SaTC: TTP: Small: STINGAR – Deployment of highly automated, reliable, and fast cybersecurity threat response systems

  • Awarding Agency: National Science Foundation
  • Dollar Amount: $499,692
  • Grant dates: 8/15/18 – 7/31/20
  • PI: John Board
  • co-PI: Tracy Futhey

Modern cybersecurity attacks are often carried out through automated “bots” or agents that systematically attack networks, at scale and in a matter of minutes. This has left organizations scrambling to respond with defenses that must first be validated or enacted by humans, and so take time to mount. Institutions can no longer afford to combat these powerful and rapid digital attacks with our slower and sometimes error-prone analog (human-based) responses. Instead, this project utilizes its own distinctive form of digital protections – which are both automated and scalable – to implement real-time blocks of incoming malicious traffic. The project team seeks to extend a system that has been used successfully for two years at Duke University to other universities, colleges and regional networks with special attention on usability by minority-serving and smaller colleges and universities, where Information Technology (IT) and security personnel may lack the time or expertise to develop similar protections or purchase expensive commercial tools.

The suite of tools that the project has already developed utilizes a series of “sensors” and “actuators,” which automatically block certain types of malicious traffic and as a result improve the speed, scale, and reliability of cybersecurity threat responses. This project transitions these tools from Duke to production use at North Carolina Central University (NCCU), with the intention of confirming their usability and ensuring the value derived at Duke is reproducible elsewhere. Then, the project expands coverage to other universities, colleges, and regional networks. The project includes mechanisms to share data among participating universities, thereby “crowdsourcing” awareness of an active attack on any one campus, so that all other campus may proactively enact protections before they fall victim to the same attack.