Skip directly to content

Minimize RSR Award Detail

Research Spending & Results

Award Detail

Awardee:UNIVERSITY OF TEXAS AT SAN ANTONIO, THE
Doing Business As Name:University of Texas at San Antonio
PD/PI:
  • Elias Bou-Harb
  • (210) 458-6319
  • elias.bouharb@utsa.edu
Award Date:09/23/2019
Estimated Total Award Amount: $ 496,898
Funds Obligated to Date: $ 496,898
  • FY 2019=$496,898
Start Date:08/14/2019
End Date:06/30/2022
Transaction Type:Grant
Agency:NSF
Awarding Agency Code:4900
Funding Agency Code:4900
CFDA Number:47.070
Primary Program Source:040100 NSF RESEARCH & RELATED ACTIVIT
Award Title or Description:OAC Core: Small: Devising Data-driven Methodologies by Employing Large-scale Empirical Data to Fingerprint, Attribute, Remediate and Analyze Internet-scale IoT Maliciousness
Federal Award ID Number:1953051
DUNS ID:800189185
Parent DUNS ID:042000273
Program:OAC-Advanced Cyberinfrast Core
Program Officer:
  • Vipin Chaudhary
  • (703) 292-2254
  • vipchaud@nsf.gov

Awardee Location

Street:One UTSA Circle
City:San Antonio
State:TX
ZIP:78249-1644
County:San Antonio
Country:US
Awardee Cong. District:20

Primary Place of Performance

Organization Name:University of Texas at San Antonio
Street:
City:
State:TX
ZIP:78249-3209
County:San Antonio
Country:US
Cong. District:20

Abstract at Time of Award

At least 20 billion devices will be connected to the Internet by 2023. Many of these devices transmit critical and sensitive system and personal data in real-time. Collectively known as "the Internet of Things" (IoT), this market represents a $267 billion per year industry. As valuable as this market is, security spending on the sector barely breaks 1%. Indeed, while IoT vendors continue to push more IoT devices to market, the security of these devices has often fallen in priority, making them easier to exploit. This drastically threatens the privacy of the consumers and the safety of mission-critical systems. While a number of research endeavors are currently taking place to address the IoT security problem, several challenges hinder their success. These include the lack of IoT monitoring capabilities once such devices are deployed, the shortage of remediation techniques when they are compromised, and the inadequacy of methodologies to permit the comprehension of the underlying IoT malicious infrastructures. To this end, this project will serve NSF's mission to promote the progress of science by developing data science methodologies to identify and remediate infected IoT devices in near real-time. The project will also promote cyber security research and training for minorities and K-12 students. Moreover, the project will contribute to operational cyber security by developing a large-scale cyberinfrastructure for IoT-relevant data and threat sharing, enabling hands-on cyber-science at large. The project will scrutinize close to 100 GB/hr of real-time unsolicited Internet-scale traffic to devise and develop efficient deep learning classifiers to fingerprint IoT devices, identifying their types and vendors, and disclosing their large-scale vulnerabilities and hosting environments. The project will design and develop fast greedy approximation algorithms for L1-norm Principal Component Analysis (PCA) data-dimensionality reduction, enabling the real-time execution of the Density Based Spatial Clustering of Application with Noise (DBSCAN) technique for detecting and attributing IoT orchestrated botnets. The project will also design scalable offensive security algorithms based on Internet-wide active measurements to offer macroscopic remediation strategies. The project will curate close to 3.5 million malware samples/day and around 1.3 million passive DNS records/day to build graph-theoretic models to uncover and characterize inter-related components which form the concept of IoT malicious cyberinfrastructure. Further, the project will analyze the evolution of such infrastructures to comprehend their modus operandi by devising efficiency graph similarity techniques in linear time, by designing and implementing algorithms rooted in graph kernels and min-hashing methods. The project will also (i) develop a unique cyberinfrastructure for IoT empirical data and cyber threat indexing and sharing, (ii) automate the devised algorithms and techniques by leveraging high speed, in-memory data processing technologies, (iii) generate IoT-specific detection signatures by exploring fuzzy hashing algorithms, and (iv) enable at-large access to the generated IoT artifacts through a secure API and a front-end mechanism. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

For specific questions or comments about this information including the NSF Project Outcomes Report, contact us.