Artificial intelligence builds an iron wall of network security

Every moment, thousands of scientists around the world use the powerful computer network connected to the Large Hadron Collider (LHC) at the world's largest particle physics laboratory, the European Organization for Nuclear Research (CERN), the "Worldwide LHC Computing Grid", hoping to gain further insight into the structure of the universe and better understand the universe and ourselves. Unfortunately, hackers are also eyeing the unparalleled computing power of these networks. They want to steal this treasure trove of resources to make money or attack other computer systems.

According to a report by Scientific American magazine on the 19th, in order to resist hacker attacks, CERN scientists did not adopt traditional tactics - using network security systems to play "hide and seek" with malicious invaders and wage guerrilla warfare. Instead, they turned to artificial intelligence, the "super weapon" and "rising star" in the science and technology world, to deal with their cyber opponents.

[[194845]]

Computing data centers and server farms at CERN, the European Organization for Nuclear Research.

Image source: Scientific American website

A huge grid emerges

The main work of the LHC is to collide atomic particles at high speeds so that scientists can study the interactions between particles. Particle detectors in the LHC and other scientific facilities collect information about the collisions, and many laboratories and universities around the world use this data in their own research projects.

The data generated by the LHC is huge. It is estimated that in 2017, the LHC will generate 50 petabytes (100 trillion bytes) of data, equivalent to 15 million high-definition movies, and the computing power and data storage capacity required far exceeds what CERN can do on its own.

LHC anticipated this development momentum and prepared for it as early as 2002 by creating the "Global LHC Computing Grid" that can connect computers in more than 170 laboratories in more than 40 countries. This computer grid is like an electric grid, delivering different amounts of computing resources to different laboratories at all times. Currently, more than 8,000 physicists use this computer grid to quickly evaluate and analyze the massive amounts of data generated by the LHC.

Traditional protection is insufficient

Current network detection systems generally detect attacks by scanning input data for information related to known viruses and other types of malicious code, but these systems are almost useless against new viruses or malicious code and unfamiliar threats. In addition, today's malware "morphs" very quickly.

In addition, one of the biggest challenges in protecting a computing grid is ensuring that security does not hinder the sharing of processing power and data storage, because scientists in different laboratories around the world may be conducting the same research and using the same computers, thus placing high demands on the grid.

CERN is also concerned that there could be viruses or other malware on computers connected to the grid that could allow bad actors to gain access to the grid and spread quickly. For example, a virus could allow hackers to take over part of the grid and use those computers to generate digital currency (bitcoins) or launch attacks on other computers.

"Normally, an anti-virus program on a single computer would stop a malicious intrusion," said Andres Gomes, lead architect of the new network security architecture. "But in a grid, we have to protect thousands of machines that allow researchers outside CERN to conduct experiments using different software programs, which in turn involves a large amount of data, making it more complicated to protect the grid from intrusion."

Artificial Intelligence in Danger

With that in mind, CERN scientists are developing new systems that use machine learning to identify anomalies in a network and report them to administrators, said Jarno Niemela, a senior researcher at F-Secure, a maker of computer security systems. For example, a system might learn to flag network traffic that requires too much bandwidth, uses incorrect programs when trying to enter the network, or seeks network access through unauthorized ports.

In addition, CERN's cybersecurity department is training its artificial intelligence software to understand the difference between normal and suspicious behavior on the network, and to alert staff through mobile phone text messages, emails or computer messages when potential threats appear. Gomez said that this system can even automatically shut down suspicious activities. CERN hopes that this new method can protect its huge computer grid.

Niemela also pointed out that the use of artificial intelligence gives CERN more flexibility and is expected to better protect its huge grid, especially in searching for new threats.

The upgrades to CERN's AI security systems are still in their early stages and will be rolled out over time. The first test will protect the grid sections involved in the Large Hadron Collider Experiment (ALICE). ALICE is a key component of the LHC, with the main goal of studying the collisions of lead nuclei. If the tests on ALICE are successful, CERN's machine learning-based cybersecurity measures could then be used to defend the grid sections used by the other six detection experiments.