NSF Award
2219771
Smart sensing technologies within the context of the Internet-of-Things (IoT) paradigm continue to be deployed in key sectors such as health, agriculture, energy and manufacturing. Indeed, it is estimated that around 30 billion IoT devices will be instrumented by 2030 to increase efficiencies and usability while decreasing costs and maintenance time. Nevertheless, such IoT devices lack even the most fundamental security measures, access policy controls, and patch management capabilities, making them attractive targets for attackers and state-sponsored actors who will abuse them to gain illegitimate access into critical networks while orchestrating them in order to impair other Internet-connected entities. Given the widespread deployment of such IoT devices, it becomes extremely challenging to promptly address their security concerns at-scale. This is mainly due to the lack of scalable methods, which could analyze large-scale, representative data, and the shortage of techniques that are efficient enough to be operated in near real-time. To this end, this project servers NSF’s mission to promote the progress of science by developing empirically-driven methods and techniques to quantity IoT insecurities at-large, while offering digital forensics means to comprehend the causes of their inherit vulnerabilities. The project also offers IoT-centric remediation tactics for supporting Internet security. The project fosters a number of educational activities while organizing female-focused workshops in addition to mentoring students within underrepresented groups from the three collaborating minority institutions.<br/> <br/>The project devises data-driven methodologies operating on actively and passively-collected network traffic and associated service banners to establish unique malicious IoT labeled empirical datasets. The project then designs and implements algorithms and formal methods rooted in supervised deep learning to fingerprint Internet-scale exploited IoT devices while developing IoT-specific feature engineering and clustering algorithms for characterizing and analyzing the malicious orchestration of IoT campaigns. Additionally, the project executes malware automated disassembly, decompilation, and analysis while engineering computational approaches on packet sequences via solving linear equation sets to investigate IoT stateless scanning modules and related deceiving techniques. This is leveraged to establish bogus connections with the infected devices using crafted packets in order to capture key IoT malware and digital forensic artifacts. To support operational IoT-specific cyber security operations, the project builds and makes available to the public a cyberinfrastructure, which indexes the inferred compromised IoT devices along with their related threat information including employed malware binaries and attacks’ tactics, techniques, and procedures. This aims at enabling proactive IoT security remediation, hands-on research and training, and forensic investigations.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
