TY - GEN
T1 - Security Testbed for Preempting Attacks against Supercomputing Infrastructure
AU - Cao, Phuong
AU - Kalbarczyk, Zbigniew
AU - Iyer, Ravishankar K.
N1 - The authors would like to thank NCSA staff for continuous support in data analysis and testbed deployment; Coordinated Science Lab, Department of Electrical and Computer Engineering, and Siebel School of Computing and Data Science faculty and students for engaging in discussions and initial measurement of attack attempts; NSF for funding part of the main author's research as part of the XSEDE (Extreme Science and Engineering Discovery Environment) program; the TrustedCI leadership team; and other TrustedCI fellows and community members for their valuable feedback and support.
PY - 2024
Y1 - 2024
N2 - Preempting attacks targeting supercomputing systems before damage remains the top security priority. The main challenge is that noisy attack attempts and unreliable alerts often mask real attacks, causing permanent damages such as system integrity violations and data breaches. This paper describes a security testbed embedded in live traffic of a supercomputer at the National Center for Supercomputing Applications (NCSA). The objective is to demonstrate attack preemption, i.e., stopping system compromise and data breaches at petascale supercomputers. Deployment of our testbed at NCSA enables the following key contributions:1)Insights from characterizing unique attack patterns found in real security logs of more than 200 security incidents curated in the past two decades at NCSA.2)Deployment of an attack visualization tool to illustrate the challenges of identifying real attacks in HPC environments and to support security operators in interactive attack analyses.3)Demonstrate the testbed's utility by running novel models, such as Factor Graph-Based models, to preempt a real-world ransomware family.Our results are broadly applicable to other supercomputing and high-performance computing centers.
AB - Preempting attacks targeting supercomputing systems before damage remains the top security priority. The main challenge is that noisy attack attempts and unreliable alerts often mask real attacks, causing permanent damages such as system integrity violations and data breaches. This paper describes a security testbed embedded in live traffic of a supercomputer at the National Center for Supercomputing Applications (NCSA). The objective is to demonstrate attack preemption, i.e., stopping system compromise and data breaches at petascale supercomputers. Deployment of our testbed at NCSA enables the following key contributions:1)Insights from characterizing unique attack patterns found in real security logs of more than 200 security incidents curated in the past two decades at NCSA.2)Deployment of an attack visualization tool to illustrate the challenges of identifying real attacks in HPC environments and to support security operators in interactive attack analyses.3)Demonstrate the testbed's utility by running novel models, such as Factor Graph-Based models, to preempt a real-world ransomware family.Our results are broadly applicable to other supercomputing and high-performance computing centers.
KW - Factor Graphs
KW - Network Intrusion Preemption
KW - Probabilistic Graphical Models
UR - http://www.scopus.com/inward/record.url?scp=85217161857&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85217161857&partnerID=8YFLogxK
U2 - 10.1109/SCW63240.2024.00223
DO - 10.1109/SCW63240.2024.00223
M3 - Conference contribution
AN - SCOPUS:85217161857
T3 - Proceedings of SC 2024-W: Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis
SP - 1781
EP - 1788
BT - Proceedings of SC 2024-W
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2024 Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis, SC Workshops 2024
Y2 - 17 November 2024 through 22 November 2024
ER -