Illinois Researchers Sweeten ‘Honeypot’ to Catch, Blacklist Hackers

April 25, 2019

April 25, 2019 — “The supreme art of war is to subdue the enemy without fighting” – Sun Tzu.

This quote inspired Coordinated Science Laboratory (CSL) student Phuong M. Cao and a team from the National Center for Supercomputing Applications (NCSA) to conduct research to understand how programs were being attacked. A paper about that research was accepted by the prestigious USENIX Symposium on Networked Systems Design and Implementation (NSDI).

In order to protect a system from an attack, the defender must know what it’s protecting against. By planting “honeypots,” the researchers were able to attract hackers by setting up phony machines on a large IP space to mimic more than 65,000 servers. Using this method, the group was able to draw in 405 million attack attempts to the honeypot and learn from them.

“Their strategy brought in a lot of the bad guys and after a quick analysis many had their router blacklisted by the NCSA security team,” said Cao’s advisor Ravi Iyer, CSL and Electrical and Computer Engineering (ECE) professor and George and Ann Fisher Distinguished Professor of Engineering. “The clever thing was the students took this information and decided to use the attacks being generated to discover how our system can withstand these attacks.”

The information collected about the attack techniques has already been integrated into security systems at NCSA. Justin Azoff and Alex Withers, both NCSA staff, are working closely with Cao and others to continuously audit and update the technology against ongoing attacks. This partnership shows how practical cybersecurity operations can support research and vice-versa.

“Many people overlook the potential impact of a brute force attack,” said Cao, an ECE graduate student. “Well known data breaches, Citrix for example, are the direct result of an unsecured server being exposed by this type of attack.”

In the case of the Citrix data breach, attackers were able to hack one or more weak passwords within the system that resulted in terabytes of data being exposed. Previously, hackers would use a dictionary and try different words repeatedly until an account was breached; now, Cao says, 6.5 billion passwords are publicly available and used in this brute-force attack styles.

Iyer believes finding a solution to such a common and costly problem was one of the reasons Cao’s paper, written with Subho S. Banerjee, a computer sciences graduate student, Yuming Wu, a fellow ECE student, and Zbigniew Kalbarczyk, an ECE research professor, was accepted by the NSDI symposium committee.

“They demonstrated on an attack style that is very common and now it can be expanded to look at a whole range of potential attacks,” said Iyer. “I think the research is very important and a reason it was accepted at NSDI, which has a notoriously low acceptance rate.”

The NDSI Symposium only selected 49 out of 332 submitted papers. Cao presented the paper and Wu presented a poster on the same project, all of which received wide industry recognition.

“People from Fortune 500 companies were interested in the work,” said Wu. “We had discussions about the details of the work, interest in the deployment of the infrastructure, and interest in future work inspired by this research.”

The original framework for the honeypot, developed by Azoff, is open-sourced and available on NCSA’s GitHub. So far the project has gained more than 400 positive reactions from the online community.

While industry partners are interested in future work, the University of Illinois at Urbana-Champaign’s online network is already benefiting from the software. In a single year, the team’s software has analyzed 405 million attack attempts and at one point prevented more than 57 million in one day. This has resulted in them having the largest dataset of analyzed brute-force attacks to date.

Attacks on Illinois’ network are local, but the analysis of the dataset has been shared with national laboratories and an international university via NCSA’s Shared Intelligence Platform for Protecting our National Cyberinfrastructure (SDAIA). Alerting and collaborating with other sites allows all locations to defend against attacks that have happened at other locations. The honeypot that the team is currently operating has observed attacks coming from 73% of the autonomous systems on the internet. Three-fourths of the internet seems like a lot, but Cao isn’t done yet.

“The future of this work is that we would gain a much larger adoption from other sites, not just in academia but also on the industry sites,” said Cao. “With the expansion of our shared intelligence platform we hope to cover the entire space of the internet. The future of our work is to look at how our approach can be applied to monitor more sophisticated attack activities across all the internet.”


