Computer scientists in the US have developed a new artificial intelligence (AI) system that may be able to identify malicious codes that hijack supercomputers to mine for cryptocurrencies such as Bitcoin and Monero. The researchers, including one of Indian-origin, tested their system by comparing a known, benign code to an abusive, Bitcoin mining code.
The system identified the illicit mining operation much quicker and more reliably than conventional, non-AI analyses, according to a study published in the journal IEEE Access.
“Our deep-learning artificial intelligence model is designed to detect the abusive use of supercomputers specifically for the purpose of cryptocurrency mining,” said study co-author Gopinath Chennupati, a researcher at Los Alamos National Laboratory in the US.
“Based on recent computer break-ins in Europe and elsewhere, this type of software watchdog will soon be crucial to prevent cryptocurrency miners from hacking into high-performance computing facilities and stealing precious computing resources.”
Instead of minting it like coins or paper bills, cryptocurrency miners digitally dig for the currency by performing computationally intense calculations. Legitimate cryptocurrency miners often assemble enormous computer arrays dedicated to digging up the digital cash.
Less savoury miners have found they can strike it rich by hijacking supercomputers, provided they can keep their efforts hidden. The new AI system is designed to catch them in the act by comparing programmes based on graphs, which are like fingerprints for software.
All programmes can be represented by graphs that consist of nodes linked by lines, loops, or jumps. Much as human criminals can be caught by comparing the whorls and arcs on their fingertips to records in a fingerprint database, the new AI system compares the contours in a programme’s flow-control graph to a catalogue of graphs for programmes that are allowed to run on a given computer.
Instead of finding a match to a known criminal programme, however, the system checks to determine whether a graph is among those that identify programmes that are supposed to be running on the system.
Because the approach relies on graph comparisons, it cannot be fooled by common techniques that illicit cryptocurrency miners use to disguise their codes, such as including obfuscating variables and comments intended to make the codes look like legitimate programming, said the study.