Recently, Inspur and Qihoo 360 optimized the neural network algorithm with acceleration technique, aiming to provide stronger traffic characteristics analysis ability for enterprise network security, and expect to eventually achieve intelligent traffic identification means.
Cyber Security concerns under rapid development of Internet
According to the latest statistics, the world’s Internet users in 2015 has exceeded 3 billion persons, which is nearly 50% of the world’s total population, in 2015, nearly 4.9 billion devices were connected to the Internet, in 2020, this figure will reach 26 billion.
Rapid development of Internet brings more network security concerns, according to the statistics, in 2014, nearly 80,000 companies around the world were hacked, and among them, 2,122 companies were forced to admit that their key data were stolen, global 500 companies got trapped in on a large scale, involving more than 60 countries. These security issues have extremely bad influence on enterprises themselves, and also seriously influence relevant personal life. Take security incident suffered by AshleyMadison, an extramarital dating website, as an example, the leakage of a large number of users’ data and internal data of company triggered panic around the world, 3.7 million users’ information was disclosed which even led to users’ suicides.
Network security has been always one which Qihoo 360 takes very seriously, to Qihoo 360, visible threats and vulnerabilities are easy to prevent, however, with the advanced development of science and technology, enterprise network security are facing invisible threats and vulnerabilities. Qihoo 360 has been always adhering to the concept of “Let the threat be visible”, for the purpose of the above, Qihoo 360 will track and check the threats and vulnerabilities using creative technology.
Deep learning, successor of “manual analysis”
Traffic identification is the basis of network security, the traditional traffic identification mainly adopts the manual analysis, which is time consuming and may be influenced by personal experience and ability. Now, the enterprise security department of Qihoo 360 is facing hundreds of millions of amount of recorded data every day, while the traditional manual analysis method cannot cope with the rapid growth of Internet data speed, and this is the motivation for Qihoo 360 to introduce the artificial neural network algorithm of deep learning to security domain.
The artificial neural network algorithm is a technology system simulating the structure and function of human brain neural network by using engineering technology method, and is a massively parallel nonlinear dynamical system. Neural network has achieved significant achievements in many actual application fields with its unique structure and method of processing information, such as image processing, signal processing, pattern recognition, robot control and protocol analysis.
Qihoo360 finds that the traffic identification has the same range of code in neural network with common deep learning image identification through test, which also further verifies that traffic identification can adopt the neural network system.
After verifying that the traffic identification can adopt the neural network for detection, Qihoo 360 designs a deep 5-7 layer neural network, which can automatically learn characteristics and identify 50-80 protocols in daily data. Now, the overall accuracy of test of this set of deep learning system on actual data has exceeded 99%, which is the industry leading level.
However, robot needs to calculate a large number of training data during learning, which is very time consuming. The reason for this embarrassing situation is that the execution time of CPU serial program is very long, and often only conducts small scale calculation, which cannot cope with the large number of data generated from Internet. In this circumstance, the parallel optimization of serial program by GPU co-processor can significantly improve the efficiency of calculation, thus meeting the requirements from neural network in practice.
270 times Acceleration
After determining the direction of technology efforts, Qihoo 360 cooperated with Inspur and jointly set up the special joint project team to find the bottle-neck for processing speed of system.Inspur has very rich project experience in heterogeneous computing application optimization. Familiar with correlation algorithm of deep learning of Internet, it has a team for professional deep learning application development and heterogeneous application optimization, which has provided application optimization service for many domestic Internet enterprises.
Inspur and Qihoo 360 established an integrated safety analysis platform design scheme from the hardware to software, comprehensively utilizing system resources such as GPU computing device, memory, disk and network to maximize the improvement of overall effectiveness of software.
Finally, through joint efforts of both sides, the time for the original serial program to run 3,000 samples under single GPU and single node was shortened to about 7s compared to more than 10min before optimization. The time for training 240,000 samples under 4GPU and single node was accelerated by 3 times compared to under single GPU and single node, finally, the 4GPU card program performance of single unit was accelerated by 270 times compared to original serial program, which dramatically reduced the computing time, and the program after optimization could process large-scale data under hardware condition with small memory.
The person of Qihoo 360 responsible for enterprise security said, the cooperation with Inspur brought GPU computing potential into full play, which greatly saved the time of network traffic identification, providing the technical support for Qihoo 360 to create a better user experience and more secure network space. In the future, Qihoo 360 will have large-scale cooperation with Inspur on deep learning heterogeneous application optimization to let this set of neural network of traffic identification be comprehensively applied to enterprise security business of Qihoo 360.
If the judgment of unknown threats and vulnerabilities represents the maximum ability of security vendor, the ability of intelligent identification of unknown vulnerabilities is the strongest “security guard” for each user. Even though the software to detect malicious program by independent learning is far from successful, if it is developed successfully, the rules of the game of the whole counter network threat action will be changed – from “Mend the fold after a sheep is lost” to “Take precautions”.