Collaborative Research: CyberTraining: Implementation: Medium: Cross-Disciplinary Training for Joint Cyber-Physical Systems and IoT Security

协作研究：网络培训：实施：中：联合网络物理系统和物联网安全的跨学科培训

• 批准号: 2404946
• 负责人: Elias Bou-Harb
• 金额: $ 59.95万
• 依托单位: Louisiana State University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2028-02-29
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2404946&HistoricalAwards=false
• 关键词: Collaborative; Research; CyberTraining; Implementation; Medium

Critical infrastructures, such as the power grid, water systems, and manufacturing plants, continue to be targeted by stealthy and debilitating cyber and physical attacks. These attacks not only hinder our national security but also jeopardize our economic prosperity. Several hurdles impede addressing the security of such critical assets, including the integration of new possibly vulnerable sensing technologies deep within such realms, in addition to the profound lack of relevant training experts from academia and both private and public sectors. Along the same line of thought, the shortage of empirical data originating from such realms, in conjunction with the complexity of such systems, further exposes the problem when facing the challenges of sophisticated state-sponsored attackers. To this end, this project serves NSF's mission to promote the progress of science by offering well-rounded training to research scientists coming from diverse related areas. The project puts forward multidisciplinary curricula in addition to catalyzing critical infrastructure training and research, while establishing active and actionable dissemination partnerships with numerous stakeholders, tangibly influencing the security of such interrelated, highly-important societal systems. The project also widely influences the training of women and minorities in these imperative cross-disciplinary areas across the US. The project uniquely curates contextualized, large-scale benign and malicious cyber and cyber-physical empirical data from real infrastructure systems to strongly enable hands-on training and research. The project then develops automated methodologies to annotate such data while indexing and sharing it with relevant research scientists to empower forward-looking research workforce development. The project also designs, delivers and integrates cross-disciplinary curricula, composed of undergraduate and graduate courses and a certificate program, dealing with evolving topics such as, physical modeling of system dynamics, related empirically driven data science applications, and joint operational security analytics. It also offers unique training opportunities with relevant private and public sector partners for both pre- and post-graduation trainees, rendered by capstone projects, internships, and competitive placement options. The project also designs and implements various security techniques, along with realistic emulation and simulation toolsets, to offer practical training expertise to researchers. The project utilizes virtualized lab setups to offer self-paced training of such developed training material, while achieving considerable outreach to relevant researchers across the US and beyond. The project fosters a community of impactful experts in the critical infrastructure security area to widely-disseminate such developed training materials and labs through coordinating and hosting yearly workshops at the collaborating institutions. The project is steered by an established program evaluation body that is composed of leading NSF Industry-University Research Partnership experts, pedagogy facilitators, and representative researchers from operational local and national training and research centers. This project is jointly funded by OAC and the CyberCorps program.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

电网、供水系统和制造工厂等关键基础设施继续成为隐秘且破坏性的网络和物理攻击的目标。这些攻击不仅阻碍我们的国家安全，还危及我们的经济繁荣。解决此类关键资产的安全问题存在一些障碍，包括在这些领域深处集成可能脆弱的新传感技术，此外学术界以及私营和公共部门严重缺乏相关培训专家。沿着同样的思路，来自这些领域的经验数据的缺乏，加上这些系统的复杂性，在面对复杂的国家支持的攻击者的挑战时，进一步暴露了问题。为此，该项目通过为来自不同相关领域的研究科学家提供全面的培训来服务于 NSF 促进科学进步的使命。该项目除了促进关键基础设施培训和研究外，还提出了多学科课程，同时与众多利益相关者建立积极且可行的传播伙伴关系，切实影响这些相互关联、高度重要的社会系统的安全。该项目还广泛影响了美国各地这些重要的跨学科领域对妇女和少数族裔的培训。该项目独特地策划了来自真实基础设施系统的情境化、大规模良性和恶意网络和网络物理经验数据，以有力地支持实践培训和研究。然后，该项目开发自动化方法来注释这些数据，同时对其进行索引并与相关研究科学家共享，以促进前瞻性研究人员的发展。该项目还设计、提供和整合跨学科课程，由本科生和研究生课程以及证书课程组成，涉及不断发展的主题，例如系统动力学的物理建模、相关的经验驱动的数据科学应用和联合操作安全分析。它还与相关私营和公共部门合作伙伴一起为毕业前和毕业后的学员提供独特的培训机会，包括顶点项目、实习和竞争性安置选择。该项目还设计和实施各种安全技术，以及真实的仿真和模拟工具集，为研究人员提供实用的培训专业知识。该项目利用虚拟化实验室设置为此类开发的培训材料提供自定进度的培训，同时对美国及其他地区的相关研究人员进行了广泛的推广。该项目在关键基础设施安全领域培养了一个由有影响力的专家组成的社区，通过在合作机构协调和举办年度研讨会来广泛传播此类开发的培训材料和实验室。该项目由一个既定的项目评估机构负责指导，该评估机构由领先的 NSF 产学研合作专家、教学协调员以及来自当地和国家培训和研究中心的代表性研究人员组成。 该项目由 OAC 和 Cyber​​Corps 计划共同资助。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Guest Editorial: Special Section on Machine Learning and Artificial Intelligence for Managing Networks, Systems, and Services—Part II

客座社论：用于管理网络、系统和服务的机器学习和人工智能特别章节——第二部分

• DOI: 10.1109/tnsm.2023.3280230
• 发表时间: 2023-06
• 期刊: IEEE Transactions on Network and Service Management
• 影响因子: 5.3
• 作者: Zincir;Birke, Robert;Bou;Casale, Giuliano;El;Inoue, Takeru;Kumar, Neeraj;Lutfiyya, Hanan;Puthal, Deepak;Shami, Abdallah;et al
• 通讯作者: et al

Helium-based IoT Devices: Threat Analysis and Internet-scale Exploitations

基于氦的物联网设备：威胁分析和互联网规模的利用

• DOI: 10.1109/wimob58348.2023.10187762
• 发表时间: 2023-06
• 期刊: IEEE
• 作者: Rammouz, Veronica;Khoury, Joseph;Klisura, Ðorđe;Safaei Pour, Morteza;Safaei Pour, Mostafa;Fachkha, Claude;Bou
• 通讯作者: Bou

Machine learning and user interface for cyber risk management of water infrastructure

用于水利基础设施网络风险管理的机器学习和用户界面

• DOI: 10.1111/risa.14209
• 发表时间: 2023-08
• 期刊: Risk Analysis
• 影响因子: 3.8
• 作者: Neshenko, Nataliia;Bou‐Harb, Elias;Furht, Borko;Behara, Ravi
• 通讯作者: Behara, Ravi