Using AWS, we scaled to hundreds of virtual servers at the click of a button, and we could do a year’s worth of compute in one day. We could not have done that without the AWS Cloud. 
Dr. Arash Habibi Lashkari Assistant Professor, Canadian Institute for Cybersecurity at the University of New Brunswick
  • About Communications Security Establishment

    The Communications Security Establishment (CSE) is the Government of Canada’s national cryptologic agency. It is responsible for foreign signals intelligence and protecting the government’s electronic information and communication networks.

  • AWS Services Used

  • Benefits Realized

    • Quickly scales to simulate 13 cyberattacks on 500 PCs
    • Reduces operational costs
    • Advances cybersecurity research around the globe

     

The Communications Security Establishment (CSE) is one of the Government of Canada’s key security and intelligence organizations. As part of its mandate to protect the government’s electronic information and communications networks, CSE explores new and innovative solutions to combat new cyberattack methods by researching cybersecurity data. However, when CSE recently embarked on a new research initiative to find updated test data, it saw serious limitations in current datasets. “We found there wasn’t a lot of great data out there,” says Mike Davie, a cybersecurity engineer at CSE. “Much of it was sensitive and not suitable for public research, and it was outdated, so it didn’t take into account modern attack methods.”

To address these issues, CSE reached out to the Canadian Institute for Cybersecurity at the University of New Brunswick (UNB), which had recently conducted promising cybersecurity research around modern attack methods, including brute force, botnet, and denial of service. Both CSE and UNB, though, lacked the compute capacity to simulate cyberattacks on a large scale. “We needed hundreds of virtual machines and computers to simulate a medium-sized enterprise being attacked, but neither organization had that capacity internally,” Davie says. “We also wanted to do this research cost-effectively, which meant avoiding the procurement of a bunch of servers for a two-week project.”

 

To overcome its scalability and cost roadblocks, CSE chose to create a research simulation project on the Amazon Web Services (AWS) Cloud. “We explored different technologies, but we liked AWS the best because of the scalability and on-demand cost benefits it provided,” says Davie. “The infrastructure-as-a-service model was a perfect fit for how we wanted to do our research.”

To get the project up and running quickly, CSE and UNB received $80,000 in project funding from the AWS Cloud Credits for Research Program, a program that has helped global researchers expedite their research with the power of the cloud. “That was a major help in starting the research, because both CSE and UNB have research budgetary constraints,” says Davie. Once the project started, the CSE and UNB used more than 100 virtual servers running on Amazon Elastic Compute Cloud (Amazon EC2) instances to support a test network simulating a company with five departments and 500 employees using PCs. Researchers from CSE and UNB developed 13 attack scenarios and executed them for 10 days, capturing network traffic and machine logs and, ultimately, generating a new cybersecurity dataset. The research results were made available through an open data portal hosted on AWS. “Being able to host our open data portal on AWS was important because we want the data to be available for other researchers to use,” says Davie.

By hosting the cybersecurity test and datasets on AWS, CSE and UNB were able to quickly deploy hundreds of servers. “When I conducted research several years ago, I only had 25 servers,” says Dr. Arash Habibi Lashkari, assistant professor at UNB. “Using AWS, we scaled to hundreds of virtual servers at the click of a button, and we could do a year’s worth of compute in one day. We could not have done that without the AWS Cloud.”

Using AWS to support the datasets, CSE was able to predict and control its costs. “We didn’t have to buy a bunch of hardware for a 10-day project and then continue to pay for it when the project was finished,” says Davie. “AWS gives us a predictable cost model, so we knew upfront exactly how much it would cost.”

By completing its research on AWS, CSE and UNB met the government’s requirement of providing realistic datasets to support the development and testing of new and advanced cybersecurity solutions. “With the research we conducted on AWS, we were able to detect specific attacks such as DDoS, infiltration, and web attacks faster and more accurately than before,” Lashkari says. “We were able to extract approximately 80 network traffic features, some in a matter of seconds. We couldn’t have accomplished this without doing it on the AWS Cloud.”

As a result of the project, CSE and UNB have made new cybersecurity data publicly available for other researchers to support additional research in the field. “More than 800 universities and cybersecurity researchers around the world have already cited our datasets in their research,” says Lashkari. CSE can now better support its mission of sharing new research with cybersecurity technology companies. “This supports our goal of using better technology to advance research in the field,” says Davie. “By providing better research data, we can help fight cyberattacks across Canada and throughout the world and help networks be more secure.”

To learn more, visit aws.amazon.com/canada/publicsector.