Improving Cyber Security Using AI within an HPC Environment
Near-peer adversaries in the Pacific theater continue to pose significant threats to DoD cyber infrastructure. Intrusion detection systems (IDS) provide a powerful front line of defense against cyber-attacks. While the application of Artificial Intelligence (AI) has significantly improved IDS capabilities of monitoring network traffic at scale, the AI models often require large quantities of high-quality, labeled data to properly train and fine tune. Unfortunately, collecting high-quality data faces three critical challenges. First, collecting data from highly accurate network simulations is costly and, therefore, labeled data is often collected from toy network topologies using severely limited packet data. Second, labeled data is often collected with a presupposition of a particular feature space or protocol of interest and, thus, does not extend or generalize to other domains. Moreover, the labeled data is seldom at the packet level, making automated simulation of attacks extremely difficult. Lastly, collecting labeled data is often limited to a small subset of, usually obsolete, cyber-attacks that don’t reflect the true contemporary landscape of cyber threats. The Maui High Performance Computing Center (MHPCC), in collaboration with the National Cyber Range Complex (NCRC), has begun the critical process overcoming these challenges by building the necessary infrastructure of capturing high-quality cyber-attack data at the packet level across the MITRE ATTACK framework. Leveraging HPC resources, network traffic data is captured and stored from real-world networks. This captured data is then used by the NCRC to simulate highly realistic networks within a cyber test range, where cyber-attacks are executed and properly labeled using expert cyber teams. The labeled data can then be used to better measure model performance and train new, more powerful supervised learning models within an HPC environment. The results, thus far, have proven the viability of the proposed framework, demonstrating how HPC resources can play a pivotal role in improving cyber security by expanding IDS capabilities across the MITRE ATTACK framework.
PRESENTER
Trevino, Robert
rtrevino@aicollaborations.com
480-628-7347
Maui High Performance Computing Center
CO-AUTHOR
Farina, John
John.farina@us.af.mil
Ramos, Glenda
glenda.ramos.ctr@mhpcc.hpc.mil
Mihaylova, Alexandra
alexandra.mihaylova.1@spaceforce.mil
Abella, Terric
terric.abella.ctr@mhpcc.hpc.mil
CATEGORY
Artificial Intelligence / Machine Learning usage for HPC Applications
SYSTEMS USED
Reef, Edge Nodes
SECRET
No