NSF 2403360: OAC Core: Enhancing Network Security by Implementing an ML Malware Detection and Classification Scheme in P4 Programmable Data Planes and SmartNICs
- NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
- Award Number: 2403360
- Start Date: July 1, 2024
- End Date: June 30, 2027
- Awarded Amount to Date: $599,999.00
- Investigator(s): Jorge Crichigno (Principal Investigator), Elias Bou-Harb (Co-Principal Investigator), Elie Kfoury (Co-Principal Investigator)
- Sponsor: University of South Carolina at Columbia
- NSF Program(s): OAC-Advanced Cyberinfrast Core
- Link to Official Webpage: NSF-2403360
This project proposes to leverage the capability of P4 programmable data plane (PDP) switches and smartNICs to perform DPI. The project has four objectives. 1) Develop a malware detection and classification application running on PDPs, operating at line rate. The application will perform DPI of Domain Name System (DNS) packets, preventing malware from communicating with the corresponding C2 server. Traffic will be monitored in real-time, and functions commonly executed on general-purpose CPUs will be offloaded to PDPs. The plan includes analyzing DNS data, characterizing traffic patterns, and feeding such information to a machine learning (ML) algorithm. The ML algorithm will detect and classify malware according to their family (e.g., trojan, backdoor, ransomware). 2) Develop a malware detection and classification application running on a SmartNIC, for encrypted DNS packets. Research will be conducted to perform feature extraction for malware generating such packets. An ML algorithm will use the features to detect and classify the malware. 3) Develop a control application that shares threat intelligence and avoids malware propagation. As PDP switches and smartNIC detect malware, they share the threat intelligence with a centralized controller. 4) Expand the eX-IoT platform to fingerprint, store, and index newly detected and classified malware. The eX-IoT platform is a real-time platform for fingerprinting compromised devices on the Internet. The prototype running on PDPs and smart NICs will be built with open-source components available to the community, and the developed knowledge will be disseminated by synthesizing it as virtual lab libraries for courses and self-paced learning. The libraries will be distributed to colleges and universities. Finally, tutorials on malware detection and PDPs will be organized with organizations such as Internet2 and FABRIC.
NSF 2346726: CC* Integration-Small: Enhancing Data Transfers by Enabling Programmability and Closed-loop Control in a Non-programmable Science DMZ
- NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
- Award Number: 2346726
- Start Date: July 1, 2024
- End Date: June 30, 2026
- Awarded Amount to Date: $500,000
- Investigator(s): Jorge Crichigno (Principal Investigator), Andreas Heyden (Co-Principal Investigator), Paul Sagona (Co-Principal Investigator), Elie Kfoury (Co-Principal Investigator)
- Sponsor: University of South Carolina at Columbia
- NSF Program(s): CISE Research Resources, Campus Cyberinfrastructure, EPSCoR Co-Funding
- Link to Official Webpage: NSF-2346726
This project proposes to leverage the capability of P4 programmable data plane (PDP) switches and smartNICs to perform DPI. The project has four objectives. 1) Develop a malware detection and classification application running on PDPs, operating at line rate. The application will perform DPI of Domain Name System (DNS) packets, preventing malware from communicating with the corresponding C2 server. Traffic will be monitored in real-time, and functions commonly executed on general-purpose CPUs will be offloaded to PDPs. The plan includes analyzing DNS data, characterizing traffic patterns, and feeding such information to a machine learning (ML) algorithm. The ML algorithm will detect and classify malware according to their family (e.g., trojan, backdoor, ransomware). 2) Develop a malware detection and classification application running on a SmartNIC, for encrypted DNS packets. Research will be conducted to perform feature extraction for malware generating such packets. An ML algorithm will use the features to detect and classify the malware. 3) Develop a control application that shares threat intelligence and avoids malware propagation. As PDP switches and smartNIC detect malware, they share the threat intelligence with a centralized controller. 4) Expand the eX-IoT platform to fingerprint, store, and index newly detected and classified malware. The eX-IoT platform is a real-time platform for fingerprinting compromised devices on the Internet. The prototype running on PDPs and smart NICs will be built with open-source components available to the community, and the developed knowledge will be disseminated by synthesizing it as virtual lab libraries for courses and self-paced learning. The libraries will be distributed to colleges and universities. Finally, tutorials on malware detection and PDPs will be organized with organizations such as Internet2 and FABRIC.
