1. Home
  2. Support

Support

NSF 2403360: OAC Core: Enhancing Network Security by Implementing an ML Malware Detection and Classification Scheme in P4 Programmable Data Planes and SmartNICs

  • NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
  • Award Number: 2403360
  • Start Date: July 1, 2024
  • End Date: June 30, 2027
  • Awarded Amount to Date: $599,999.00
  • Investigator(s): Jorge Crichigno (Principal Investigator), Elias Bou-Harb (Co-Principal Investigator), Elie Kfoury (Co-Principal Investigator)
  • Sponsor: University of South Carolina at Columbia
  • NSF Program(s): OAC-Advanced Cyberinfrast Core
  • Link to Official Webpage: NSF-2403360
Malware attacks represent significant threats to organizations, which use a variety of approaches to protect against them. Examples include intrusion detection systems, intrusion prevention systems, and other security systems that run on general-purpose computers. Such schemes perform "deep packet inspection" (DPI), a process by which a security device protecting an organization thoroughly examines incoming traffic and alerts administrators about suspicious activities. While DPI may be effective in some scenarios, it requires significant processing. Furthermore, if the organization receives a high volume of traffic from the Internet, DPI may not keep up with the traffic and may only inspect a fraction of it. Additionally, the inspection may not be conducted in real-time and may only detect the malware after the attack.

This project proposes to leverage the capability of P4 programmable data plane (PDP) switches and smartNICs to perform DPI. The project has four objectives. 1) Develop a malware detection and classification application running on PDPs, operating at line rate. The application will perform DPI of Domain Name System (DNS) packets, preventing malware from communicating with the corresponding C2 server. Traffic will be monitored in real-time, and functions commonly executed on general-purpose CPUs will be offloaded to PDPs. The plan includes analyzing DNS data, characterizing traffic patterns, and feeding such information to a machine learning (ML) algorithm. The ML algorithm will detect and classify malware according to their family (e.g., trojan, backdoor, ransomware). 2) Develop a malware detection and classification application running on a SmartNIC, for encrypted DNS packets. Research will be conducted to perform feature extraction for malware generating such packets. An ML algorithm will use the features to detect and classify the malware. 3) Develop a control application that shares threat intelligence and avoids malware propagation. As PDP switches and smartNIC detect malware, they share the threat intelligence with a centralized controller. 4) Expand the eX-IoT platform to fingerprint, store, and index newly detected and classified malware. The eX-IoT platform is a real-time platform for fingerprinting compromised devices on the Internet. The prototype running on PDPs and smart NICs will be built with open-source components available to the community, and the developed knowledge will be disseminated by synthesizing it as virtual lab libraries for courses and self-paced learning. The libraries will be distributed to colleges and universities. Finally, tutorials on malware detection and PDPs will be organized with organizations such as Internet2 and FABRIC.
 

NSF 2346726: CC* Integration-Small: Enhancing Data Transfers by Enabling Programmability and Closed-loop Control in a Non-programmable Science DMZ

  • NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
  • Award Number: 2346726
  • Start Date: July 1, 2024
  • End Date: June 30, 2026
  • Awarded Amount to Date: $500,000
  • Investigator(s): Jorge Crichigno (Principal Investigator), Andreas Heyden (Co-Principal Investigator), Paul Sagona (Co-Principal Investigator), Elie Kfoury (Co-Principal Investigator)
  • Sponsor: University of South Carolina at Columbia
  • NSF Program(s): CISE Research Resources, Campus Cyberinfrastructure, EPSCoR Co-Funding
  • Link to Official Webpage: NSF-2346726
Programmable data plane (PDP) switches have recently attracted significant attention from the communications industry. They are network devices that provide unprecedented visibility of events occurring in data networks and enable engineers to write software applications using the P4 programming language. The applications leverage the visibility and performance capacity of PDP switches, where applications can run orders of magnitude faster than those running on general-purpose computers. This project will deploy a "self-driving" network referred to as Science DMZ at the University of South Carolina (USC), using P4 applications running on PDP switches. The enhanced network will support science and engineering projects that foster the progress of science. Specifically, it will enable faculty members, researchers, and students to transfer big science data more efficiently within USC's campus and with external collaborators such as U.S. Department of Energy's laboratories (e.g., Savannah River, Argonne), national computing centers (e.g., San Diego Supercomputer Center, National Energy Research Scientific Computing Center), and international organizations (e.g., European Organization for Nuclear Research CERN).

