NSF 2417823: Collaborative Research: CyberTraining: Implementation: Medium: CyberTraining on Accelerating Infrastructure Workloads using Next-Generation SmartNICs/DPUs
- NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
- Award Number: 2417823
- Start Date: August 1, 2024
- End Date: July 31, 2027
- Awarded Amount to Date: $790,000.00
- Investigator(s): Elie Kfoury (Principal Investigator) Ana Hunsinger (Co-Principal Investigator) Jorge Crichigno (Co-Principal Investigator)
- Sponsor: University of South Carolina at Columbia
- NSF Program(s): CyberTraining - Training-based
-
Link to Official Webpage: NSF-2417823
In today's world, most data arrive at compute locations as packets from the network through a Network Interface Card (NIC). Traditional NICs are simple devices attached to a server, used to receive packets from the network and place them in the server's memory. Packets then wait for processing time by the general-purpose processor, or CPU, at the server. Recently, a new generation of NICs, known as SmartNICs, has emerged. SmartNICs allow programmers to offload certain tasks, such as network and security tasks, from the server's CPU to the SmartNIC. They also enable programmers to write customized applications running on the SmartNIC?s domain-specific processors at speeds that may be orders of magnitude faster than those running on the server's CPUs. These capabilities improve data processing performance, enhance security, and reduce the processing load on the server's CPUs. While large cloud providers are now using SmartNICs, campus networks and small- and medium-sized enterprises have yet to fully benefit from their advantages. An important barrier preventing the adoption of SmartNICs is the lack of engaging training materials for cyberinfrastructure contributors and professionals. This project aims to bridge that gap by developing hands-on virtual labs for instruction that are hosted on web-based platforms for easy and broad access. By providing accessible and practical training, the project will lower the barrier to innovation and promote progress on areas such as scientific applications requiring massive data transfers, machine learning relying on high processing speeds, and cybersecurity applications requiring massive traffic inspection.
The project has two overarching goals. The first project goal, contributing to the project's intellectual merit, is to advance the state of the art in SmartNIC training within the research community in order to promote and facilitate the broader adoption of SmartNICs among cyberinfrastructure professionals, contributors, and network owners. The project will develop training material in the form of virtual labs and companion material, including guided experiments and interactive electronic booklets, on technologies related to SmartNICs. The virtual labs will be used for workshops and self-paced training. These labs will enable cyberinfrastructure contributors (including developers and researchers) to learn how to implement offloaded applications on various SmartNICs. The virtual labs will also permit cyberinfrastructure professionals (including system administrators, research support staff, and facilitators) to learn how to deploy those applications, how to manage SmartNICs, and how to provide effective support. The virtual labs will be deployed on the NSF-funded FABRIC platform (NSF award #1935966) and on the Academic Cloud at the University of South Carolina, which will serve as training platforms. The virtual labs will cover open-source technologies that are compatible with commercial SmartNICs. The second project goal, contributing to its broader impact, is to incorporate virtual labs into educational curricula and instructional resources. The project will target associate, bachelor, and graduate programs. Two-year community colleges will use the virtual labs to train students on SmartNICs administration and operation, including the deployment of pre-developed applications. Four-year bachelor and graduate-level programs will use the virtual labs to provide in-depth training on SmartNIC programming, starting from the foundational principles to the development of advanced applications that accelerate data processing and analytics. Training activities for the two project goals include organizing workshops with cyberinfrastructure communities, including national and regional Research and Education Networks; professional development events with the NSF-funded Minority-Serving Cyberinfrastructure Consortium, a collaborative consortium that provides professional development and training opportunities to minority serving institutions; and train-the-trainer tutorials with centers supporting college instructors and students. Best practices and technical specifications produced by this project are incorporated into NSF's ACCESS Knowledge Base, to disseminate them to the broader community of researchers.
NSF 2403360: OAC Core: Enhancing Network Security by Implementing an ML Malware Detection and Classification Scheme in P4 Programmable Data Planes and SmartNICs
- NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
- Award Number: 2403360
- Start Date: July 1, 2024
- End Date: June 30, 2027
- Awarded Amount to Date: $599,999.00
- Investigator(s): Jorge Crichigno (Principal Investigator), Elias Bou-Harb (Co-Principal Investigator), Elie Kfoury (Co-Principal Investigator)
- Sponsor: University of South Carolina at Columbia
- NSF Program(s): OAC-Advanced Cyberinfrast Core
-
Link to Official Webpage: NSF-2403360
Malware attacks represent significant threats to organizations, which use a variety of approaches to protect against them. Examples include intrusion detection systems, intrusion prevention systems, and other security systems that run on general-purpose computers. Such schemes perform "deep packet inspection" (DPI), a process by which a security device protecting an organization thoroughly examines incoming traffic and alerts administrators about suspicious activities. While DPI may be effective in some scenarios, it requires significant processing. Furthermore, if the organization receives a high volume of traffic from the Internet, DPI may not keep up with the traffic and may only inspect a fraction of it. Additionally, the inspection may not be conducted in real-time and may only detect the malware after the attack.
