CICI: SSC: Proactive Cyber Threat Intelligence and Comprehensive Network Monitoring for Scientific Cyberinfrastructure: The AZSecure Framework
With the introduction of modern computing technologies, scientific instruments have accelerated the rate of paradigm shifting scientific discoveries. Recent examples include Higgs Boson and the first-ever supermassive black hole imaging. Unfortunately, the same technologies contributing to these high-impact advancements are increasingly being targeted by malicious hackers. These attacks threaten the Confidentiality, Integrity, and Availability (CIA) of carefully collected scientific data and once-in-a-lifetime events. The full extent of scientific cyberinfrastructure vulnerabilities and the exploits targeting these flaws, however, have not yet been properly mapped.
This project brings together a unique and diverse team of researchers from the UA and The University of South Florida (USF) in order to discover and mitigate the vulnerabilities present in scientific instruments. PI Chen and Co-PIs Samtani and Patton have extensive experience in designing text mining, deep learning, and network science based algorithms and systems to pinpoint threat actors, activities, networks, and assets in the online hacker community (i.e., “Dark Web”) for proactive Cyber Threat Intelligence (CTI) applications. CyVerse (formerly iPlant) was established in 2008 by the National Science Foundation (NSF) to develop cyberinfrastructure for life sciences research and provide access to US supercomputing capabilities. CyVerse staff and researchers were involved in the 2019 seminal black hole imaging and have received over 100 million dollars in funding. The Biosphere2’s Landscape Evolution Observatory (LEO) project is the world’s largest laboratory experiment in the interdisciplinary Earth sciences. LEO deploys a distributed sensor network deployed throughout the earth’s surface to identify how life began on Earth.
Hsinchun Chen; University of Arizona; PI; Regents Professor, Director of AI Lab
- Sagar Samtani; University of South Florida; Co-PI; Assistant Professor
- Mark Patton; University of Arizona; Co-PI; Lecturer of MIS
- Peter Troch; Biosphere2 -LEO -University of Arizona; Co-PI; Professor of Hydrology
- Edwin Skidmore; CyVerse -University of Arizona; Co-PI; Director of CyVerse Infrastructure
The unique blend of scientific assets at CyVerse and LEO enables proactive investigation of scientific cyber-threats that can compromise societally relevant scientific discoveries. To this end,this project aims to create novel AI-based CTI systems, frameworks, and algorithms by proactively studying hacker activity on the vast and ever-evolving Dark Web and identifying how they target the vulnerabilities in CyVerse’s and LEO’s diverse instruments, data, hardware, and software. The project’s key objectives include the following:
- Collect, categorize, and analyze a large-scale of hacker forum exploits
- Comprehensively scan CyVerse/LEO internal/external networks for vulnerabilities
- Automatically link exploits and vulnerabilities via deep learning-based methods
- Disseminate operational intelligence at relevant workshops and conferences