Combining Machine Learning and Supercomputing to Ferret out Phishing Attacks

By Doug Black

May 23, 2019

The relentless ingenuity that drives cyber hacking is a global engine that knows no rest. Anyone with a laptop and run-of-the-mill computer smarts can buy or rent a phishing kit and start attacking – or it can be done by professionals with increasingly devious techniques. For cyber-crooks, it’s a numbers game: the one in 10,000 user fooled into opening an email and updating a password on a “deep fake” e-commerce site – or, say, a fake IRS site – is a hacker win.

Webroot, Broomfield, Colo., combines machine learning with supercomputing to take on phishing, malware and other cyber frauds, while compiling – and growing – a threat intelligence database in machine readable format containing tens of millions of clues signaling illegitimate websites.

According to Webroot CTO Hal Lonas, phishing is the most common cybersecurity threat, and the phishing attack landscape is becoming increasingly complex.

“It used to be that attack campaigns would get launched and last for days or weeks,” Lonas said in an interview with us earlier this month. “Now the bad guys set up a phishing campaign and run it for literally minutes, then they get some people to click on (a fake website)… Then they take it down so they can’t be caught, so the security vendors and authorities don’t catch up with them…, the bad guys take them down before they can be discovered.”

Along with faster phishing timeframes, hackers also have “upped the fidelity,” the apparent authenticity of phishing sites. “You can’t tell anymore if you’re not going to a legit site like eBay or Microsoft or Google…, you can’t tell the difference anymore.”

Lonas said Webroot for years has used machine learning to classify the web and to classify files for threat detection, typically using AWS- and on prem-based compute capabilities. Data is collected from tens of millions of end users whose companies purchase Webroot security solutions through the company’s 90 OEM partners. As the volume of phishing data has risen along with the accelerated spinning up-tearing down of phishing campaigns, the company found itself unable to keep up with the rapid pace, despite dedicating more compute resources to the problem.

“We found it was taking us days to turn around a new machine learning model to catch phishing attacks, and it was slower than we wanted to go.”

The goal was to update Webroot’s phishing models several times per day. Enter Comet, a 2.76 (peak) petaflops system at the San Diego Supercomputer Center. Comprised of 1,944 Intel Haswell Xeon nodes along with 36 Nvidia K80 GPUs, 36 P100 Nvidia GPUs and 634 TB of flash memory.

Webroot has used Comet for about two years, and Lonas said training cycles have been cut from what had been three to five days using conventional computing to three to five hours using Comet. That means that instead of running their models once or twice a week, they can now do it as often as several times a day. “When we’re most active, we’ll do a morning, noon and night-time run at the San Diego Supercomputer Center; that’s how fast we can turn it around,” said Lonas.

The complexity of the workload stems from the tens of millions of features – indicators of potential threats – a number that continually expands.

“The way we organize our (database) is that every instance of our product is not only benefiting from the threat intelligence we can provide to protect customers, it’s also acting as a threat telemetry sensor,” Lonas said. “So if you’ve got an instance of the Webroot endpoint agent installed on your computer and you browse a website we’ve never seen before, or you get downloaded to your computer certain information you’ve never seen before, that telemetry goes to our cloud. We continually learn about what’s happening on the internet from user behavior. We’re very careful to protect our users from a privacy standpoint, but the threat telemetry information goes to our clouds so we can retrain models.”

Lonas said traits of suspicious websites that go into the Webroot model include how long the site has existed (the shorter the more suspicious), IP addresses that are known to be bad, the type of server the site is on and whether the site registrar is the same as known bad sites. Other indicators include graphics, images and logos that look real but the internal links and the IP addresses don’t line up with known information from the legitimate site.

On the daily inferencing side of the equation, Lonas said Webroot does “several hundred million checks” against its database in search of phishing activity based on the web activity of 50 to 60 million end users globally. He said Webroot identifies between 2,000 and 6,000 phishing sites every day – sites that are fed back into the machine learning model for updated training.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

DNA Data Storage Innovation Reduces Write Times, Boosts Density

September 20, 2019

Storing digital data inside of DNA has been an idea since the 1960s, and recent developments have addressed some of the obstacles facing its scaled implementation. Now, researchers at the Technion-Israel Institute of Technology and the Interdisciplinary Center Herzliya have crossed another major milestone by using new techniques to store 10 petabytes of data in one gram of DNA. Read more…

By Oliver Peckham

IBM Opens Quantum Computing Center; Announces 53-Qubit Machine

September 19, 2019

Gauging progress in quantum computing is a tricky thing. IBM yesterday announced the opening of the IBM Quantum Computing Center in New York, with five 20-qubit systems up and running and a 53-qubit system expected to go Read more…