This project proposes to leverage the capability of P4 programmable data plane (PDP) switches and smartNICs to perform DPI. The project has four objectives. 1) Develop a malware detection and classification application running on PDPs, operating at line rate. The application will perform DPI of Domain Name System (DNS) packets, preventing malware from communicating with the corresponding C2 server. Traffic will be monitored in real-time, and functions commonly executed on general-purpose CPUs will be offloaded to PDPs. The plan includes analyzing DNS data, characterizing traffic patterns, and feeding such information to a machine learning (ML) algorithm. The ML algorithm will detect and classify malware according to their family (e.g., trojan, backdoor, ransomware). 2) Develop a malware detection and classification application running on a SmartNIC, for encrypted DNS packets. Research will be conducted to perform feature extraction for malware generating such packets. An ML algorithm will use the features to detect and classify the malware. 3) Develop a control application that shares threat intelligence and avoids malware propagation. As PDP switches and smartNIC detect malware, they share the threat intelligence with a centralized controller. 4) Expand the eX-IoT platform to fingerprint, store, and index newly detected and classified malware. The eX-IoT platform is a real-time platform for fingerprinting compromised devices on the Internet. The prototype running on PDPs and smart NICs will be built with open-source components available to the community, and the developed knowledge will be disseminated by synthesizing it as virtual lab libraries for courses and self-paced learning. The libraries will be distributed to colleges and universities. Finally, tutorials on malware detection and PDPs will be organized with organizations such as Internet2 and FABRIC.
NSF 2346726: CC* Integration-Small: Enhancing Data Transfers by Enabling Programmability and Closed-loop Control in a Non-programmable Science DMZ
- NSF Org: OAC Office of Advanced Cyberinfrastructure (OAC)
- Award Number: 2346726
- Start Date: July 1, 2024
- End Date: June 30, 2026
- Awarded Amount to Date: $500,000.00
- Investigator(s): Jorge Crichigno (Principal Investigator), Andreas Heyden (Co-Principal Investigator), Paul Sagona (Co-Principal Investigator), Elie Kfoury (Co-Principal Investigator)
- Sponsor: University of South Carolina at Columbia
- NSF Program(s): CISE Research Resources, Campus Cyberinfrastructure, EPSCoR Co-Funding
-
Link to Official Webpage: NSF-2346726
Programmable data plane (PDP) switches have recently attracted significant attention from the communications industry. They are network devices that provide unprecedented visibility of events occurring in data networks and enable engineers to write software applications using the P4 programming language. The applications leverage the visibility and performance capacity of PDP switches, where applications can run orders of magnitude faster than those running on general-purpose computers. This project will deploy a "self-driving" network referred to as Science DMZ at the University of South Carolina (USC), using P4 applications running on PDP switches. The enhanced network will support science and engineering projects that foster the progress of science. Specifically, it will enable faculty members, researchers, and students to transfer big science data more efficiently within USC's campus and with external collaborators such as U.S. Department of Energy's laboratories (e.g., Savannah River, Argonne), national computing centers (e.g., San Diego Supercomputer Center, National Energy Research Scientific Computing Center), and international organizations (e.g., European Organization for Nuclear Research CERN).
This project proposes to leverage the capability of P4 programmable data plane (PDP) switches and smartNICs to perform DPI. The project has four objectives. 1) Develop a malware detection and classification application running on PDPs, operating at line rate. The application will perform DPI of Domain Name System (DNS) packets, preventing malware from communicating with the corresponding C2 server. Traffic will be monitored in real-time, and functions commonly executed on general-purpose CPUs will be offloaded to PDPs. The plan includes analyzing DNS data, characterizing traffic patterns, and feeding such information to a machine learning (ML) algorithm. The ML algorithm will detect and classify malware according to their family (e.g., trojan, backdoor, ransomware). 2) Develop a malware detection and classification application running on a SmartNIC, for encrypted DNS packets. Research will be conducted to perform feature extraction for malware generating such packets. An ML algorithm will use the features to detect and classify the malware. 3) Develop a control application that shares threat intelligence and avoids malware propagation. As PDP switches and smartNIC detect malware, they share the threat intelligence with a centralized controller. 4) Expand the eX-IoT platform to fingerprint, store, and index newly detected and classified malware. The eX-IoT platform is a real-time platform for fingerprinting compromised devices on the Internet. The prototype running on PDPs and smart NICs will be built with open-source components available to the community, and the developed knowledge will be disseminated by synthesizing it as virtual lab libraries for courses and self-paced learning. The libraries will be distributed to colleges and universities. Finally, tutorials on malware detection and PDPs will be organized with organizations such as Internet2 and FABRIC.