Shamik Sengupta | NSF CICI | University of Nevada, Reno

NSF CICI

Implementing CYBEX-P: Helping Organizations to Share with Privacy Preservation

Role: Principal Investigator
Duration: 2018-2019
Funding Amount: $986,067

Abstract

In response to the increasing number of attacks on cyberspace, public and private organizations are encouraged to share their cyber-threat information and data with each other. Although there are long-term interests in sharing security related information, it places organizations at risk regarding the protection of their data and exposure of other vulnerabilities. This project designs, develops and implements a CYBersecurity information EXchange with Privacy (CYBEX-P) platform using trusted computing paradigms and privacy-preserving information sharing mechanisms for cybersecurity enhancement and development of a robust cyberinfrastructure. The outcome of this project has a broader impact on the development of a novel cybersecurity information-sharing platform with privacy preservation and a robust governance structure. The project also has direct impact on undergraduate and graduate student education and training, emphasizing the engineering development of minorities and women, by providing a real-world platform for investigation and management of cyber threats. Envisioning that effective and privacy-preserving threat intelligence sharing can be instrumental for auditing the state of the threat landscape and helping to predict and prevent major cyber-attacks, this project provides a service for structured information exchange. The CYBEX-P platform provides valuable measurable information about the security status of systems and devices together with data about incidents stemming from cyber-attacks. To develop and implement such an environment across statewide organizations, then across the nation, this research project incorporates blind processing, privacy preservation and integrity of shared incident data by ensuring that only trusted processes access the raw data and only anonymized data are shared with other operators. Blind processing enables the advantages of additional information exchange while respecting organizational constraints and trust boundaries. This research also establishes a flexible governance framework that includes both policies and procedures to protect the data and provide all customers with the tools to demonstrate they are complying with both regulatory and internal data governance requirements. Specifically, the outcomes of the project demonstrate: i) CYBEX-P infrastructure development with affordable scalability, secure data exchange, and analytic components, ii) Privacy-preserving information sharing via blind processing and anonymization, and an iii) CYBEX-P governance framework.

NSF Award Link

Project Publications

2021

C106. F. Sadique and S. Sengupta, "Analysis of Attacker Behavior in Compromised Hosts During Command and Control", (Accepted). IEEE International Conference on Communications (ICC), 2021.
C104. J. Thom, Y. Shah and S. Sengupta, "Correlation of Cyber Threat Intelligence Data Across Global Honeypots", (Accepted). IEEE CCWC 2021.

2020

C103. A. Walker and S. Sengupta, "Malware Family Fingerprinting Through Behavioral Analysis", (Accepted). In 18th Annual IEEE International Conference on Intelligence and Security Informatics, 2020.
C101. Y. Shah and S. Sengupta, "A Survey on Classification of Cyber-Attacks on IoT and IIoT Devices", (Accepted). In 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), 2020.
C95. Anuraag Kotra, AbdelRahman Eldosouky, S. Sengupta, "Every Anonymization begins with k: A Game theoretic Approach for Optimized k Selection in K-Anonymization", (Accepted). In Sixth International Conference on Advances in Computing & Communication Engineering, 2020.
C90. Bryson Lingenfelter, Iman Vakilinia and Shamik Sengupta, "Analyzing Variation Among IoT Botnets Using Medium Interaction Honeypots", (Accepted). In IEEE CCWC 2020.
C89. Shahriar Badsha, Iman Vakilinia and Shamik Sengupta, "Blockchain based Cybersecurity Information Sharing and Fine Grained Access Control", (Accepted). In IEEE CCWC 2020.
C88. Farhan Sadique, Raghav Kaul, Shahriar Badsha and Shamik Sengupta, "An Automated Framework for Real-time Phishing URL Detection", (Accepted). In IEEE CCWC 2020.

2019

C84. A. Walker and S. Sengupta, "Insights into Malware Detection via Behavioral Frequency Analysis Using Machine Learning", (Accepted). In Proceedings of IEEE MILCOM 2019.
C79. S. Badsha, I. Vakilinia and S. Sengupta, "Privacy Preserving Cyber Threat Information Sharing and Learning for Cyber Defense", (Accepted). In Proceedings of IEEE Annual Computing and Communication Workshop and Conference (CCWC) 2019.
C78. F. Sadique, K. Bakhshaliyev, J. Springer and S. Sengupta, "A System Architecture of Cybersecurity Information Exchange with Privacy (CYBEX-P)", (Accepted). In Proceedings of IEEE Annual Computing and Communication Workshop and Conference (CCWC) 2019.

2018

C76. Farhan Sadique, Sui Cheung, Iman Vakilinia, Shahriar Badsha, and Shamik Sengupta, "Automated Structured Threat Information Expression (STIX) Document Generation with Privacy Preservation", (Accepted). In Proceedings of IEEE UEMCON, 2018.
C71. I. Vakilinia, S. Cheung and Shamik Sengupta, "Sharing Susceptible Passwords as Cyber Threat Intelligence Feed", (Accepted). In Proceedings of IEEE MILCOM, 2018.

Project Portal

Jump to the project portal click here

Contact me if you would like to create a log in credential for your organization.

Contact

Have questions about my research or how to get involved?

Dr. Shamik Sengupta
Scrugham Engineering and Mines 204
1664 North Virginia Street
Reno, NV 89557
MS 0171

Phone
775-784-6953

Email
ssengupta@unr.edu