SBIR Phase II: Advanced Ransomware Countermeasure

SBIR 第二阶段：高级勒索软件对策

• 批准号: 2304216
• 负责人: Sudesh Kumar
• 金额: $ 99.44万
• 依托单位: Kapalya Inc
• 依托单位国家: 美国
• 项目类别: Cooperative Agreement
• 财政年份: 2024
• 资助国家: 美国
• 起止时间: 2024-02-01 至 2026-01-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2304216&HistoricalAwards=false
• 关键词: SBIR; Phase; II; Advanced; Ransomware

This Small Business Innovation Research (SBIR) Phase II project will develop the first universally aware software for ransomware protection with a proactive approach to stop incoming file-based and file-less attacks. The number of ransomware attacks launched globally has grown substantially over the years. To exploit previously undiscovered weaknesses and conduct more effective attacks, cybercriminals take advantage of the rising number of workers accessing business networks from home through a virtual private network (VPN) while working remotely. Current ransomware countermeasure solutions are not comprehensive and generally fail in tackling sustained and persistent attacks. Moreover, the current solutions track threats only at the operating system level and can be disabled. This solution features universal awareness based on a combination of characteristics related to user, ransomware, non-specific environment indicators, and non-ransomware metrics. The comprehensive ransomware detection, remediation, eradication, and data recovery solution enable unmatched protection from cyberattacks and allow timely detection and shutdown of cyberattacks thus, significantly reducing the amount of compromised data. This enhanced protection will have security benefits for a wide range of critical infrastructures, ranging from energy and finances to the protection of medical data.This Small Business Innovation Research (SBIR) Phase II project seeks to develop an advanced ransomware countermeasure (ARC) platform which will represent the most advanced and effective protection against ransomware attacks. The technology will enforce four synergistic actions: (1) precondition observation and characterization, (2) incoming interactions validation, (3) internal contents observation and characterization, and (4) outgoing interactions validation. In this project, the research and development efforts will be dedicated towards the (1) the development of the framework of communication between the inoculator and watch-dog and its deployment for effective countermeasure, (2) design and development of user-friendly interface providing simple user experience, (3) seamless integration of the ARC platform with existing Security Information and Event Management (SIEM) tools, (4) implementation of artificial intelligence/machine learning models in the ARC platform for the effective defense against zero-day ransomware exploits, and 5) validation of the ARC platform against known ransomware to ensure the proper function of all the modules. The successful completion of the SBIR Phase II activities will deliver a fully functional, commercially viable product with general availability that can seamlessly run/work along with existing SIEM tools and successfully defend against known ransomware attacks and zero-day exploits.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

这个小型企业创新研究 (SBIR) 第二阶段项目将开发第一个用于勒索软件防护的普遍感知软件，并采用主动方法来阻止传入的基于文件和无文件的攻击。多年来，全球发起的勒索软件攻击数量大幅增加。为了利用以前未被发现的弱点并进行更有效的攻击，网络犯罪分子利用越来越多的员工在远程工作时通过虚拟专用网络 (VPN) 在家中访问业务网络。当前的勒索软件对策解决方案并不全面，通常无法应对持续不断的攻击。此外，当前的解决方案仅在操作系统级别跟踪威胁，并且可以禁用。该解决方案基于与用户、勒索软件、非特定环境指标和非勒索软件指标相关的特征组合，具有普遍意识。全面的勒索软件检测、修复、根除和数据恢复解决方案可提供无与伦比的网络攻击保护，并允许及时检测和关闭网络攻击，从而显着减少受损数据量。这种增强的保护将为广泛的关键基础设施带来安全优势，从能源和金融到医疗数据的保护。这个小型企业创新研究 (SBIR) 第二阶段项目旨在开发一个先进的勒索软件对策 (ARC) 平台，将代表针对勒索软件攻击的最先进、最有效的保护。 该技术将实施四项协同行动：（1）前提条件观察和表征，（2）传入交互验证，（3）内部内容观察和表征，以及（4）传出交互验证。在该项目中，研发工作将致力于（1）开发接种器和看门狗之间的通信框架及其部署以实现有效的对策，（2）设计和开发用户友好的界面，提供简单的用户体验，(3) ARC 平台与现有安全信息和事件管理 (SIEM) 工具无缝集成，(4) 在 ARC 平台中实施人工智能/机器学习模型，以有效防御零日勒索软件攻击和 5) 验证ARC 平台针对已知勒索软件，确保所有模块正常运行。 SBIR 第二阶段活动的成功完成将提供功能齐全、商业上可行且具有普遍可用性的产品，该产品可以与现有 SIEM 工具无缝运行/工作，并成功防御已知的勒索软件攻击和零日攻击。该奖项反映了 NSF 的法定要求使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。