By John Russell

Kubernetes, Containers and HPC

September 19, 2019

Software containers and Kubernetes are important tools for building, deploying, running and managing modern enterprise applications at scale and delivering enterprise software faster and more reliably to the end user — while using resources more efficiently and reducing costs. Read more…

By Daniel Gruber,Burak Yenier and Wolfgang Gentzsch, UberCloud

AWS Solution Channel

A Guide to Discovering the Best AWS Instances and Configurations for Your HPC Workload

The flexibility and heterogeneity of HPC cloud services provide a welcome contrast to the constraints of on-premises HPC. Every HPC configuration is potentially accessible to any given workload in a well-resourced cloud HPC deployment, with vast scalability to spin up as much compute as that workload demands in any given moment. Read more…

HPE Extreme Performance Solutions

Intel FPGAs: More Than Just an Accelerator Card

FPGA (Field Programmable Gate Array) acceleration cards are not new, as they’ve been commercially available since 1984. Typically, the emphasis around FPGAs has centered on the fact that they’re programmable accelerators, and that they can truly offer workload specific hardware acceleration solutions without requiring custom silicon. Read more…

IBM Accelerated Insights

Rumors of My Death Are Still Exaggerated: The Mainframe

[Connect with Spectrum users and learn new skills in the IBM Spectrum LSF User Community.]

As of 2017, 92 of the world’s top 100 banks used mainframes. Read more…

The European Processor Initiative’s Ambitious Vision of the Future

September 19, 2019

With the EuroHPC program well underway, much of the European Union’s ambition to be a leader in the exascale era rests with the European Processor Initiative (EPI). The project – which has a budget of roughly €160 Read more…

By Oliver Peckham

IBM Opens Quantum Computing Center; Announces 53-Qubit Machine

September 19, 2019

Gauging progress in quantum computing is a tricky thing. IBM yesterday announced the opening of the IBM Quantum Computing Center in New York, with five 20-qubit Read more…

By John Russell

Kubernetes, Containers and HPC

September 19, 2019

Software containers and Kubernetes are important tools for building, deploying, running and managing modern enterprise applications at scale and delivering enterprise software faster and more reliably to the end user — while using resources more efficiently and reducing costs. Read more…

By Daniel Gruber,Burak Yenier and Wolfgang Gentzsch, UberCloud

The European Processor Initiative’s Ambitious Vision of the Future

September 19, 2019

With the EuroHPC program well underway, much of the European Union’s ambition to be a leader in the exascale era rests with the European Processor Initiative Read more…

By Oliver Peckham

When in Rome: AMD Announces New Epyc CPU for HPC, Server and Cloud Wins

September 18, 2019

Where else but Rome could AMD hold the official Europe launch party for its second generation of Epyc microprocessors, codenamed Rome. Today, AMD did just that announcing key server wins, important cloud provider wins... Read more…

By John Russell

Dell’s AMD-Powered Server Line Targets High-End Jobs

September 17, 2019

Dell Technologies rolled out five new servers this week based on AMD’s latest Epyc processor that are geared toward data-driven workloads running on increasin Read more…

By George Leopold

Cerebras to Supply DOE with Wafer-Scale AI Supercomputing Technology

September 17, 2019

Cerebras Systems, which debuted its wafer-scale AI silicon at Hot Chips last month, has entered into a multi-year partnership with Argonne National Laboratory and Lawrence Livermore National Laboratory as part of a larger collaboration with the U.S. Department of Energy... Read more…

By Tiffany Trader

IDAS: ‘Automagic’ HPC With Training Wheels

September 12, 2019

High-performance computing (HPC) for research is notorious for having steep barriers to entry. For this reason, high-tech disciplines were early adopters, have Read more…

By Elizabeth Leake

Univa Brings Cloud Automation to Slurm Users with Navops Launch 2.0

September 11, 2019

Univa, the company behind Grid Engine, announced today its HPC cloud-automation platform NavOps Launch will support the popular open-source workload scheduler Slurm. With the release of NavOps Launch 2.0, “Slurm users will have access to the same cloud automation capabilities... Read more…

By Tiffany Trader

High Performance (Potato) Chips

May 5, 2006

In this article, we focus on how Procter & Gamble is using high performance computing to create some common, everyday supermarket products. Tom Lange, a 27-year veteran of the company, tells us how P&G models products, processes and production systems for the betterment of consumer package goods. Read more…

By Michael Feldman

Supercomputer-Powered AI Tackles a Key Fusion Energy Challenge

August 7, 2019

Fusion energy is the Holy Grail of the energy world: low-radioactivity, low-waste, zero-carbon, high-output nuclear power that can run on hydrogen or lithium. T Read more…

By Oliver Peckham

AMD Verifies Its Largest 7nm Chip Design in Ten Hours

June 5, 2019

AMD announced last week that its engineers had successfully executed the first physical verification of its largest 7nm chip design – in just ten hours. The AMD Radeon Instinct Vega20 – which boasts 13.2 billion transistors – was tested using a TSMC-certified Calibre nmDRC software platform from Mentor. Read more…

By Oliver Peckham

TSMC and Samsung Moving to 5nm; Whither Moore’s Law?

