NSF Award
2319864
Scientific cyberinfrastructures (CIs) contain rich and powerful resources to support a wide range of experiments across the science and engineering research communities. However, CI resources and the experimental data they generate are compelling attack targets for cyber threat actors, who may seek to abuse CIs through activities such as (1) exfiltration or encryption of valuable experiment data; (2) enlistment of compromised resources into botnets, for purposes such as denial of service attacks; or (3) illicit non-scientific activities such as cryptocurrency mining. The DISCERN project (Datasets Illuminating Suspicious Computations on Engineering Research Networks) seeks to improve the cybersecurity posture of CIs by producing datasets that capture both legitimate and illegitimate use of CI resources. DISCERN's primary goal is to produce rich and diverse datasets that capture many realistic legitimate and illegitimate usage scenarios, thereby enabling cybersecurity innovations in areas such as threat detection and workload classification, to better secure the national CI ecosystem.<br/><br/>DISCERN's methods and datasets are developed through DeterLab, a leading networking and cybersecurity testbed. DISCERN first instruments DeterLab to collect data about user activities at multiple levels of abstraction, including (1) interactions with user interfaces, (2) process, network, and file system events on platform operating systems and hypervisors, and (3) experimental node resource usage and internal and external traffic interacting with user experiments. All data is collected in a privacy-preserving and intellectual-property-preserving manner to protect users and their research. DISCERN also captures rich illegitimate use data through deployment of carefully designed ethical attacks that misuse DeterLab nodes in a variety of realistic misuse scenarios. All datasets and instrumentation tools developed by DISCERN are designed to be portable to other scientific CIs, and the DISCERN team engages in close collaboration with operators of those CIs to promote adoption of DISCERN tools and enable production of their own CI-usage datasets.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