This project proposes to leverage the capability of P4 programmable data plane (PDP) switches and smartNICs to perform DPI. The project has four objectives. 1) Develop a malware detection and classification application running on PDPs, operating at line rate. The application will perform DPI of Domain Name System (DNS) packets, preventing malware from communicating with the corresponding C2 server. Traffic will be monitored in real-time, and functions commonly executed on general-purpose CPUs will be offloaded to PDPs. The plan includes analyzing DNS data, characterizing traffic patterns, and feeding such information to a machine learning (ML) algorithm. The ML algorithm will detect and classify malware according to their family (e.g., trojan, backdoor, ransomware). 2) Develop a malware detection and classification application running on a SmartNIC, for encrypted DNS packets. Research will be conducted to perform feature extraction for malware generating such packets. An ML algorithm will use the features to detect and classify the malware. 3) Develop a control application that shares threat intelligence and avoids malware propagation. As PDP switches and smartNIC detect malware, they share the threat intelligence with a centralized controller. 4) Expand the eX-IoT platform to fingerprint, store, and index newly detected and classified malware. The eX-IoT platform is a real-time platform for fingerprinting compromised devices on the Internet. The prototype running on PDPs and smart NICs will be built with open-source components available to the community, and the developed knowledge will be disseminated by synthesizing it as virtual lab libraries for courses and self-paced learning. The libraries will be distributed to colleges and universities. Finally, tutorials on malware detection and PDPs will be organized with organizations such as Internet2 and FABRIC.

Preparing Cyber Warfare Professionals by Integration of Curriculum, Experiences, and Internships

  • Start Date: February 1, 2023
  • End Date: January 31, 2026
  • Awarded Amount to Date: $600,000
  • Investigator(s): Jorge Crichigno (Principal Investigator)
  • Sponsor: Office of Naval Research (ONR)
  • Award Number: N00014-23-1-2245
A key element of the U.S. military in helping maintain superiority is the engineering support to conduct information warfare. The Naval Information Warfare Systems Command (NAVWAR) provides such capability to the U.S. Navy as well as to the Marine Corps, Air Force, Army, and Coast Guards. Cybersecurity along with network and communications are essential domains to attain effective information warfare. One of the main challenges of the military is recruiting talent for such specialties. University of South Carolina (USC) will lead this project to address the IT talent gap. USC will work with South Carolina State University (SCSU) and University of Texas at San Antonio (UTSA). The team will be advised by the Naval Information Warfare Center (NIWC) Atlantic, one of the two centers of NAVWAR.

The project has three objectives: 1) Advance formal and informal cyber communities and connect relevant organizations. 2) Develop a multi-state internship program, leveraging and strengthening the Naval Research Enterprise Internship Program (NREIP). 3) Expand the Academic Cloud to support large-scale learning and research nationwide. For objective 1, the project will incorporate hands-on curriculum material. USC, SCSU, and UTSA will provide: training and research experience for Navy, Army, and Air Force ROTC communities, and for veterans and STEM students interested in domains relevant to the DoN and DoD (e.g., cybersecurity, network and communications); professional development events for advanced communities of practice (COP): Engagement and Performance Operations Center (EPOC) / ESnet and Internet2 COPs; and access to self-paced training suitable for the U.S. National Guard and general public. For objective 2, the project will expand the NREIP to other agencies and organizations, including NIWC, Savannah River National Laboratory (SRNL), and cyber / IT organizations. The project will organize pre-internship seminars during fall and spring semesters, where speakers will meet weekly with students. Seminars will help students to network with internship providers, match them according to their preferred areas of interest, and secure positions to conduct the 400-hour internship during the summer. For objective 3, the project will develop new virtual lab libraries and deploy them in the Academic Cloud. The latter is a platform built for hands-on education and research. Libraries will cover state-of-the-art technologies such as programmable data planes (PDPs) and material aligned with DoD’s 8570 baseline certificates. PDPs provide granular visibility of events occurring in the cyber space at nanosecond resolution and can detect cyber-attacks faster than traditional devices. Baseline certificates validate IT and cyber skills to access certain career opportunities.

Academic programs at USC, SCSU, and UTSA will impact over 450 students who will graduate with skills relevant to the DoN and DoD, including veterans, ROTC cadets, and STEM students in general. Since the new material will become permanent, the impact will grow over time. The undergraduate research experience will permit nearly 100 students to conduct research on practical problems for NIWC and cyber / IT organizations. The workshops organized with EPOC and Internet2 will train over 1,500 professionals currently working for organizations such as national laboratories, campus networks, and enterprises. Open access to the Academic Cloud and virtual lab libraries will enable self-paced training to over 200 military personnel from the National Guard/Cyber and Information Advantage Battalion (CIAB), and to thousands of learners from colleges across the country. The internship program will serve approximately 300 interns who will contribute to relevant projects while receiving mentoring from top professionals. The project activities will be conducted by USC, which is in the top 3% of four-year institutions for the number of African American graduates; SCSU, an HBCU; and UTSA, an HSI.
 

