Researchers at Sandia National Laboratories in Livermore, Calif., are creating what is in effect a vast digital petri dish able to hold one million operating systems at once in an effort to study the behavior of rogue programs known as botnets.
Botnets are used extensively by malicious computer hackers to steal computing power from Internet-connected computers. The hackers harness the stolen resources into a scattered but powerful computer that can be used to send spam, execute phishing scams or steal digital information. These remote-controlled “distributed computers” are difficult to observe and track.
Botnets may take over parts of tens of thousands or in some cases even millions of computers, making them among the world’s most powerful computers for some applications.
“When a forest is on fire you can fly over it, but with a cyberattack you have no clear idea of what it looks like,” said Ron Minnich, a Sandia scientist who specializes in computer security. “It’s an extremely difficult task to get a global picture.”
To stalk the botnets, Mr. Minnich and his colleague Don Rudish have converted a Dell supercomputer to simulate a mini-Internet of one million computers.
The researchers said they hoped to be able to infect their digital petri dish with a botnet in October and then gather data on how the system behaves. One of the challenges will be in tricking the botnet components into believing they are running in the open Internet.
Some botnet makers have designed their programs to detect so-called honey pots, programs that pretend to be computers that can be taken over but which instead are used to capture and observe botnet clients.
Typically, supercomputers have been designed with the goal of reaching absolute computing performance, and used for complex scientific or engineering tasks like modeling the earth’s climate, protein folding or simulating nuclear weapons explosions.
The Sandia computer, which the researchers have named MegaTux, in a reference to Tux, the penguin character that is the official mascot of the Linux operating system, is an example of a new kind of computational science, in which computers are used to simulate scientific instruments that were once used in physical world laboratories. For example, Microsoft researchers have created a vast visualization database they call the world wide telescope.
“One of the advantages of such a system is that we can stop the simulation at any point and look for patterns,” Mr. Rudish said. “It’s one of the neat things you can do when you crash a simulation of a 747 on a supercomputer.”
In the past, the researchers said, no one has tried to program a computer to simulate more than tens of thousands of operating systems.
The Dell Thunderbird supercomputer used for the Sandia project has 4,480 Intel microprocessors, far fewer than the million operating systems the researchers sought to simulate. But they used “virtual machine” software technology to get each microprocessor to simultaneously run many instances of a Linux-based component called a kernel — a basic component of an operating system that manages communications between software and hardware.
Because most botnets are written for the Windows operating system, the researchers are planning to use an open source program called Wine, making it possible to run Windows-based programs without actually having the complete Windows operating system. They said they were not using Windows itself because of the licensing costs of purchasing one million copies of Windows.
Besides simulating the Internet, Keith Vanderveen, manager of scaleable computing research at Sandia, said the system would be valuable for exploring the design of future supercomputers that might have millions rather than thousands of processors. It will also be invaluable for researchers who are hoping to design new, more secure protocols for the Internet.