AI defends supercomputers from bitcoin miners
To ensure scarce high-performance computing resources are only used by authorized applications, researchers at Los Alamos National Laboratory have developed an artificial intelligence system that can detect malicious codes that hijack supercomputers for illicit applications such as cryptocurrency mining.
Legitimate cryptocurrency miners depend on racks of specialized computers that solve complex computational problems that chain together transactions and receive an portion of the mined cryptocurrency as a reward. Some miners take shortcuts, hijacking high-performing computers at universities or government facilities, taking advantage of their processing power and saving themselves from having to set up their own mining systems. In fact, academic supercomputers across Europe were attacked in May by cryptocurrency miners who exploited compromised credentials to gain remote access to the systems. Once inside, they deployed cryptocurrency-mining malware and moved from one system to another.
Besides the security vulnerabilities introduced by Illicit mining, it also increases a supercomputer’s CPU load, reducing its performance and consuming more power.
The new AI system developed at Los Alamos compares control flow graphs of programs actually running on the system to a catalog of graphs for programs that have permission to run on a given computer. By comparing the contours in a program’s graph to those in the catalog, the system can spot unauthorized programs, even those that miners have disguised look like legitimate programming.
When testing their system by comparing a known, benign code to an abusive, Bitcoin mining code, the researchers found they could identify the illicit mining operation much quicker and more reliably than conventional, non-AI analyses, Los Alamos officials said.
While this graph-based approach may not offer a completely foolproof solution for all scenarios, it will give security researchers another tool prevent cryptocurrency miners from hacking into high-performance computing facilities and stealing precious computing resources.
Connect with the GCN staff on Twitter @GCNtech.