NSF 2118311: Cybertraining on P4 Programmable Devices using an Online Scalable Platform with Physical and Virtual Switches and Real Protocol Stacks

  • NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
  • Award Number: 2118311
  • Start Date: October 1, 2021
  • End Date: September 30, 2025 (Estimated)
  • Awarded Amount to Date: $499,540.00
  • Investigator(s): Jorge Crichigno (Principal Investigator), Neset Hikmet (Co-Principal Investigator)
  • Sponsor: University of South Carolina at Columbia
  • NSF Program(s): CyberTraining - Training-based
  • Link to Official Webpage: NSF-2118311
Traditionally, the data plane of network devices has been designed with fixed functions to forward data packets, using a small set of communication protocols. This closed-design paradigm has limited the capability of switches to costly proprietary implementations that are hard-coded by vendors. Recently, data plane programmability has attracted significant attention, permitting the owners of communication networks to use switches with customized processing functions. While large companies are now using programmable platforms, campus networks and small- and medium-sized enterprises have yet to fully benefit from the advantages of P4, the de-facto standard for programming the data plane. A key barrier preventing faster adoption of P4 is the availability of engaging training material for cyberinfrastructure (CI) professionals that focuses on the operation and management of P4 systems. This project addresses the gap by developing hands-on virtual labs that run on a platform for online instruction, referred to as the academic cloud. The project will lower the entry barrier to innovation through P4 technology, which will enable CI professionals to reduce the time to design, test, and adopt new communication protocols; devise new customized applications; understand the behavior of data packets as they travel across networks; develop more effective defenses against cybersecurity attacks; and improve the performance of applications used in essential areas such as cybersecurity, Internet of Things (IoT), congestion control, and others.
 
 

Developing and Installing Virtual Training Material on Advanced Networking for the Academic Cloud

  • Funding Agency: Network Development Group (NDG)
  • Start Date: January 1, 2021
  • End Date: December 31, 2021
  • Awarded Amount to Date: $20,000.00
  • Investigator(s): Jorge Crichigno (Principal Investigator)
This project plans to develop and install virtual training material for advanced computer networking topics to the Academic Cloud. The Academic Cloud is the platform previously built by PI Crichigno and the Network Development Group (NDG). The project will develop and install seven lab libraries into the Academic Cloud: Introduction to Border Gateway Protocol, Introduction to Software-defined Networking, Zeek Intrusion Detection System (IDS), Introduction to perfSONAR (10 labs), Multi-protocol Label Switching (MPLS) and Advanced BGP Topics, Network Tools and Protocols, and Open Virtual Switch.
 
 

NSF 1925484: CC* Networking Infrastructure: Building a Science DMZ for Data-intensive Research and Computation at the University of South Carolina

  • NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
  • Award Number: 1925484
  • Start Date: July 1, 2019
  • End Date: June 30, 2021 (Estimated)
  • Awarded Amount to Date: $498,525.00
  • Investigator(s): Jorge Crichigno (Principal Investigator), Steffen Strauch (Co-Principal Investigator), Andreas Heyden (Co-Principal Investigator), Neset Hikmet (Co-Principal Investigator), Paul Sagona (Co-Principal Investigator)
  • Sponsor: University of South Carolina at Columbia
  • NSF Program(s): Campus Cyberinfrastructure
  • Link to Official Webpage: NSF-1925484
The University of South Carolina (UofSC) is establishing a new network, namely a Science DMZ, operating at 100 Gbps. The Science DMZ supports current research moving terabyte-scale data between UofSC and national laboratories (e.g., Argonne, Fermi, Oak Ridge, Savannah River, Los Alamos), university collaborators, and the national network of supercomputer centers (XSEDE). The project serves the national interest, as it addresses the need to connect UofSC to the national "cyber-highway" system to share big science data, hence promoting collaboration and national competitiveness, aligned with NSF's mission. The new cyberinfrastructure also permits researchers to exchange large datasets with collaborators geographically distributed across the world. Examples include nuclear physics results from the Paul Scherrer Institute in Switzerland and observation files from the Cryogenic Underground Observatory for Rare Events (CUORE) in Italy.
 
