Research

Current Projects

Network-Level Security Posture Assessment and Predictive Analytics: From Theory to Practice (NSF SaTC TTP)

Abstract
This project aims to address the following two questions (1) how to assess the security condition of a network, and (2) to what extend can we predict data breaches or other cyber security incidents for an organization. The ability to do so has far-reaching social and economic impact: data has become an evermore important asset in any business, and the recent data breaches such as those at Target, JP Morgan, Home Depot, Office of Personnel Management (OPM), and Anthem Healthcare, to name just a few, highlight the increasing social and economic impact of such cyber incidents. Often, by the time a breach is detected, it is too late and the damage already occurred. Consequently, being able to predict such incidents accurately can greatly enhance an organization’s ability to put preventative and proactive measures in place and make much more judicious and effective resource allocation decisions in doing so. In addition, the answer to these questions has enormous implications on policy design, not only security policies, but also various incentive mechanisms aimed at encouraging the adoption of better security policies and cybersecurity frameworks, including cyber insurance, liability limitation, and rate recovery among others, see e.g., the Presidential Policy Directive PPD-21. This project follows a comprehensive agenda aimed at transitioning to practice technologies developed by the research team over the past few years in the domain of quantitative assessment of security posture on a network or organizational level, and the use of such assessment for the purpose of forecasting cyber security incident. The technological innovation is a sound quantitative framework that combines a large collection of cybersecurity data, novel data processing methods, advanced machine learning techniques, and extensive cybersecurity domain expertise, to produce accurate prediction on security incidents for a given organization, thereby providing tangible information and crucial input for decision makers such as an insurance underwriter, or an enterprise customer seeking to validate a vendor.

Understanding Network Level Malicious Activities: Classification, Community Detection and Inference of Security Interdependence (NSF SaTC)

Abstract
In this project we seek to develop a method to quantitatively assess the security posture of a network entity, i.e., at an aggregate level as opposed to at the IP level with each host inspected separately. Empirical evidence as well as intuition suggest that at an aggregate level entities exhibit more stable behavior and features, thus carry more predictive power, thereby enabling more proactive policy design. There are two main domains where such an assessment framework can be extremely useful. The first is the design of network/security policies that can only be meaningfully applied at a network or organizational level, e.g., peering arrangements and traffic routing decisions, and incentive mechanisms (e.g., cyber insurance) aimed at encouraging better security practices and investment by organizations. The second involves security practices under severe resource limitation, e.g., deep packet inspection, whereby network-level assessment can enable hierarchical inspection by allocating more resources in examining traffic from more malicious networks. The outcome of this project is thus expected to have significant impact on security and incentive policy design. Our technical approach includes a data collection and measurement plan and comprehensive large-scale statistical data analysis. Under the latter we are developing two sets of metrics. The first concerns a network as a standalone entity irrespective of other networks in the same ecosystem. The second concerns a network as one of many inter-connected networks. This second set is crucial due to the interdependence or externality nature of network security, i.e., what one network does affects others.

Connected Testbeds for Connected Vehicles (NSF CPS Synergy)

Abstract
This research team envisions that connected testbeds, i.e., remotely accessible testbeds integrated over a network in closed loop, will provide an affordable, repeatable, scalable, and high-fidelity solution for early cyber-physical evaluation of connected automated vehicle (CAV) technologies. Engineering testbeds are critical for empirical validation of new concepts and transitioning new theory to practice. However, the high cost of establishing new testbeds or scaling the existing ones up hinders their wide utilization. Enabling high-fidelity cyber-integration of existing but geographically dispersed testbeds can dramatically increase accessibility to engineering experimentation, just as the internet dramatically increased accessibility to information. This project aims to develop a scientific foundation to support this vision and demonstrate its utility for developing CAV technologies. This application is significant, because a synergistic combination of connected vehicles and automated driving technologies is poised to transform the sustainability of our transportation system; automated driving technologies can leverage the information available from vehicle-to-vehicle (V2V) connectivity in optimal ways to dramatically reduce fuel consumption and emissions. However, state-of-the-art simulation and experimental capabilities fall short of addressing the need for realistic, repeatable, scalable, and affordable means to evaluate new CAV concepts and technologies. On the one hand, purely simulation based studies could be off by as much as 27% in terms of fuel economy and as much as 350% in terms of emissions. On the other hand, experimental studies with fleets of vehicles provide are very expensive and not easily repeatable. In addition, the literature extensively exploits connectivity to improve traffic flow, but there is also a vast untapped potential for leveraging the information available from connectivity at the powertrain level to increase sustainability. Thus, the goal of this project is to enable a high-fidelity integration of geographically dispersed powertrain testbeds and use this novel experimental capability to develop and test powertrain-level strategies to increase sustainability benefits of CAVs.

Cyber-Physical System Frameworks for Observation and Control of Mobile Agents for Health Monitoring of Civil Infrastructure Systems (NSF CPS Synergy)

Abstract
The overarching goal of this proposed research effort is to create a scalable and robust cyber-physical system (CPS) framework for the observation and control of the functional interdependencies between stationary physical systems and mobile physical agents that asynchronously and transiently interact with the stationary system. Towards this end, the proposal focuses on one specific example of a mobile-stationary system: structural health monitoring of highway bridges loaded by heavy trucks. The CPS framework created will transform bridge SHM by conjoining wirelessly enabled mobile agents, namely heavy trucks and human inspectors, with a bridge (stationary system) instrumented with a structural health monitoring (SHM) system. The proposed CPS framework provides for the first time quantitative measurement of truck loads on bridges, illuminates causal relationships between load and damage, and offers a means of accurately controlling the mobile trucks to repeatedly load a bridge for improved health analysis. In addition, the CPS framework is further extend to interact with and beneficially influence the visual inspection process conducted by wirelessly-enable human inspectors.

Other current projects:

  • Multiscale Network Games of Collusion and Competition (ARO MURI; PI; 2018-2023)
  • A New Paradigm in Risk-Informed Cyber Insurance Policy Design: Meta-Policies and Risk Aggregation (DHS; PI; 2017-2020)
  • Incentivizing Desirable User Behavior in a Class of CPS (NSF CPS; Co-PI; 2017-2020)

Past Projects