CAREER: Foundational Principles for Harnessing Provenance Analytics for Advanced Enterprise Security

职业：利用来源分析实现高级企业安全的基本原则

• 批准号: 2339483
• 负责人: Wajih Ul Hassan
• 金额: $ 72.51万
• 依托单位: University of Virginia Main Campus
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2024
• 资助国家: 美国
• 起止时间: 2024-06-01 至 2029-05-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2339483&HistoricalAwards=false
• 关键词: CAREER; Foundational; Principles; Harnessing; Provenance

Modern data centers face significant challenges from increasingly sophisticated cyber threats. Compute servers comprise multiple software layers built upon complex hardware. Both the hardware complexity and the multi-layer software approach can be leveraged by threat actors to conceal their activities and evade detection. This proposal introduces automated techniques for swift detection, investigation, and response to such stealthy threats, with a focus on leveraging data provenance. Data provenance involves continuously collecting detailed data histories, including origins, handling, and evolution, to enhance system and application transparency. By improving the visibility and security within data centers, we aim to protect critical infrastructure and sensitive information, aligning with national security goals. The proposed work includes initiatives in education and broadening participation that will equip diverse students with essential cybersecurity skills through innovative pedagogy, hands-on laboratories, and engaging K-12 workshops. This educational approach is crucial for developing a skilled workforce prepared to address future cybersecurity challenges.This proposal aims to counter Advanced Persistent Threats (APTs) and enhance enterprise security by incorporating data provenance, a method for tracking the origin and evolution of data objects. Data provenance provides a rich historical context for understanding system operations, key to enhancing threat detection and response. The technical methodology encompasses three primary research objectives: first, developing a comprehensive system for auditing and unifying data provenance across various system layers; second, implementing advanced graph representation learning techniques to enhance the accuracy of threat detection systems, leveraging the rich historical context provided by data provenance; and third, focusing on constructing an AI-powered automated incident response framework, utilizing insights from data provenance to inform and streamline response actions. Anticipated outcomes include innovative techniques for the efficient collection and integration of data provenance, the development of scalable models for threat detection, and the creation of frameworks for rapid and automated incident response. The proposal has the potential to significantly transform enterprise security practices, leading to more robust defenses against complex cyber threats and contributing to a safer and more secure digital environment.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

现代数据中心面临着日益复杂的网络威胁带来的重大挑战。计算服务器包含构建在复杂硬件上的多个软件层。威胁行为者可以利用硬件复杂性和多层软件方法来隐藏其活动并逃避检测。该提案引入了自动化技术，用于快速检测、调查和响应此类隐形威胁，重点是利用数据来源。数据来源涉及不断收集详细的数据历史记录，包括起源、处理和演变，以增强系统和应用程序的透明度。通过提高数据中心内的可见性和安全性，我们的目标是保护关键基础设施和敏感信息，与国家安全目标保持一致。拟议的工作包括教育和扩大参与方面的举措，通过创新教学法、实践实验室和参与 K-12 研讨会，为不同的学生提供基本的网络安全技能。这种教育方法对于培养准备应对未来网络安全挑战的熟练劳动力至关重要。该提案旨在通过纳入数据来源（一种跟踪数据对象的起源和演变的方法）来应对高级持续威胁（APT）并增强企业安全性。数据来源为理解系统操作提供了丰富的历史背景，这是增强威胁检测和响应的关键。该技术方法论包含三个主要研究目标：首先，开发一个全面的系统，用于审计和统一各个系统层的数据来源；其次，利用数据来源提供的丰富历史背景，实施先进的图形表示学习技术来提高威胁检测系统的准确性；第三，重点构建人工智能驱动的自动事件响应框架，利用数据来源的见解来通知和简化响应行动。预期成果包括用于有效收集和集成数据来源的创新技术、开发用于威胁检测的可扩展模型以及创建用于快速和自动化事件响应的框架。该提案有可能显着改变企业安全实践，从而更强大地防御复杂的网络威胁，并有助于打造更安全、更可靠的数字环境。该奖项反映了 NSF 的法定使命，并通过使用基金会的评估进行评估，认为值得支持。智力价值和更广泛的影响审查标准。