Source: Allison Arp, Coordinated Science Laboratory, via NCSA

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

BlueField SmartNIC Backs Transformation to Bare Metal Kubernetes

May 21, 2019

Hardware vendors are betting the transition to 5G wireless networks supporting myriad connected consumer and industrial devices also will accelerate the shift to heavy-duty bare-metal servers as a way to provision cloud- Read more…

By George Leopold

HPE to Acquire Cray for $1.3B

May 17, 2019

Venerable supercomputer pioneer Cray Inc. will be acquired by Hewlett Packard Enterprise for $1.3 billion under a definitive agreement announced this morning. The news follows HPE’s acquisition nearly three years ago o Read more…

By Doug Black & Tiffany Trader

China Establishes Seventh National Supercomputing Center

May 16, 2019

Chinese media is reporting that China will construct a new National Supercomputer Center in Zhengzhou, in central China's Henan Province. The new Zhengzhou facility will house a 100-petaflops supercomputer and will be ta Read more…

By Staff report

HPE Extreme Performance Solutions

HPE and Intel® Omni-Path Architecture: How to Power a Cloud

Learn how HPE and Intel® Omni-Path Architecture provide critical infrastructure for leading Nordic HPC provider’s HPCFLOW cloud service.

For decades, HPE has been at the forefront of high-performance computing, and we’ve powered some of the fastest and most robust supercomputers in the world. Read more…

IBM Accelerated Insights

Smarter EDA: Leveraging New Technologies for Product Verification

There is perhaps no sector more competitive than the modern electronics industry. Macro-trends, including artificial intelligence, 5G, and the internet of things (IoT), continue to propel dramatic growth. Read more…

Interview with 2019 Person to Watch Ken King

May 16, 2019

Today, as the final installment of our HPCwire People to Watch focus series, we present our interview with Ken King, general manager of OpenPOWER for the IBM Systems Group. Ken is responsible for building and managing t Read more…

By HPCwire Editorial Team

HPE to Acquire Cray for $1.3B

May 17, 2019

Venerable supercomputer pioneer Cray Inc. will be acquired by Hewlett Packard Enterprise for $1.3 billion under a definitive agreement announced this morning. T Read more…

By Doug Black & Tiffany Trader

Deep Learning Competitors Stalk Nvidia

May 14, 2019

There is no shortage of processing architectures emerging to accelerate deep learning workloads, with two more options emerging this week to challenge GPU leader Nvidia. First, Intel researchers claimed a new deep learning record for image classification on the ResNet-50 convolutional neural network. Separately, Israeli AI chip startup Hailo.ai... Read more…

By George Leopold

CCC Offers Draft 20-Year AI Roadmap; Seeks Comments

May 14, 2019

Artificial Intelligence in all its guises has captured much of the conversation in HPC and general computing today. The White House, DARPA, IARPA, and Departmen Read more…

By John Russell

Cascade Lake Shows Up to 84 Percent Gen-on-Gen Advantage on STAC Benchmarking

May 13, 2019

The Securities Technology Analysis Center (STAC) issued a report Friday comparing the performance of Intel's Cascade Lake processors with previous-gen Skylake u Read more…

By Tiffany Trader

Nvidia Claims 6000x Speed-Up for Stock Trading Backtest Benchmark

May 13, 2019

A stock trading backtesting algorithm used by hedge funds to simulate trading variants has received a massive, GPU-based performance boost, according to Nvidia, Read more…

By Doug Black

ASC19: NTHU Returns to Glory

May 11, 2019

As many of you Student Cluster Competition fanatics know by now, Taiwan’s National Tsing Hua University (NTHU) won the gold medal at the recently concluded AS Read more…

By Dan Olds

Intel 7nm GPU on Roadmap for 2021, OneAPI Coming This Year

May 8, 2019

At Intel's investor meeting today in Santa Clara, Calif., the company filled in details of its roadmap and product launch plans and sought to allay concerns about delays of its 10nm chips. In laying out its 10nm and 7nm timelines, Intel revealed that its first 7nm product would be... Read more…

By Tiffany Trader

Ten Great Reasons to Build the 1.5 Exaflops Frontier

May 7, 2019

It’s perhaps obvious that the fundamental reason for building expensive exascale computers is to drive science and industry forward, realizing the resulting b Read more…

By John Russell

Cray, AMD to Extend DOE’s Exascale Frontier

May 7, 2019

Cray and AMD are coming back to Oak Ridge National Laboratory to partner on the world’s largest and most expensive supercomputer. The Department of Energy’s Read more…

By Tiffany Trader

Graphene Surprises Again, This Time for Quantum Computing

May 8, 2019

Graphene is fascinating stuff with promise for use in a seeming endless number of applications. This month researchers from the University of Vienna and Institu Read more…

