Conference: Post-Alert: Data Attribution and Attack-Response

会议：警报后：数据归因和攻击响应

• 批准号: 2321134
• 负责人: Alvaro Cardenas
• 金额: $ 5万
• 依托单位: University of California-Santa Cruz
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-07-01 至 2024-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2321134&HistoricalAwards=false
• 关键词: Conference; Post; Alert; Data; Attribution

Over the past decades, research and industry have provided several tools for preventing and detecting attacks; however, what to do after an attack is detected has comparatively received less attention. This workshop brings together an interdisciplinary team of scientists looking at future research directions for attack recovery. The workshop's novelties are the multidisciplinary focus on attack recovery and the plan to define a future roadmap of open challenges and research directions to solve them. The workshop's broader significance and importance are to improve the security of our networks. The workshop will also look into inclusive best practices in technology and education to attract a diverse population to fulfill the nation's needs for incident response in our critical computer networks.The specific technical subtopics required for fast and effective incident response include (1) data provenance, (2) persistence, and (3) automated recovery. Each category requires deep technical expertise to develop the next-generation tools to protect our networks. For example, grammar induction techniques can be applied to provenance graphs to eliminate redundancy and correlate events. The rise of artificial intelligence tools like reinforcement learning can also be used to teach agents to operate through post-breach behavior. The outcome of this workshop will provide future guidance on research directions for real-time incident response and automated forensics.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在过去的几十年中，研究和行业提供了几种预防和检测攻击的工具。但是，检测到攻击后该怎么做的关注相对较少。该研讨会汇集了一个跨学科的科学家团队，研究未来的研究方向以进行攻击恢复。研讨会的新颖性是跨学科的重点，关注攻击恢复，并计划定义未来的开放挑战和研究方向的路线图，以解决它们。研讨会更广泛的意义和重要性是提高我们网络的安全性。该研讨会还将研究技术和教育方面的包容性最佳实践，以吸引各种各样的人群，以满足我们关键的计算机网络中事件响应的需求。快速有效的事件响应所需的特定技术子主题包括（1）数据出处，（2）持久性和（3）自动恢复。每个类别都需要深厚的技术专业知识来开发下一代工具来保护我们的网络。例如，语法诱导技术可以应用于出处图，以消除冗余并相关事件。人工智能工具（例如增强学习）的兴起也可以用来教代理商通过后漏斗行为进行操作。该研讨会的结果将为实时事件响应的研究方向提供未来的指导和自动取证。该奖项反映了NSF的法定使命，并被认为是值得通过基金会的知识分子优点和更广泛的影响评估的评估来获得支持的。