Servers located in enterprises (e.g. private data centers and public cloud data centers) play a critical role in human society. However, real-world servers are plagued by various security vulnerabilities. Memory overwrite and over-read vulnerabilities are among the most dangerous of the known vulnerabilities. They are the root causes for a variety of serious real-world server attacks. Cyber-defenses are broadly deployed to protect real-world servers from these cyberattacks. However, it is widely recognized in the cybersecurity community that there is no silver bullet. Moreover, the existing cyber-defenses (e.g. patching) are still very limited in handling the so-called zero-day vulnerabilities. Furthermore, a fundamental limitation is that the widely deployed real-world defenses usually do not provide provable guarantees. This project aims to develop online learning-based adaptive cyber defenses, which are expected to be able to provide provable guarantees for real-world servers. The developed defenses will present adversaries with optimized dynamically changing attack surfaces, thereby significantly increasing uncertainty and complexity that adversaries would need to overcome in order to succeed. These measures are expected to substantially improve adaptive and autonomous defense capabilities of real-world servers against zero-day attacks.
This project will develop a new co-design framework to protect data centers against (i) stochastic attacks through dynamic runtime environments; (ii) intelligent strategic attacks through dynamic platforms; and (iii) multi-stage attacks through dynamic networks. The co-design framework will involve three intertwined components: newly synthesized mathematical models, online learning-based defense algorithms and server retrofitting. In particular, the mathematical models will be of high-fidelity and also analytically tractable to allow online learning to provide provable guarantees. On the other hand, the deviations of the mathematical models from real-world servers will be bridged by server retrofitting. In each proposed mathematical model, a utility function can be easily evaluated by deployed preliminary defenses and will provide necessary feedback to perform online learning, and on the other hand, it properly reflects the cost-effectiveness of defenses. Online learning algorithms are developed to tackle the unique challenges of computer security (e.g., detection delays, detection inaccuracies, strategic attacks, unknown system states and unknown exploit likelihoods). The most suitable server retrofitting will be customized to meet the assumptions of the mathematical models. Further, the three intertwined components will be integrated into real defenses. The proposed research is interdisciplinary and integrates technical tools from machine learning, game theory, control theory and cybersecurity. Hackathon events will be held to inspire students' engagement in research on machine learning and cybersecurity. All the research results will be made available to industrial stakeholders, federal government agencies and the research community.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
|Effective start/end date
|9/1/22 → 8/31/25
- National Science Foundation: $425,000.00