You are not logged in.


Welcome to the IMPACT Forum, a place for researchers, developers, data & tool providers, and other cyber risk stakeholders can discuss all things IMPACT!

#1 2018-02-13 10:02:58 am

Registered: 2017-01-10
Posts: 72

NSF award, "Inferring, Attributing, Mitigating and Analyzing the Malic

"Inferring, Attributing, Mitigating and Analyzing the Malicious Orchestration of Internet-scale Exploited IoT Devices: A Network Telescope Approach"


Despite the benefits provided by the widespread adoption and deployment of diverse Internet-enabled devices such as phones and smart home components in consumer markets and critical infrastructure - the so called Internet of Things (IoT) devices, security concerns are rising as such devices also introduce new vulnerabilities that could be leveraged by attackers to launch disrupting cyber-attacks. The objective of this project is to enable exploration of the inherent insecurity of the IoT paradigm by exploring innovative data analytics as applied to raw cyber security data. Insights gained will allow detection, characterization and attribution of Internet-scale compromised IoT devices, coupled with their malicious activities, in near real-time. Several technical challenges impede addressing IoT security at large, including, the excessive diversity of IoT devices in addition to their Internet-wide deployment, the lack of IoT-relevant data and the shortage of IoT-specific actionable attack signatures. In this context, this project serves NSF's mission to promote the progress of science by aiming to generate a first-of-a-kind, large-scale analysis of the magnitude of compromised IoT devices. The project also promotes cyber security research and training for minorities, given that it will be executed within the boundaries of a designated Hispanic-serving institution. Moreover, the project will contribute to operational cyber security by developing a real-time capability for storing and sharing IoT-relevant threat information.

The project will draw-upon macroscopic, large-scale passive measurement data collected in real-time from a network telescope to highlight the severity of the insecurity of the IoT paradigm. Network telescopes, most commonly known as darknets, constitute a set of routable, allocated yet unused IP addresses. The project will design and develop real-time algorithms that are capable of inferring Internet-scale exploited IoT devices by exploring darknet data. Furthermore, the project will investigate formal correlation approaches rooted in stochastic data structures between IoT-relevant passive measurements and malware samples to aid in the attribution and thus the remediation objective. The project will further explore the orchestration behavior of seemingly independent IoT activities, which operate within well-coordinated IoT botnets. To this end, the project will innovate time series analytics based upon trigonometric interpolation techniques, recursive optimal stochastic estimators, and bitmap matching algorithms to infer such IoT botnets by employing passive measurements.  The project will also (1) develop a unique cyberinfrastructure for IoT cyber threat indexing by automating the proposed algorithms, techniques and methods, (2) generate IoT-specific signatures by employing piecewise hashing techniques, and (3) create access methods based on an API mechanism and a front-end service facilitated by Elasticsearch to allow the sharing of IoT-centric empirical data, threat intelligence and signatures. 

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.


Board footer