June 12, 2019

With reports that Taiwan Semiconductor Manufacturing Co. (TMSC) and Samsung are moving quickly to 5nm manufacturing, it’s a good time to again ponder whither goes the venerable Moore’s law. Shrinking feature size has of course been the primary hallmark of achieving Moore’s law... Read more…

By John Russell

DARPA Looks to Propel Parallelism

September 4, 2019

As Moore’s law runs out of steam, new programming approaches are being pursued with the goal of greater hardware performance with less coding. The Defense Advanced Projects Research Agency is launching a new programming effort aimed at leveraging the benefits of massive distributed parallelism with less sweat. Read more…

By George Leopold

Cray Wins NNSA-Livermore ‘El Capitan’ Exascale Contract

August 13, 2019

Cray has won the bid to build the first exascale supercomputer for the National Nuclear Security Administration (NNSA) and Lawrence Livermore National Laborator Read more…

By Tiffany Trader

AMD Launches Epyc Rome, First 7nm CPU

August 8, 2019

From a gala event at the Palace of Fine Arts in San Francisco yesterday (Aug. 7), AMD launched its second-generation Epyc Rome x86 chips, based on its 7nm proce Read more…

By Tiffany Trader

Ayar Labs to Demo Photonics Chiplet in FPGA Package at Hot Chips

August 19, 2019

Silicon startup Ayar Labs continues to gain momentum with its DARPA-backed optical chiplet technology that puts advanced electronics and optics on the same chip Read more…

By Tiffany Trader

Leading Solution Providers

ISC 2019 Virtual Booth Video Tour

CRAY
CRAY
DDN
DDN
DELL EMC
DELL EMC
GOOGLE
GOOGLE
ONE STOP SYSTEMS
ONE STOP SYSTEMS
PANASAS
PANASAS
VERNE GLOBAL
VERNE GLOBAL

Nvidia Embraces Arm, Declares Intent to Accelerate All CPU Architectures

June 17, 2019

As the Top500 list was being announced at ISC in Frankfurt today with an upgraded petascale Arm supercomputer in the top third of the list, Nvidia announced its Read more…

By Tiffany Trader

Top500 Purely Petaflops; US Maintains Performance Lead

June 17, 2019

With the kick-off of the International Supercomputing Conference (ISC) in Frankfurt this morning, the 53rd Top500 list made its debut, and this one's for petafl Read more…

By Tiffany Trader

A Behind-the-Scenes Look at the Hardware That Powered the Black Hole Image

June 24, 2019

Two months ago, the first-ever image of a black hole took the internet by storm. A team of scientists took years to produce and verify the striking image – an Read more…

By Oliver Peckham

Chinese Company Sugon Placed on US ‘Entity List’ After Strong Showing at International Supercomputing Conference

June 26, 2019

After more than a decade of advancing its supercomputing prowess, operating the world’s most powerful supercomputer from June 2013 to June 2018, China is keep Read more…

By Tiffany Trader

Qualcomm Invests in RISC-V Startup SiFive

June 7, 2019

Investors are zeroing in on the open standard RISC-V instruction set architecture and the processor intellectual property being developed by a batch of high-flying chip startups. Last fall, Esperanto Technologies announced a $58 million funding round. Read more…

By George Leopold

Intel Confirms Retreat on Omni-Path

August 1, 2019

Intel Corp.’s plans to make a big splash in the network fabric market for linking HPC and other workloads has apparently belly-flopped. The chipmaker confirmed to us the outlines of an earlier report by the website CRN that it has jettisoned plans for a second-generation version of its Omni-Path interconnect... Read more…

By Staff report

Intel Debuts Pohoiki Beach, Its 8M Neuron Neuromorphic Development System

July 17, 2019

Neuromorphic computing has received less fanfare of late than quantum computing whose mystery has captured public attention and which seems to have generated mo Read more…

By John Russell

Rise of NIH’s Biowulf Mirrors the Rise of Computational Biology

July 29, 2019

The story of NIH’s supercomputer Biowulf is fascinating, important, and in many ways representative of the transformation of life sciences and biomedical res Read more…

By John Russell

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This