Reseachers run one million virtual machines to help flight botnet problem

Scientists at Sandia National Laboratories (SNL) have demonstrated a supercomputer running more than one million virtual computers that will provide insight into the behavior of botnets.

Botnets are networks of infected computers (zombies) that can be remotely controlled, and are difficult to protect against and study since they are geographically spread allover the world.

Sandia National Laboratories computer scientists Ron Minnich (foreground) and Don Rudish (background) have successfully run more than a million Linux kernels as virtual machines. (Credit: Randy Wong)

Now, with a mini model of the Internet, Sandia computer scientist Ron Minnich says that it will allow them to study how a small number of machines can attack and bring down larger networks. They can also study, for example, why some botnets prefer to be small and others large.

Previously, Minnich said, researchers had only been able to run up to 20,000 kernels concurrently (a “kernel” is the central component of most computer operating systems). The more kernels that can be run at once, the more effective cyber security professionals can be in combating the global botnet problem, he said.

“Eventually, we would like to be able to emulate the computer network of a small nation, or even one as large as the United States, in order to ‘virtualize’ and monitor a cyber attack,” Minnich added.

The team is using a 4,480-node Dell high-performance computer cluster, known as Thunderbird, with 250 VMs- each with an independent linux kernel, creating a total of over 1.1 million individual virtual computers.

“The sheer size of the Internet makes it very difficult to understand in even a limited way,” said Minnich. It has been estimated that the team will need to run 100 million CPUs by 2018 in order to build a computer that will run at the speeds they need.

Their efforts and that of other security researchers haven't come soon enough. Botnets are a major cyber security concern as the recent DDoS assault on Twitter, Facebook, and Google underscores. Last year, the Georgia Tech Information Security Center (GTISC) reported that 10 percent of online computers were part of Botnets.

A recent post on Defense Tech does a number exercise to illustrate the problem, citing that there are 34 million computers in the United States that have been compromised and are now part of a Botnet:

According to the CIA World Fact Book, there are about 1.5 billion internet users. When you factor in multiple devices per user and shared computers we estimate there are about 1.3 billion user devices connected to the Internet currently. Using the GTISC 15 percent compromise factor that translates to an estimated 195 million bots. According to one report some 150,000 computers become infected every day and join the millions of zombies that make up the BotNets.

Link: SNL News Release