| NSF Org: |
SES Division of Social and Economic Sciences |
| Recipient: |
|
| Initial Amendment Date: | August 29, 2013 |
| Latest Amendment Date: | March 4, 2016 |
| Award Number: | 1314631 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Sara Kiesler
skiesler@nsf.gov (703)292-8643 SES Division of Social and Economic Sciences SBE Directorate for Social, Behavioral and Economic Sciences |
| Start Date: | September 1, 2013 |
| End Date: | August 31, 2018 (Estimated) |
| Total Intended Award Amount: | $1,190,722.00 |
| Total Awarded Amount to Date: | $1,301,944.00 |
| Funds Obligated to Date: |
FY 2014 = $15,600.00 FY 2015 = $95,622.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
845 N PARK AVE RM 538 TUCSON AZ US 85721 (520)626-6000 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
1130 East Helen Street Tucson AZ US 85721-0108 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01001415DB NSF RESEARCH & RELATED ACTIVIT 01001516DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.075 |
ABSTRACT
As society becomes more dependent on cyber infrastructure, the security of networks and information technologies has become a growing concern. Individuals, businesses, and governmental organizations are now common victims of cyber-attacks that seek to steal private data, gain remote control over remote systems, and cause harm to networks and systems through other malicious means. Additionally, critical infrastructures such as smart power grids and communication networks are facing an increasing number of cyber-based threats. As a result, many researchers and security practitioners have begun to investigate cyber attacker communities in order to learn more about cyber attacker behaviors, emerging threats, and the cybercriminal supply chain. Unfortunately, there is a lack of established science for cyber security research. The lack of literature is problematic for researchers wanting to learn more so that they may contribute to and advance the current state of cyber security research. For example, many cyber attacker communities take careful measures to hide themselves by employing anti-crawling measures. This would be a challenge for many researchers and security practitioners. Furthermore, some may find cyber attacker community discussion difficult to interpret due to cyber attacker jargon, advanced security concepts, or foreign contents belonging to cyber attacker groups spanning across different countries or regions.
For these reasons, research studying hacker communities is greatly needed, as well as research that advances others? capacity to understand and investigate contents from such communities. Specifically, the development of automated tools and analyses increases the potential for more cyber security research. Web mining and machine learning technologies can be used in tandem with social science methodologies to help answer many questions related to hacker behaviors and culture, illegal markets and covert networks, cybercriminal supply chain, malware analysis, emerging security threats, and other matters. There are many opportunities for extending current cyber security research by combining hacker community data with social science methodologies, computational techniques, and security analysis.
In this research, important questions about hacker behaviors, markets, community structure, community contents, artifacts, and cultural differences are explored. Automated techniques to collect and analyze data from forums, Internet Relay Chat, and honeypots will be developed. The development of such tools will help further proactive approaches for preventing cyber-based threats, rather than taking the traditional approach of reacting when something "bad" happens. Better understanding of hacker communities across multiple geopolitical regions will support a better understanding of cybercriminal behavior, and improved and safer practices for security researchers and practitioners.
The proposed integrated computational framework and the resulting algorithms and software will also allow social science researchers and security practitioners to closely examine how cyber attacker groups form, develop, and spread their ideas; identify important and influential cyber criminals in the online world; and develop the means to recognize online hacker identities through their communication and interaction styles. Knowing more about cyber criminals, hackers, and their illegal black markets can help policy makers and security professionals make better decisions about how to prevent or respond to attacks.
The proposed work also contributes to the educational and professional development of the student research associates who contribute to it. They will learn sound research methods, and how to write about and present their work for scientific and other professional audiences.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Cybersecurity has rapidly emerged as one of the 21st century’s grand societal challenges. Innovative solutions for solving important issues within this broad domain require novel, inter-disciplinary approaches. In this project, we developed a team of Artificial Intelligence (AI), sociology, and criminology experts to explore the vast, ever-evolving online hacker community (often referred to as the “Dark Web”). Specifically, significant efforts were made to collect a multi-million, multi-lingual, longitudinal testbed of hacker forum, DarkNet Marketplaces, Internet-Relay-Chat (IRC), and carding shop data. From this vast collection of adversarial data, novel AI, criminology, and sociology based approaches were developed for two broad purposes: identifying key threat actors (i.e., hackers) and detecting emerging threats in cyberspace. For the former, significant social network analysis and network science capabilities from computational and social science perspectives were developed to identify communities of hackers and key threat actors within these communities. With regards to identifying emerging threats, novel AI based approaches were designed and developed to identify emerging hacker terminology, topics, and exploits (e.g., ransomware, Point-of-Sales malware). Selected results from this work (e.g., data, analytics, visualizations, etc.) were integrated into the AZSecure Hacker Assets Portal and the AZSecure Data Infrastructure Building Blocks (DIBBs) systems to offer value for law enforcement, industry professionals, and aspiring Cyber Threat Intelligence (CTI) researchers.
These novel advances in knowledge have resulted in 50+ peer reviewed publications at major peer-reviewed outlets such as IEEE Transactions on Knowledge and Data Engineering (TKDE), Journal of Management Information Systems (JMIS), IEEE Intelligent Systems, Management Information Systems Quarterly (MISQ), and IEEE Intelligence and Security Informatics (ISI). Selected work was also disseminated to communities of interest at highly-visible conferences such as the INFORMS Annual Meeting, Women in Cybersecurity (WiCyS), and others. Ultimately, the efforts made in this project have made a broader impact in society by significantly contributing to our knowledge about the Dark Web, offering value to numerous law enforcement, industry, and government cybersecurity professionals, and providing excellent training experiences to numerous undergraduate, master’s, and Ph.D. (many of whom are NSF CyberCorps Scholarship-for-Service) students to tackle the next generation of cybersecurity issues.
Last Modified: 10/15/2018
Modified by: Hsinchun Chen
Please report errors in award information by writing to: awardsearch@nsf.gov.
