The long-term vision of this project is to create a multi-campus data collection and sharing infrastructure for use by machine-learning cybersecurity and privacy researchers. These datasets will be multimodal in nature (network logs, host logs, authentication logs for kill-chain detection), provide continuous data (for long-term temporal and topological analysis), and be timely in nature (necessary to handle the constantly evolving nature of cyber-attacks). The specific initial steps under this Planning Grant are: (i) organize a workshop to engage the community to formulate a vision and roadmap for this infrastructure and to discuss legal, ethical, privacy, organizational and sustainability considerations, and (ii) create a team of multiple data providers and data users and submit a Grand Ensemble CCRI proposal to build and use the data infrastructure.
The envisioned infrastructure will be invaluable for detecting zero-day (new, previously unseen) attacks and large-scale attacks with complex kill-chains, e.g., the Wannacry ransomware attack, Mirai Distributed Denial of Service (DDoS) attacks and Advanced Persistent Threat (APT) attacks. It will be built with input from a selected group of early adopters, i.e., data users who can develop and test their machine learning techniques. Later, the Shibboleth Single Sign-On Access of Incommon Federation members will be used to broaden access to the entire CISE community. Community outreach and dissemination activities are part of the planning grant workshop. A number of undergraduate and graduate students will participate in this project at University of Virginia (UVA), Indiana University (IU), and George Washington University (GWU). Diversity enhancing activities are planned through centers at UVA and IU, and the GWU co-PI’s research Lab.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
