You are here
4a. Large-scale Computing Distributed Intrusion Detection System
Phone: (310) 320-3088
Phone: (310) 320-3088
The Department of Energy facilities, centers, infrastructure, and resources are designed to be easily accessible to users over a worldwide network, while ensuring the performance of the important tasks of effective cybersecurity monitoring, situational awareness, logging, reporting, intrusion prevention, remediation, etc. Although many existing cybersecurity (detection or prevention) software tools have been developed, all of them have limitations and, thus, cannot deliver protection against cyberattacks in large- scale systems: Cybersecurity in a high-performance computing environment is still an open problem. A new approach must be developed that provides more intelligent shields to fend off known and new generation cyberattacks to help secure high-performance computing facilities, infrastructure, or large-scale distributed systems. The proposed high-performance distributed intrusion detection system integrates advanced machine- learning-based anomaly detection and a prediction framework, an existing intrusion response engine, and an interactive graphical user interface. These provide the artificial intelligence needed for the monitoring of network traffic and/or hosts in high-performance computing clusters and accurate detection, classification, and mitigation of known and new cyberattacks in real time. The new plug-and-play tool allows for continuous cybersecurity information processing by an analyzer using advanced deep machine learning and prediction algorithms, and making intrusion detection decisions, which are passed in the form of alerts to an existing intrusion response mechanism to mitigate detected attacks. A large-scale distributed intrusion detection system architecture, framework, and algorithms were developed, and system performance was evaluated using identified performance metrics. The feasibility of the approach was demonstrated by assembling and testing a technology readiness level-4 prototype. The prototype (simulating the real high-performance computing cluster and network) demonstrated the capability to detect attack patterns and predict attacks in real time in a large-bandwidth (100 Gbps) network using real-life and test network traffic data obtained from government programs. In Phase II, the system design, methods, and algorithms for detection, classification, and response to known and new cyberattacks in high-performance computing environments will be scaled up for use in existing clusters and high-bandwidth networks. A practical large-scale system prototype capable of defending high- performance computing systems in real time will be developed and assembled; and its capabilities and performance will be demonstrated in a representative environment using real-life datasets. The prototype will be able to detect/protect high-performance computing systems against known and new cyberattacks, including attacks on multiple layers, that are undetectable by existing intrusion detection systems. The proposed technology is expected to have widespread applications in cybersecurity, including secure high-performance computing facilities and enterprise-scale networks, and in computing systems that are used for critical data processing (e.g., in financial and healthcare services). Cyberattacks cost several trillions of dollars worldwide annually. The proposed intrusion detection/prevention system will provide real- time defense against known and new cyberattacks.
* Information listed above is at the time of submission. *