Arhuaco: Deep Learning and Isolation Based Security for Distributed High-Throughput Computing

TL;DR

Arhuaco is a security system combining Linux Containers and Deep Learning to detect and prevent intrusions in distributed High-Throughput Computing environments, demonstrated on the LHC Grid.

Contribution

It introduces an integrated security approach using isolation and deep learning, including generative models, for real-time intrusion detection in grid computing.

Findings

Outperforms existing intrusion detection methods

Effective use of generative RNNs to enhance datasets

Validated on ALICE Collaboration Grid

Abstract

Grid computing systems require innovative methods and tools to identify cybersecurity incidents and perform autonomous actions i.e. without administrator intervention. They also require methods to isolate and trace job payload activity in order to protect users and find evidence of malicious behavior. We introduce an integrated approach of security monitoring via Security by Isolation with Linux Containers and Deep Learning methods for the analysis of real time data in Grid jobs running inside virtualized High-Throughput Computing infrastructure in order to detect and prevent intrusions. A dataset for malware detection in Grid computing is described. We show in addition the utilization of generative methods with Recurrent Neural Networks to improve the collected dataset. We present Arhuaco, a prototype implementation of the proposed methods. We empirically study the performance of our technique. The results show that Arhuaco outperforms other methods used in Intrusion Detection Systems for Grid Computing. The study is carried out in the ALICE Collaboration Grid, part of the Worldwide LHC Computing Grid.