴于此类物联网设备的广泛部署，大规模地解决其安全问题变得极具挑战性，这主要是由于缺乏可扩展性。方法，可以分析大规模的、代表性的数据，并且缺乏足够有效的近乎实时操作的技术。为此，该项目服务于 NSF 通过开发经验驱动来促进科学进步的使命。量化物联网的方法和技术该项目还提供了以物联网为中心的补救策略，以支持互联网安全，同时还组织了以女性为中心的研讨会。该项目设计了数据驱动的方法，对主动和被动收集的网络流量和相关服务横幅进行操作，以建立独特的恶意物联网标记经验数据集。然后设计和实现植根于监督深度学习的算法和形式化方法，以对互联网规模的被利用物联网设备进行指纹识别，同时开发物联网特定的特征工程和聚类算法来表征和分析物联网活动的恶意编排此外，该项目还执行恶意软件自动反汇编。 、反编译和分析，同时通过求解线性方程组来设计数据包序列的计算方法，以研究物联网无状态扫描模块和相关欺骗技术，这被用来使用精心设计的数据包与受感染设备建立虚假连接，以捕获关键物联网。为了支持特定于物联网的网络安全操作，该项目构建并向公众提供基础设施，该基础设施对推断出的受损物联网设备及其相关威胁信息进行索引，包括所使用的恶意软件二进制文件和攻击策略，该奖项旨在实现主动的物联网安全补救、实践研究和培训以及取证调查。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。 。

项目成果

Data-Centric Machine Learning Approach for Early Ransomware Detection and Attribution

用于早期勒索软件检测和归因的以数据为中心的机器学习方法

• DOI: 10.1109/noms56928.2023.10154378
• 发表时间: 2023-05
• 期刊: IEEE
• 作者: Vehabovic, A.;Zanddizari, H.;Ghani, N.;Shaikh, F.;Bou;Pour, M. Safaei;Crichigno, J.
• 通讯作者: Crichigno, J.

A Comprehensive Survey of Recent Internet Measurement Techniques for Cyber Security

网络安全最新互联网测量技术的综合调查

• DOI: 10.1016/j.cose.2023.103123
• 发表时间: 2023-05
• 期刊: Computers & Security
• 影响因子: 5.6
• 作者: Safaei Pour, Morteza;Nader, Christelle;Friday, Kurt;Bou
• 通讯作者: Bou

An Unbiased Transformer Source Code Learning with Semantic Vulnerability Graph

利用语义漏洞图进行无偏 Transformer 源代码学习

• DOI: 10.1109/eurosp57164.2023.00018
• 发表时间: 2023-07
• 期刊: IEEE
• 作者: Islam, Nafis Tanveer;De La Torre Parra, Gonzalo;Manuel, Dylan;Bou;Najafirad, Peyman
• 通讯作者: Najafirad, Peyman

Helium-based IoT Devices: Threat Analysis and Internet-scale Exploitations

基于氦的物联网设备：威胁分析和互联网规模的利用

• DOI: 10.1109/wimob58348.2023.10187762
• 发表时间: 2023-06
• 期刊: IEEE
• 作者: Rammouz, Veronica;Khoury, Joseph;Klisura, Ðorđe;Safaei Pour, Morteza;Safaei Pour, Mostafa;Fachkha, Claude;Bou
• 通讯作者: Bou

On The Provision of Network-Wide Cyber Situational Awareness via Graph-Based Analytics

关于通过基于图的分析提供全网网络态势感知

• 发表时间: 2023-04
• 期刊: Springer
• 作者: Husák, M.;Khoury, J.;Klisura, Ð.;Bou
• 通讯作者: Bou