KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis of Traffic and Attack Frequency in the NURION Supercomputing Service Network

누리온 슈퍼컴퓨팅서비스 네트워크에서 트래픽 및 공격 빈도 분석

  • 이재국 (한국과학기술정보연구원 슈퍼컴퓨팅인프라센터) ;
  • 김성준 (한국과학기술정보연구원 슈퍼컴퓨팅인프라센터) ;
  • 홍태영 (한국과학기술정보연구원 슈퍼컴퓨팅인프라센터)
  • Received : 2019.12.31
  • Accepted : 2020.01.16
  • Published : 2020.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

KISTI(Korea Institute of Science and Technology Information) provides HPC(High Performance Computing) service to users of university, institute, government, affiliated organization, company and so on. The NURION, supercomputer that launched its official service on Jan. 1, 2019, is the fifth supercomputer established by the KISTI. The NURION has 25.7 petaflops computation performance. Understanding how supercomputing services are used and how researchers are using is critical to system operators and managers. It is central to monitor and analysis network traffic. In this paper, we briefly introduce the NURION system and supercomputing service network with security configuration. And we describe the monitoring system that checks the status of supercomputing services in real time. We analyze inbound/outbound traffics and abnormal (attack) IP addresses data that are collected in the NURION supercomputing service network for 11 months (from January to November 1919) using time series and correlation analysis method.

한국과학기술정보연구원은 대용량 데이터를 초고속으로 생산·처리·활용할 수 있는 국가슈퍼컴퓨팅시스템을 구축·운영하여 사용자(대학, 연구소, 정부 및 산하기관, 기업체 등)에게 HPC(High Performance Computing) 서비스를 제공하고 있다. 2019년 1월 1일 공식 서비스를 개시한 국가슈퍼컴퓨터 누리온은 한국과학기술정보연구원에서 5번째로 구축한 시스템으로 이론성능 25.7 페타플롭스를 갖는다. 시스템 운영자나 사용자의 관점에서 슈퍼컴퓨터의 사용 방법과 운영 방식을 이해하는 것은 매우 중요하다. 이를 이해하는 작업은 네트워크 트래픽을 모니터링하고 분석하는 것에서 시작된다. 본 논문에서는 누리온 시스템과 슈퍼컴퓨팅서비스 네트워크 및 보안 구성에 대하여 간략히 소개한다. 그리고 슈퍼컴퓨팅서비스 현황을 실시간으로 확인하기 위한 모니터링 체계를 기술하고 서비스를 시작하고 11개월(2019년 1월~11월) 동안 수집된 슈퍼컴퓨팅서비스 네트워크의 인바운드 및 아웃바운드 트래픽과 비정상행위(공격) 탐지 IP 개수에 대한 시계열 및 상관관계 분석을 수행한다.

Keywords

References

  1. KISTI National Supercomputing Center [Internet], https://www.ksc.re.kr
  2. Bu Young Ahn, Ji Hoon Jang, Sun Il Ahn, Myung Il Kim, Noo Ri On, Jong Hyun Hong, and Sik Lee, “Study of High Performance Computing Activation Strategy,” International Journal of Multimedia and Ubiquitous Engineering, Vol. 9, No. 6, pp. 59-66, 2014. https://doi.org/10.14257/ijmue.2014.9.6.07
  3. Jae-Kook Lee, Sung-Jun Kim, Chan Yeol Park, Taeyoung Hong, and Huiseung Chae, “Heavy-Tailed Distribution of the SSH Brute-Force Attack Duration in a Multi-user Environment,” Journal of the Korean Physical Society, Vol. 69, No. 2, pp. 253-258, Jul. 2016. https://doi.org/10.3938/jkps.69.253
  4. Jae-Kook Lee, Sung-Jun Kim, and Taeyoung Hong, “Bruteforce Attacks Analysis against SSH in HPC Multi-user Service Environment,” Indian Journal of Science and Technology, Vol. 9, No. 24, pp. 1-4, Jun. 2016.
  5. Jae-Kook Lee, Sung-Jun Kim, Joon Woo, and Chan Yeol Park, “Analysis and Response of SSH Brute Force Attacks in Multi-user Computing Environment,” KIPS Transactions on Computer and Communication Systems, Vol. 4, No. 6, pp. 205-212, Jun. 2015. https://doi.org/10.3745/KTCCS.2015.4.6.205
  6. Alessandro D’Alconzo, Idilio Drago and Andrea Morichetta, “A Survey on Big Data for Network Traffic Monitoring and Analysis,” IEEE Transactions on Network and Service Management, Vol. 16, No. 3, pp. 800-813, Sep. 2019. https://doi.org/10.1109/TNSM.2019.2933358
  7. A. Callado, Carlos Kamienski, Geza Szabo, Balazs Peter Gero, Judith Kelner, Stenio Fernandes, and Djamel Sadok, “A survey on Internet traffic identification,” IEEE Commun. Surveys Trts., Vol. 11, No. 3, pp. 37-52, 2009. https://doi.org/10.1109/SURV.2009.090304
  8. I. Drago, M. Mellia, and M. Crovella, "Studying interdomain routing over long timescales," Proceedings of the 2013 Conference on Internet Measurement Conference, Oct. 2013.
  9. Sung-Jun Kim and Taeyoung Hong, "Implementation supercomputer system dashboard using RESTful API," The KIPS Fall Conference 2019, Vol. 26, No. 2, Nov. 2019.
  10. Donghwoon Kwon, Hyunjoo Kim, Jinoh Kim, Sang C. Suh, Ikkyun Kim, and Kuinam J. Kim, “A Survey of Deep Learning-based Network Anomaly Detection,” Cluster Computing Journal, Vol. 22, No. 1, pp. 949-961, 2019. https://doi.org/10.1007/s10586-017-1117-8
  11. Mukrimah Nawir, Amiza Amir, Naimah Yaakob, and Ong Bi Lynn, “Effective and efficient network anomaly detection system using machine learning algorithm,” Bulletine of Electrical Engineering and Informatics, Vol. 8, No. 1, pp. 46-51, Mar. 2019. https://doi.org/10.11591/eei.v8i1.1387
  12. R. Artusi, P. Verderio, and E. Marubini, “Bravais-Pearson and Spearman correlation coefficients: meaning, test of hypothesis and confidence interval,” The International Journal of Biological Markers, Vol. 17, No. 2, pp. 148-151, 2002. https://doi.org/10.1177/172460080201700213
  13. Douglas G. Bonett and Thomas A. Wright, “Sample size requirements for estimating pearson, kendall and spearman correlations,” Psychometrika, Vol. 65, No. 1, pp. 23-28, Mar. 2000 https://doi.org/10.1007/BF02294183
  14. Thuy T.T. Nguyen, and Grenville Armitage, “A survey of techniques for internet traffic classification using machine learning,” IEEE Communications Surveys & Tutorials, Vol. 10, No. 4, pp. 56-76, 2008. https://doi.org/10.1109/SURV.2008.080406