Preparing Cyber Warfare Professionals by Integration of Curriculum, Experiences, and Internships
- Start Date: February 1, 2023
- End Date: January 31, 2026
- Awarded Amount to Date: $600,000
- Investigator(s): Jorge Crichigno (Principal Investigator)
- Sponsor: Office of Naval Research (ONR)
- Award Number: N00014-23-1-2245
The project has three objectives: 1) Advance formal and informal cyber communities and connect relevant organizations. 2) Develop a multi-state internship program, leveraging and strengthening the Naval Research Enterprise Internship Program (NREIP). 3) Expand the Academic Cloud to support large-scale learning and research nationwide. For objective 1, the project will incorporate hands-on curriculum material. USC, SCSU, and UTSA will provide: training and research experience for Navy, Army, and Air Force ROTC communities, and for veterans and STEM students interested in domains relevant to the DoN and DoD (e.g., cybersecurity, network and communications); professional development events for advanced communities of practice (COP): Engagement and Performance Operations Center (EPOC) / ESnet and Internet2 COPs; and access to self-paced training suitable for the U.S. National Guard and general public. For objective 2, the project will expand the NREIP to other agencies and organizations, including NIWC, Savannah River National Laboratory (SRNL), and cyber / IT organizations. The project will organize pre-internship seminars during fall and spring semesters, where speakers will meet weekly with students. Seminars will help students to network with internship providers, match them according to their preferred areas of interest, and secure positions to conduct the 400-hour internship during the summer. For objective 3, the project will develop new virtual lab libraries and deploy them in the Academic Cloud. The latter is a platform built for hands-on education and research. Libraries will cover state-of-the-art technologies such as programmable data planes (PDPs) and material aligned with DoD’s 8570 baseline certificates. PDPs provide granular visibility of events occurring in the cyber space at nanosecond resolution and can detect cyber-attacks faster than traditional devices. Baseline certificates validate IT and cyber skills to access certain career opportunities.
Academic programs at USC, SCSU, and UTSA will impact over 450 students who will graduate with skills relevant to the DoN and DoD, including veterans, ROTC cadets, and STEM students in general. Since the new material will become permanent, the impact will grow over time. The undergraduate research experience will permit nearly 100 students to conduct research on practical problems for NIWC and cyber / IT organizations. The workshops organized with EPOC and Internet2 will train over 1,500 professionals currently working for organizations such as national laboratories, campus networks, and enterprises. Open access to the Academic Cloud and virtual lab libraries will enable self-paced training to over 200 military personnel from the National Guard/Cyber and Information Advantage Battalion (CIAB), and to thousands of learners from colleges across the country. The internship program will serve approximately 300 interns who will contribute to relevant projects while receiving mentoring from top professionals. The project activities will be conducted by USC, which is in the top 3% of four-year institutions for the number of African American graduates; SCSU, an HBCU; and UTSA, an HSI.
