| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 24, 2018 |
| Latest Amendment Date: | March 5, 2024 |
| Award Number: | 1822150 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
Mohan Kumar
mokumar@nsf.gov (703)292-7408 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2018 |
| End Date: | August 31, 2024 (Estimated) |
| Total Intended Award Amount: | $642,182.00 |
| Total Awarded Amount to Date: | $514,111.00 |
| Funds Obligated to Date: |
FY 2020 = $128,178.00 FY 2021 = $129,055.00 FY 2022 = $128,164.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
9201 UNIVERSITY CITY BLVD CHARLOTTE NC US 28223-0001 (704)687-1888 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
9201 University City Blvd. Charlotte NC US 28223-0001 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | IUCRC-Indust-Univ Coop Res Ctr |
| Primary Program Source: |
01001920DB NSF RESEARCH & RELATED ACTIVIT 01002021DB NSF RESEARCH & RELATED ACTIVIT 01002122DB NSF RESEARCH & RELATED ACTIVIT 01002223DB NSF RESEARCH & RELATED ACTIVIT 01002324DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
With the increasing magnitude and sophistication of cyber attacks, cyber warfare has become a major threat to national security. However, the cybersecurity state of the art is still far from providing sufficient protection, not only for Internet enterprise services but also for critical infrastructure services, such as in the financial and energy sectors. With the exponential increase of attack surface and the complete reliance on human analysis and response, the time for detection and mitigation of cyber attacks have been significantly increasing (e.g., can take up to several months). In addition, the cost of deploying cybersecurity has been tremendously increasing as it is becoming very resource and labor intensive.
The University of North Carolina Charlotte (UNC Charlotte) is leading the research and industry community in NSF IUCRC Center on Cybersecurity Analytics and Automation (CCAA) to address these challenges. Our goal is to build the critical mass of inter-disciplinary academic researchers, industry partners, and government agencies for advancing the science and state-of-the-art of cybersecurity analytics and automation by developing innovative sense-making and decision-making capabilities for autonomous and adaptive cyber defense that requires minimal human involvement with provable and measurable security and resiliency properties. We consider both formal- and data-driven analytics of cybersecurity artifacts for seamlessly integrating sense-making and decision-making for adaptive and autonomous cyber defense.
CCAA brings together experts in formal and data-driven cybersecurity to advance cyber defense on multiple fronts, namely, (a) developing dynamic and predictive cyber risk analytics using heterogeneous cyber artifacts, (b) developing adaptive and autonomic decision-making for provably correct and safe defense strategies according to the mission requirements, and system configurations and (c) integrating cyber resilience and agility as inherent properties of cyber and cyber-physical system security. The UNC Charlotte site will lead the research and management activities and provides profound technical contributions to CCAA in formal methods for configuration verification, automated risk quantification and mitigation, adaptive learning, cyber threat analytics, and cyber agility.
The Center will create and maintain a center-wide repository to make all products of the research ? datasets, code, tools, experimental results, draft manuscripts, etc. ? available to all Center?s members. The repository will be accessible through the Center?s website (http://www.ccaa-nsf.org/). Consistently with the Center?s bylaws and with any applicable NSF or individual universities? requirements, several of these products will be made available to the broader research and industry community. The repository will be actively maintained during the duration of the Phase II effort, and it can be accessed online.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
The Center for Cybersecurity Analytics and Automation (CCAA) was established to advance the state of cybersecurity research, with the goal of addressing critical challenges in cyber defense. CCAA brought together experts from academia, industry, and government to develop novel techniques for securing computer systems, networks, and software.
Intellectual Merit
CCAA’s research has significantly contributed to the understanding and mitigation of modern cybersecurity threats. Key research outcomes from the project include:
1. Understanding of vulnerability mitigation practices in organizations, including the identification of key areas for improvement. Strong vulnerability practices include team leadership and incentives emphasizing security, dedicated team members focused on vulnerability detection, and training customized to the development environment of the team.
2. Identification of factors related to why consumers fall for SMS text scams, known as SMS phishing. Our findings indicate that participants focus more on the content, format, and links in SMS rather than the sender’s short code, phone number, or email address. We suggest design changes to enhance user awareness and resilience against SMS phishing.
Broader Impacts
The broader impacts of CCAA’s work extend beyond academic and technical contributions. Several key outcomes demonstrate the societal and practical benefits of the project:
1. Workforce Development: The project provided numerous training opportunities for students, exposing them to real-world cybersecurity challenges. Through hands-on experience with cutting-edge research, CCAA helped prepare the next generation of cybersecurity professionals.
2. Industry Collaboration: CCAA worked closely with industry partners to ensure that its research addressed real-world cybersecurity problems. By engaging with its Industry Advisory Board, the center facilitated the transition of research into practice.
3. Raising Cybersecurity Awareness: By disseminating its results through publications, presentations, and public tools, CCAA has helped raise awareness about the importance of cybersecurity and proactive defense measures. The center’s work has influenced both policy and practice in critical sectors.
Last Modified: 12/30/2024
Modified by: Heather R Lipford
Please report errors in award information by writing to: awardsearch@nsf.gov.
