CAREER: Foundational Principles for Harnessing Provenance Analytics for Advanced Enterprise Security
University Of Virginia Main Campus, Charlottesville VA
Investigators
Abstract
Modern data centers face significant challenges from increasingly sophisticated cyber threats. Compute servers comprise multiple software layers built upon complex hardware. Both the hardware complexity and the multi-layer software approach can be leveraged by threat actors to conceal their activities and evade detection. This proposal introduces automated techniques for swift detection, investigation, and response to such stealthy threats, with a focus on leveraging data provenance. Data provenance involves continuously collecting detailed data histories, including origins, handling, and evolution, to enhance system and application transparency. By improving the visibility and security within data centers, we aim to protect critical infrastructure and sensitive information, aligning with national security goals. The proposed work includes initiatives in education and broadening participation that will equip diverse students with essential cybersecurity skills through innovative pedagogy, hands-on laboratories, and engaging K-12 workshops. This educational approach is crucial for developing a skilled workforce prepared to address future cybersecurity challenges. This proposal aims to counter Advanced Persistent Threats (APTs) and enhance enterprise security by incorporating data provenance, a method for tracking the origin and evolution of data objects. Data provenance provides a rich historical context for understanding system operations, key to enhancing threat detection and response. The technical methodology encompasses three primary research objectives: first, developing a comprehensive system for auditing and unifying data provenance across various system layers; second, implementing advanced graph representation learning techniques to enhance the accuracy of threat detection systems, leveraging the rich historical context provided by data provenance; and third, focusing on constructing an AI-powered automated incident response framework, utilizing insights from data provenance to inform and streamline response actions. Anticipated outcomes include innovative techniques for the efficient collection and integration of data provenance, the development of scalable models for threat detection, and the creation of frameworks for rapid and automated incident response. The proposal has the potential to significantly transform enterprise security practices, leading to more robust defenses against complex cyber threats and contributing to a safer and more secure digital environment. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →