Improving Cyber Security Using AI within an HPC Environment

Near-peer adversaries in the Pacific theater continue to pose significant threats to DoD cyber infrastructure. Intrusion detection systems (IDS) provide a powerful front line of defense against cyber-attacks. While the application of Artificial Intelligence (AI) has significantly improved IDS capabilities of monitoring network traffic at scale, the AI models often require large quantities of high-quality, labeled data to properly train and fine tune. Unfortunately, collecting high-quality data faces three critical challenges. First, collecting data from highly accurate network simulations is costly and, therefore, labeled data is often collected from toy network topologies using severely limited packet data. Second, labeled data is often collected with a presupposition of a particular feature space or protocol of interest and, thus, does not extend or generalize to other domains. Moreover, the labeled data is seldom at the packet level, making automated simulation of attacks extremely difficult. Lastly, collecting labeled data is often limited to a small subset of, usually obsolete, cyber-attacks that don’t reflect the true contemporary landscape of cyber threats. The Maui High Performance Computing Center (MHPCC), in collaboration with the National Cyber Range Complex (NCRC), has begun the critical process overcoming these challenges by building the necessary infrastructure of capturing high-quality cyber-attack data at the packet level across the MITRE ATTACK framework. Leveraging HPC resources, network traffic data is captured and stored from real-world networks. This captured data is then used by the NCRC to simulate highly realistic networks within a cyber test range, where cyber-attacks are executed and properly labeled using expert cyber teams. The labeled data can then be used to better measure model performance and train new, more powerful supervised learning models within an HPC environment. The results, thus far, have proven the viability of the proposed framework, demonstrating how HPC resources can play a pivotal role in improving cyber security by expanding IDS capabilities across the MITRE ATTACK framework.

PRESENTER

Trevino, Robert
rtrevino@aicollaborations.com
480-628-7347

Maui High Performance Computing Center

CO-AUTHOR

Farina, John
John.farina@us.af.mil

Ramos, Glenda
glenda.ramos.ctr@mhpcc.hpc.mil

Mihaylova, Alexandra
alexandra.mihaylova.1@spaceforce.mil

Abella, Terric
terric.abella.ctr@mhpcc.hpc.mil

CATEGORY

Artificial Intelligence / Machine Learning usage for HPC Applications

SYSTEMS USED

Reef, Edge Nodes

SECRET

No