By John Russell

Why Nvidia Bought Mellanox: ‘Future Datacenters Will Be…Like High Performance Computers’

March 14, 2019

“Future datacenters of all kinds will be built like high performance computers,” said Nvidia CEO Jensen Huang during a phone briefing on Monday after Nvidia revealed scooping up the high performance networking company Mellanox for $6.9 billion. Read more…

By Tiffany Trader

ClusterVision in Bankruptcy, Fate Uncertain

February 13, 2019

ClusterVision, European HPC specialists that have built and installed over 20 Top500-ranked systems in their nearly 17-year history, appear to be in the midst o Read more…

By Tiffany Trader

It’s Official: Aurora on Track to Be First US Exascale Computer in 2021

March 18, 2019

The U.S. Department of Energy along with Intel and Cray confirmed today that an Intel/Cray supercomputer, "Aurora," capable of sustained performance of one exaf Read more…

By Tiffany Trader

Intel Reportedly in $6B Bid for Mellanox

January 30, 2019

The latest rumors and reports around an acquisition of Mellanox focus on Intel, which has reportedly offered a $6 billion bid for the high performance interconn Read more…

By Doug Black

Looking for Light Reading? NSF-backed ‘Comic Books’ Tackle Quantum Computing

January 28, 2019

Still baffled by quantum computing? How about turning to comic books (graphic novels for the well-read among you) for some clarity and a little humor on QC. The Read more…

By John Russell

The Case Against ‘The Case Against Quantum Computing’

January 9, 2019

It’s not easy to be a physicist. Richard Feynman (basically the Jimi Hendrix of physicists) once said: “The first principle is that you must not fool yourse Read more…

By Ben Criger

Leading Solution Providers

SC 18 Virtual Booth Video Tour

Advania @ SC18 AMD @ SC18
ASRock Rack @ SC18
DDN Storage @ SC18
HPE @ SC18
IBM @ SC18
Lenovo @ SC18 Mellanox Technologies @ SC18
NVIDIA @ SC18
One Stop Systems @ SC18
Oracle @ SC18 Panasas @ SC18
Supermicro @ SC18 SUSE @ SC18 TYAN @ SC18
Verne Global @ SC18

Deep Learning Competitors Stalk Nvidia

May 14, 2019

There is no shortage of processing architectures emerging to accelerate deep learning workloads, with two more options emerging this week to challenge GPU leader Nvidia. First, Intel researchers claimed a new deep learning record for image classification on the ResNet-50 convolutional neural network. Separately, Israeli AI chip startup Hailo.ai... Read more…

By George Leopold

Deep500: ETH Researchers Introduce New Deep Learning Benchmark for HPC

February 5, 2019

ETH researchers have developed a new deep learning benchmarking environment – Deep500 – they say is “the first distributed and reproducible benchmarking s Read more…

By John Russell

IBM Bets $2B Seeking 1000X AI Hardware Performance Boost

February 7, 2019

For now, AI systems are mostly machine learning-based and “narrow” – powerful as they are by today's standards, they're limited to performing a few, narro Read more…

By Doug Black

Arm Unveils Neoverse N1 Platform with up to 128-Cores

February 20, 2019

Following on its Neoverse roadmap announcement last October, Arm today revealed its next-gen Neoverse microarchitecture with compute and throughput-optimized si Read more…

By Tiffany Trader

Intel Launches Cascade Lake Xeons with Up to 56 Cores

April 2, 2019

At Intel's Data-Centric Innovation Day in San Francisco (April 2), the company unveiled its second-generation Xeon Scalable (Cascade Lake) family and debuted it Read more…

By Tiffany Trader

France to Deploy AI-Focused Supercomputer: Jean Zay

January 22, 2019

HPE announced today that it won the contract to build a supercomputer that will drive France’s AI and HPC efforts. The computer will be part of GENCI, the Fre Read more…

By Tiffany Trader

In Wake of Nvidia-Mellanox: Xilinx to Acquire Solarflare

April 25, 2019

With echoes of Nvidia’s recent acquisition of Mellanox, FPGA maker Xilinx has announced a definitive agreement to acquire Solarflare Communications, provider Read more…

By Doug Black

Nvidia Claims 6000x Speed-Up for Stock Trading Backtest Benchmark

May 13, 2019

A stock trading backtesting algorithm used by hedge funds to simulate trading variants has received a massive, GPU-based performance boost, according to Nvidia, Read more…

By Doug Black

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This