| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 20, 2013 |
| Latest Amendment Date: | August 20, 2013 |
| Award Number: | 1343482 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Jeremy Epstein
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2013 |
| End Date: | August 31, 2015 (Estimated) |
| Total Intended Award Amount: | $58,000.00 |
| Total Awarded Amount to Date: | $58,000.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
426 AUDITORIUM RD RM 2 EAST LANSING MI US 48824-2600 (517)355-5040 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
301 ADMINISTRATION BUILDING East Lansing MI US 48824-1046 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
This project designs and deploys a multi-disciplinary framework to model spatial, temporal and social dynamics of cyber criminals. The framework fuses theories in both computer science and criminology. Specifically, project objectives are a) Apply and validate existing theories in the realm of general criminology (in particular Akers? social learning theory and Gottfredson and Hirschi?s general theory of crime) to study cyber crimes; b) Derive novel Internet usage features as fingerprints for cyber crimes; c) Design classification algorithms (based on multi-fractal analysis and petri-net designs) to subsequently model multiple dynamics of cyber criminals by integrating theoretical and practical outcomes from the above two objectives; and d) Extensively test and validate project outcomes. The core novelty of this project is in using real Internet data from subjects (initially a cyber savvy college sample) that is collected continuously, unobtrusively, while still preserving a high degree of privacy.
Outcomes of this project will have far reaching impacts. It lays a foundation for fusing expertise in social sciences (specifically criminology) and cyber security, as a result of which existing theories in general criminology can be empirically tested for practical validity in studying cyber crimes. The identification of unique Internet fingerprints associating with cyber crimes will provide new insights into human centered aspects of cyber crimes, which is lacking today. The classification algorithms designed will provide cyber defenders with new tools to combat cyber crimes from multiple perspectives including prevention, detection, forensic investigations and prosecution.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
In this project, a multi-disciplinary team comprising of expertise in computer sciences and criminology have investigated the spatial, temporal and social dynamics of cyber criminals. The team has applied existing criminology theories to study cyber crimes and derive theoretical findings encompassing individual activities and social influences. Subsequently, the team has associated these discoveries with real Internet usage data captured from NetFlow logs, and have also designed learning algorithms to predict cyber deviance from observed Internet usage. Specific outcomes are: a) Creation of new surveys that assess cyber deviance along a sample of college students that capture multiple perspectives of cyber deviance including individual and social influences; b) Examine the utility of traditional theories of deviance (social learning and low self-control) to account for cyber crimes in conjunction with Internet use data; c) A framework to record NetFlow logs of users continuously and unobtrusively, while also preserving a high degree of privacy; d) Extracting new features from NetFlow logs that are used to associate with cyber deviance; e) Statistical analysis to identify Internet usage features correlating with multiple aspects of cyber deviance, and deriving theoretical insights into these correlations; f) Learning algorithms to classify users based on their degree of exhibiting online deviant behavior via monitoring run time NetFlow logs.
Intellectual Merit: Currently, the majority of cyber crime research in the social sciences utilizes cross-sectional data acquired through self-report surveys describing Internet use and criminal behaviors. The intellectual merit of this project lies in combining survey responses with real Internet data (recorded from NetFlow) to examine correlates of individual activities, hence enabling measurement of predictors for deviant behavior over time. It has also aided in deriving accurate characterizations of Internet usage minimally affected by errors and biases, while also yielding data of significantly higher dimensions and finer granularity. We have also derived a number of new Internet usage features to study criminal behavior that have not been identified yet, which provide new indicators of cyber crimes from an individual and social perspective. Learning algorithms have also been designed and implemented to classify users based on the degree of deviant behavior in cyber space via run time monitoring of NetFlow logs.
Broader Impact: Outcomes from the proposed project will advance the paradigm of Socio-Technical Systems via the integration of theory and practice. The applicability of real Internet data when coupled with social science survey metrics derived from this project will impact multiple social sciences disciplines beyond cyber deviance, including Social Networking, Internet Economics, E-Learning etc. Outcomes from our project will create new tools for forensic investigators to identify anomalous web traffic indicative of deviance and promote better internal defenses against cyber crimes. Outcomes will also serve to protect our critical infrastructures, national economies and defense capabilities, all of which are intertwined with security of cyber space today. New multi-disciplinary course modules have been created in cyber security courses taught by investigators. The project also helped train a number of students to join the cyber security workforce for the nation.
Last Modified: 08/07/2015
Modified by: Thomas J Holt
Please report errors in award information by writing to: awardsearch@nsf.gov.
