Seminar: Inferring and Attributing Internet-scale IoT Infections by Leveraging Large-scale Empirical Data

When:
10:30 am
Thursday March 30th, 2023

Where:
Room 1212
Patrick F. Taylor Hall

ABSTRACT

Smart sensing technologies within the context of the Internet-of-Things (IoT) paradigm continue to be deployed in key sectors such as health, agriculture, energy and manufacturing. Indeed, it is estimated that around 30 billion IoT devices will be instrumented by 2030 to increase efficiencies and usability while decreasing costs and maintenance time. Nevertheless, such IoT devices lack even the most fundamental security measures, access policy controls, and patch management capabilities, making them attractive targets for attackers and state-sponsored actors who will abuse them to gain illegitimate access into critical networks while orchestrating them in order to impair other Internet-connected entities. Given the widespread deployment of such IoT devices, it becomes extremely challenging to promptly address their security concerns at-scale. This is mainly due to the lack of scalable methods, which could analyze large-scale, representative data, and the shortage of techniques that are efficient enough to be operated in near real-time. To this end, in this talk, we will explore empirically-driven methods and techniques to quantity IoT insecurities at-large, while offering cyber forensic means to comprehend the causes of their inherit vulnerabilities. Specifically, we will elaborate on passive and active measurement methodologies which could be practically employed not only to support the near real-time inference and analysis of such wide-scale IoT exploitations, but also to operationally aid Internet Service Providers (ISPs) and Computer Emergency Response Teams (CERTs) in the US and beyond with real-time mitigation and remediation efforts. The talk will also shed the light on a number of complementary cyber training activities for broad research workforce development and for pragmatic support of minorities within the context of Equity, Diversity and Inclusivity (EDI). Lastly, the talk will present a number of ongoing research endeavors while putting forward a concrete plan for pursuing future research ideas and collaborations within LSU and with the broader research community.

Elias Bou-Harb

Elias Bou-Harb
University of Texas, San Antonio

Dr. Elias Bou-Harb is currently the Director of the Cyber Center For Security and Analytics at the University of Texas at San Antonio (UTSA), where he leads, directs and organizes university-wide cyber security research, development, operations and training initiatives. He is also a tenured Associate Professor at the department of Information Systems and Cyber Security specializing in operational cyber security and data science as applicable to national security challenges. Previously, he was a senior research scientist at Carnegie Mellon University (CMU) where he contributed to federally-funded projects related to critical infrastructure security and worked closely with the Software Engineering Institute (SEI). He is also a permanent research scientist at the National Cyber Forensic and Training Alliance (NCFTA) of Canada; an international organization which focuses on the investigation of cyber-crimes impacting citizens and businesses. Dr. Bou-Harb holds a Ph.D. degree in computer science from Concordia University in Montreal, Canada, which was executed in collaboration with Public Safety Canada, Industry Canada and NCFTA Canada. His research activities and interests focus on cyber forensics, critical infrastructure security, empirical data analytics, digital investigations, network security and network provisioning. Dr. Bou-Harb has authored more than 140 refereed publications in leading empirical cyber forensic venues, has acquired state and federal cyber security research and training grants valued at more than $8M, and is the recipient of 6 best research paper awards, including the prestigious ACM’s best digital forensics research paper.