 

NSF 1902397: Collaborative: Multi-state Community College, University and Industry Collaboration to Prepare Learners for 21st Century Information Technology Jobs

  • NSF Org: DUE Division Of Undergraduate Education
  • Award Number: 1902397
  • Start Date: July 1, 2019
  • End Date: June 30, 2022 (Estimated)
  • Awarded Amount to Date: $299,975.00
  • Investigator(s): Jorge Crichigno (Principal Investigator), Robert Brookshire (Co-Principal Investigator)
  • Sponsor: University of South Carolina at Columbia
  • NSF Program(s): Advanced Tech Education Prog
  • Link to Official Webpage: NSF-1902397
The University of South Carolina and Stanly Community College in North Carolina will develop a 2+2+2 program with stackable credentials to increase capacity in the information technology job pipeline. This program will enable students from multiple institutions in the Carolinas to learn core IT concepts and master essential hands-on skills using virtual laboratories, preparing them for the job market. The Carolinas share a common pattern of growth and an increased demand for IT labor. The number of job postings related to emerging technologies is fueled by the central role of IT in general business operations and the growing number of technology and manufacturing companies across the Carolinas. Major cities with large demands for IT professionals, such as Columbia in South Carolina and Charlotte in North Carolina, are less than 100 miles apart. This project reinforces the educational links between sister states that have historical connections and common needs. It addresses in a unified manner the strong demand reflected in regional employment statistics. Deployment and testing of the distributed platform and virtual laboratories will be performed in the Carolinas, with the potential to be scaled and deployed nationally.
 
 

NSF 1829698: CyberTraining CIP: Cyberinfrastructure Expertise on High-throughput Networks for Big Science Data Transfers

  • NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
  • Award Number: 1829698
  • Start Date: October 1, 2018
  • End Date: September 30, 2021 (Estimated)
  • Awarded Amount to Date: $499,959.00
  • Investigator(s): Jorge Crichigno (Principal Investigator), Nasir Ghani (Co-Principal Investigator), Elias Bou-Harb (Co-Principal Investigator)
  • Sponsor: University of South Carolina at Columbia
  • NSF Program(s): CyberTraining - Training-based, Campus Cyberinfrastrc (CC-NIE)
  • Link to Official Webpage: NSF-1829698
This project establishes the Cyberinfrastructure Network of Expertise (CNE) for teaching, training, and research on networking technologies including Science Demilitarized Zone (Science DMZ). The Science DMZ is a network specifically designed to facilitate the transfer and sharing of very large scientific data (big data) across geographically separated sites. Activities include:
  • Via workshops, promote best cyberinfrastructure (CI) practices in sharing terabytes of data and more, thereby enabling new modes of discovery and collaboration.
  • Develop hands-on training material for high-throughput high-latency environments material, for basic, intermedium, and advanced level CI engineers.
  • Cooperate with the industry to develop the next-generation protocols for high-speed networks.
  • Provide graduates with the skills and knowledge in high-speed networks, required by the industry and national laboratories to bolster national security.
 
 

NSF 1822567:
Building a Cybersecurity Pipeline through Experiential Virtual Labs and Workforce Alliances

  • NSF Org: DGE Division Of Graduate Education
  • Award Number: 1822567
  • Start Date: January 15, 2018
  • End Date: August 31, 2020 (Estimated)
  • Awarded Amount to Date: $420,377.00
  • Investigator(s): Jorge Crichigno (Principal Investigator)
  • Sponsor: University of South Carolina at Columbia
  • NSF Program(s): CYBERCORPS: SCHLAR FOR SER
  • Link to Official Webpage: NSF-1822567
This project is creating advanced training material for 100-level to 400-level courses enriched with a large number of virtual laboratories (vLabs) covering the fundamental principles of cybersecurity. In partnership with the Network Development Group (NDG) and Palo Alto Networks, the project develops portable vLabs and training manuals, which are ready to use and deploy in a standard virtual environment, thus promoting resource sharing. The project also establishes an alliance with industry organizations, Los Alamos National Laboratory (LANL), including Engineering/IT divisions at LANL and its National Security Education Center (NSEC), and Savannah River National Laboratory (SRNL) to create an internship program in cybersecurity. The alliance strengthens the collaboration with the industry and federal laboratories vital for the national security.
 
