X
Home Division of Research & Innovation News & Impact Computer Science faculty use FRONTIERS projects to further research impact with FedEx

Computer Science faculty use FRONTIERS projects to further research impact with FedEx

Will explore the recent advancement of machine learning techniques to detect Advance Persistent Threat (APT) attacks

UofM’s Dr. Kan Yang (PI) and Dr. Xiaofei Zhang (Co-PI), two assistant professors in the Department of Computer Sciences, have been awarded funding from FedEx Service Inc. to develop advanced machine learning-based solutions to enhance the enterprise cyber analytic defense ecosystem. The project, entitled “Designing Machine Learning-based Solutions for APT Detection,” will explore the recent advancement of machine learning techniques to detect Advance Persistent Threat (APT) attacks, which are used by experienced, state-sponsored attackers to steal data and perform disruptive operations on cyberinfrastructure.

"Understanding the nature of APT is extremely important,” stated Yang, "APT does not focus on the technical sophistication of the adversary or the attacker's code. Instead, it focuses on the organizational capabilities and intentions of the adversary, making the traditional security measures solely insufficient to prevent APT attacks. More importantly, the lack of a high-precision and real-time detection system precisely designed based on an organization's network structure and business nature is one of the critical issues and challenges associated with APT detection."

Commenced in the summer of 2022, two pilot projects initiated by Yang and Zhang are supported by the UofM FedEx Institute of Technology’s FRONTIERS program. Those projects successfully demonstrated a proof-of-concept using publicly available datasets for APT detection.

"It is time to tailor our solution design to meet industrial needs and do evaluation over real enterprise-level cybersecurity data," stated Zhang, "I am glad that our work is recognized by FedEx. This collaboration would not be possible without the commitment from our industrial partners and the consistent support from the University.”

To support efficient and accurate APT detection, the Cybersecurity Intelligence and Analytics (CIA) Group at FedEx has collected large volumes of heterogeneous cybersecurity data from multiple sources within FedEx, including McAfee GW, Win MS, O365, Cisco, DHCP, DNS, etc. With the support of these datasets, the goal of this project is to develop novel APT detection solutions that detect both known attacks (as traditional patterns/signatures-based approaches do) and previously unknown attacks by profiling the normal behavior and detecting attacks as deviations from this normal behavior profile. Collaboratively, the team will first decouple the APT lifecycle into multiple phases and develop effective machine learning-based anomaly detection solutions for alert generation in each phase. Then, deep learning techniques will be applied to extract the correlations among multiple alerts, where attack provenance graphs can be visually summarized. The team will also explore the potential of the next-generation non-relational data management paradigm, e.g., graph database, for cybersecurity research.

"I am very excited about the collaboration with Dr. Kan Yang on APT Detection leveraging machine learning as well as Dr. Xiaofei Zhang on Graph Database application on Cybersecurity," said Dr. Lijing Xu, leader of the CIA Group at FedEx. "By leveraging the research strength of Cybersecurity and Data Science from the University of Memphis, I believe the capability of Cybersecurity Analytics at FedEx will be greatly enhanced. We are looking forward to showcasing the deliverables! Also, I'm very grateful for the support from my director Lou Lawrence, my VP Xuan Liu as well as FedEx CISO Gene Sun. Without their support, this collaboration would not have been possible."

Yang’s research interests include data security, adversarial machine learning, blockchain, network security and applied cryptography. His research has been funded by the National Science Foundation and the National Security Agency. He has published more than 60 peer-reviewed articles in prestigious venues including IEEE TIFS, TDSC, IOTJ, TPDS, TVT, TMM, TWC, Infocom, ICDCS, and AsiaCCS. He was elected as a senior IEEE member in 2021, and his Google scholar citation is over 6700 (h-index of 36) as of Sep. 2022.

Zhang's research lies in developing new algorithms and toolkits for time efficient and scalable data management and the theory of data-intensive parallel/distributed computing. His recent research on highly efficient interactive graph analytic and novel graph database techniques are published by top-tier conferences and prestigious journals, including SIGMOD, VLDB, TKDE, etc.

To learn more, contact Yang at kyang3@memphis.edu or Zhang at xiaofei.zhang@memphis.edu.