Partnership for Proactive Cybersecurity Research and Training (PACT)
The primary goal of the Partnership for Proactive Cybersecurity Training (PACT) is to address the current and future cybersecurity research challenges and educate and train the next generation of highly skilled cybersecurity workforce that is heavily recruited from underrepresented and minorities and women. To achieve these goals, we form a multi-organization and multidisciplinary alliance from academia (The University of Arizona, Howard University and Navajo Technical University) and DoE Labs (Argonne National Laboratory). The Consortium goals are the following:
-
Establish a comprehensive cybersecurity science agenda that provides the theoretical foundation to: (a) Use data analytics and machine learning science to accurately and precisely quantify and characterize “normal” operations of cyber systems and services; (b) Model and quantify the risks and impacts of vulnerabilities and attacks on cyber systems, (c) Develop data-driven cyber security and forensic modeling, analysis and prediction; and (d) Design and analyze innovative detection and protection techniques.
-
Validate and demonstrate the usefulness of the cybersecurity solutions on large scale case studies (critical infrastructures and smart cities)
-
Integrate the Consortium’s research projects with established cybersecurity educational and training programs to provide cybersecurity learning opportunities for both undergraduate and graduate students. The consortium will heavily recruit underrepresented minority students to be involved in our research projects, cybersecurity summer training and mentoring camps, and internship programs.
In this aspect of the project, we propose to: (1) research how to learn in a dynamic and changing environment, such that learning can be done with high accuracy as well as detect change in a complex environment, (2) leverage adversarial information (i.e., data and information about the attack model) to improve upon the accuracy of the system, (3) develop a data science pipeline for modeling the adversary from the data collection to classification, (4) identify and develop metrics of success for learning in such environments, and (5) benchmark the proposed approaches against state-of-the-art algorithms in cybersecurity.
The main research activities in this aspect of the project will include (1) the development of a theoretical framework to perform anomaly behavior analysis of cyber systems, protocols and applications; (2) the development of cyber-social data structures and metrics that can be used to integrate social and cyber activities to improve the accuracy and the time to detect insider attacks; (3) the development of bioinspired self-protection system; and (4) development of a methodology to perform continuous forensic monitoring, analysis and protection.
One area of research for investigating the application of cybersecurity to wireless communications/networks is signal classification, where attributes of a signal (i.e. modulation, coding technique, etc.) can be detected and used to identify if a transmission originates from an ally or adversary. We have conducted multiple research efforts in modulation classification, which consists of three main components: preprocessing, feature extraction, and classification [Vanhoy 2016]. Deep learning architectures combined with a hierarchical structure was investigated as a means of modulation classification. Currently, we are building on this work by investigating different deep learning techniques to classify waveforms from different protocols (i.e. LTE, Wi-Fi, 5G).
Emerging smart city systems and applications are so complex and diverse that traditional approaches for cybersecurity, performance prediction, measurement and management are not applicable in a straightforward manner. The proposed federated framework for data analytics and decision making, where individual or group of domain specific devices by forming clusters can process the data for a real-time response offload their data to the edge for near real-time processing and get the response back or use the cloud computing for off-line processing and data warehousing. Our research goals are (1) to develop federated testbeds that can integrate many different physical testbeds to study the interdependencies among different smart city testbeds (e.g. the impact of power failures on transportations, financial networks, hospitals, etc.); and (2) to use the federated testbed for experimentation, validation and training on the cybersecurity detection and protection tools to be developed in this project.
In this thrust area, we will develop a virtual cybersecurity laboratory that can be offered as a cloud service and then develop the required educational and training cybersecurity programs. In what follows, we highlight our approach to develop these capabilities