NSF 2118311: Cybertraining on P4 Programmable Devices using an Online Scalable Platform with Physical and Virtual Switches and Real Protocol Stacks
- NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
- Award Number: 2118311
- Start Date: October 1, 2021
- End Date: September 30, 2025 (Estimated)
- Awarded Amount to Date: $499,540.00
- Investigator(s): Jorge Crichigno (Principal Investigator), Neset Hikmet (Co-Principal Investigator)
- Sponsor: University of South Carolina at Columbia
- NSF Program(s): CyberTraining - Training-based
- Link to Official Webpage: NSF-2118311
Developing and Installing Virtual Training Material on Advanced Networking for the Academic Cloud
- Funding Agency: Network Development Group (NDG)
- Start Date: January 1, 2021
- End Date: December 31, 2021
- Awarded Amount to Date: $20,000.00
- Investigator(s): Jorge Crichigno (Principal Investigator)
NSF 1925484: CC* Networking Infrastructure: Building a Science DMZ for Data-intensive Research and Computation at the University of South Carolina
- NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
- Award Number: 1925484
- Start Date: July 1, 2019
- End Date: June 30, 2021 (Estimated)
- Awarded Amount to Date: $498,525.00
- Investigator(s): Jorge Crichigno (Principal Investigator), Steffen Strauch (Co-Principal Investigator), Andreas Heyden (Co-Principal Investigator), Neset Hikmet (Co-Principal Investigator), Paul Sagona (Co-Principal Investigator)
- Sponsor: University of South Carolina at Columbia
- NSF Program(s): Campus Cyberinfrastructure
- Link to Official Webpage: NSF-1925484
NSF 1902397: Collaborative: Multi-state Community College, University and Industry Collaboration to Prepare Learners for 21st Century Information Technology Jobs
- NSF Org: DUE Division Of Undergraduate Education
- Award Number: 1902397
- Start Date: July 1, 2019
- End Date: June 30, 2022 (Estimated)
- Awarded Amount to Date: $299,975.00
- Investigator(s): Jorge Crichigno (Principal Investigator), Robert Brookshire (Co-Principal Investigator)
- Sponsor: University of South Carolina at Columbia
- NSF Program(s): Advanced Tech Education Prog
- Link to Official Webpage: NSF-1902397
NSF 1829698: CyberTraining CIP: Cyberinfrastructure Expertise on High-throughput Networks for Big Science Data Transfers
- NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
- Award Number: 1829698
- Start Date: October 1, 2018
- End Date: September 30, 2021 (Estimated)
- Awarded Amount to Date: $499,959.00
- Investigator(s): Jorge Crichigno (Principal Investigator), Nasir Ghani (Co-Principal Investigator), Elias Bou-Harb (Co-Principal Investigator)
- Sponsor: University of South Carolina at Columbia
- NSF Program(s): CyberTraining - Training-based, Campus Cyberinfrastrc (CC-NIE)
- Link to Official Webpage: NSF-1829698
- Via workshops, promote best cyberinfrastructure (CI) practices in sharing terabytes of data and more, thereby enabling new modes of discovery and collaboration.
- Develop hands-on training material for high-throughput high-latency environments material, for basic, intermedium, and advanced level CI engineers.
- Cooperate with the industry to develop the next-generation protocols for high-speed networks.
- Provide graduates with the skills and knowledge in high-speed networks, required by the industry and national laboratories to bolster national security.
NSF 1822567:
Building a Cybersecurity Pipeline through Experiential Virtual Labs and Workforce Alliances
- NSF Org: DGE Division Of Graduate Education
- Award Number: 1822567
- Start Date: January 15, 2018
- End Date: August 31, 2020 (Estimated)
- Awarded Amount to Date: $420,377.00
- Investigator(s): Jorge Crichigno (Principal Investigator)
- Sponsor: University of South Carolina at Columbia
- NSF Program(s): CYBERCORPS: SCHLAR FOR SER
- Link to Official Webpage: NSF-1822567
NSF 1907821: OAC Core: Small: Devising Data-driven Methodologies by Employing Large-scale Empirical Data to Fingerprint, Attribute, Remediate and Analyze Internet-scale IoT Maliciousness
- NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
- Award Number: 1907821
- Start Date: July 1, 2019
- End Date: June 30, 2022 (Estimated)
- Awarded Amount to Date: $496,898.00
- Investigator(s): Elias Bou-Harb ebouharb@fau.edu (Principal Investigator), Nasir Ghani (Co-Principal Investigator), Jorge Crichigno (Co-Principal Investigator)
- Sponsor: Florida Atlantic University
- NSF Program(s): OAC-Advanced Cyberinfrast Core
- Link to Official Webpage: NSF-1907821
ONR N00014-20-1-2797: Enhancing the Preparation of Next-generation Cyber Professionals through a Hands-on Academic Program, Undergraduate Research Experiences, and Community Partnerships
- Award Number: N00014-20-1-2797
- Activity/Agency Proposal No: GRANT13049248
- Start Date: July 23, 2020
- End Date: May 31, 2022 (Estimated)
- Awarded Amount to Date: $249,997.00
- Investigator(s): Jorge Crichigno (Principal Investigator)
- Sponsor: ONR
- Funding Agency: UofSC's College of Engineering and Computing
- Start Date: January 1, 2019
- End Date: December 31, 2019
- Awarded Amount to Date: $53,000.00
- Investigator(s): Jorge Crichigno (Principal Investigator)