 

NSF 1907821: OAC Core: Small: Devising Data-driven Methodologies by Employing Large-scale Empirical Data to Fingerprint, Attribute, Remediate and Analyze Internet-scale IoT Maliciousness

  • NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
  • Award Number: 1907821
  • Start Date: July 1, 2019
  • End Date: June 30, 2022 (Estimated)
  • Awarded Amount to Date: $496,898.00
  • Investigator(s): Elias Bou-Harb ebouharb@fau.edu (Principal Investigator), Nasir Ghani (Co-Principal Investigator), Jorge Crichigno (Co-Principal Investigator)
  • Sponsor: Florida Atlantic University
  • NSF Program(s): OAC-Advanced Cyberinfrast Core
  • Link to Official Webpage: NSF-1907821
At least 20 billion devices will be connected to the Internet by 2023. Many of these devices transmit critical and sensitive system and personal data in real-time. Collectively known as "the Internet of Things" (IoT), this market represents a $267 billion per year industry. As valuable as this market is, security spending on the sector barely breaks 1%. Indeed, while IoT vendors continue to push more IoT devices to market, the security of these devices has often fallen in priority, making them easier to exploit. This drastically threatens the privacy of the consumers and the safety of mission-critical systems. While a number of research endeavors are currently taking place to address the IoT security problem, several challenges hinder their success. These include the lack of IoT monitoring capabilities once such devices are deployed, the shortage of remediation techniques when they are compromised, and the inadequacy of methodologies to permit the comprehension of the underlying IoT malicious infrastructures. To this end, this project will serve NSF's mission to promote the progress of science by developing data science methodologies to identify and remediate infected IoT devices in near real-time. The project will also promote cyber security research and training for minorities and K-12 students. Moreover, the project will contribute to operational cyber security by developing a large-scale cyberinfrastructure for IoT-relevant data and threat sharing, enabling hands-on cyber-science at large. The project will scrutinize close to 100 GB/hr of real-time unsolicited Internet-scale traffic to devise and develop efficient deep learning classifiers to fingerprint IoT devices, identifying their types and vendors, and disclosing their large-scale vulnerabilities and hosting environments. The project will design and develop fast greedy approximation algorithms for L1-norm Principal Component Analysis (PCA) data-dimensionality reduction, enabling the real-time execution of the Density Based Spatial Clustering of Application with Noise (DBSCAN) technique for detecting and attributing IoT orchestrated botnets. The project will also design scalable offensive security algorithms based on Internet-wide active measurements to offer macroscopic remediation strategies. The project will curate close to 3.5 million malware samples/day and around 1.3 million passive DNS records/day to build graph-theoretic models to uncover and characterize inter-related components which form the concept of IoT malicious cyberinfrastructure. Further, the project will analyze the evolution of such infrastructures to comprehend their modus operandi by devising efficiency graph similarity techniques in linear time, by designing and implementing algorithms rooted in graph kernels and min-hashing methods. The project will also (i) develop a unique cyberinfrastructure for IoT empirical data and cyber threat indexing and sharing, (ii) automate the devised algorithms and techniques by leveraging high speed, in-memory data processing technologies, (iii) generate IoT-specific detection signatures by exploring fuzzy hashing algorithms, and (iv) enable at-large access to the generated IoT artifacts through a secure API and a front-end mechanism. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
 
 

ONR N00014-20-1-2797: Enhancing the Preparation of Next-generation Cyber Professionals through a Hands-on Academic Program, Undergraduate Research Experiences, and Community Partnerships

  • Award Number: N00014-20-1-2797
  • Activity/Agency Proposal No: GRANT13049248
  • Start Date: July 23, 2020
  • End Date: May 31, 2022 (Estimated)
  • Awarded Amount to Date: $249,997.00
  • Investigator(s): Jorge Crichigno (Principal Investigator)
  • Sponsor: ONR
The University of South Carolina (USC) proposes to address the cybersecurity workforce needs in a comprehensive manner. The project has four objectives. First, starting in Fall 2020, the proposal plans to fully implement a cybersecurity concentration track (minor in IIT, concentration cyberoperations). Second, the concentration will prepare students to conduct research in applied cybersecurity. Undergraduate research projects will be conducted under the guidance of a faculty professor in the College of Engineering and Computing (CEC), with input from NIWC Atlantic mentors. Third, the project will deploy equipment pods on a virtual platform, accessible over the Internet, to support research and teaching activities. The virtual platform enables students to conduct hands-on applied research with physical and virtual equipment, which are fully accessible over the Internet. Finally, the project will establish open meetings among industry, government, high schools, and higher-education institutions to enhance cybersecurity preparation.
 
 

 

  • Funding Agency: UofSC's College of Engineering and Computing
  • Start Date: January 1, 2019
  • End Date: December 31, 2019
  • Awarded Amount to Date: $53,000.00
  • Investigator(s): Jorge Crichigno (Principal Investigator)
The focus of this proposal is to increase the capacity of the virtual laboratory deployed by the Integrated Information Technology. The increased capacity will support hands-on instruction in nine ITEC undergraduate courses taught by five faculty members. This effort expands the resources acquired through previous projects. Virtual laboratories allow students to learn core Information Technology (IT) concepts combined with authentic practice and professional tools and platforms used in industry.