Presentation
Dynamic Factor Graphs for Attack Preemption
DescriptionPreempting attacks that target supercomputing systems before damage is done remains a top security priority. The main challenge is that noisy attack attempts and unreliable alerts often mask \emph{real attacks}, causing permanent damage such as system integrity violations and data breaches. This paper describes a security testbed embedded in the live traffic of a supercomputer at the National Center for Supercomputing Applications (NCSA). Deployment of our testbed at NCSA enabled the following key contributions:
1) Insights from characterizing unique \textit{attack patterns} found in real security logs of 228 security incidents curated in the past two decades at NCSA.
2) Deployment of an attack visualization tool to illustrate the challenges of identifying real attacks in high-performance computing (HPC) environments and to support security operators in interactive attack analyses.
3) Demonstration of the utility of the testbed by running dynamic models, such as factor-graph-based models, to preempt a real-world ransomware family.
1) Insights from characterizing unique \textit{attack patterns} found in real security logs of 228 security incidents curated in the past two decades at NCSA.
2) Deployment of an attack visualization tool to illustrate the challenges of identifying real attacks in high-performance computing (HPC) environments and to support security operators in interactive attack analyses.
3) Demonstration of the utility of the testbed by running dynamic models, such as factor-graph-based models, to preempt a real-world ransomware family.
Event Type
Workshop
TimeSunday, 16 November 20254:15pm - 4:35pm CST
Location242