Crypto Miner Attack: GPU Remote Code Execution Attacks
Ariel Szabo, Uzy Hadad
TL;DR
This paper investigates GPU-based remote code execution attacks that exploit deserialization vulnerabilities and custom layers in AI systems to deploy malicious crypto miners, highlighting detection challenges and mitigation strategies.
Contribution
It provides a comprehensive analysis of GPU RCE exploits, demonstrating how they can be used to deploy crypto miners and proposing mitigation strategies.
Findings
GPU RCE attacks enable unauthorized crypto mining.
Detection of GPU-based attacks is highly challenging due to parallel processing.
Static and model scanning can help mitigate these vulnerabilities.
Abstract
Remote Code Execution (RCE) exploits pose a significant threat to AI and ML systems, particularly in GPU-accelerated environments where the computational power of GPUs can be misused for malicious purposes. This paper focuses on RCE attacks leveraging deserialization vulnerabilities and custom layers, such as TensorFlow Lambda layers, which are often overlooked due to the complexity of monitoring GPU workloads. These vulnerabilities enable attackers to execute arbitrary code, blending malicious activity seamlessly into expected model behavior and exploiting GPUs for unauthorized tasks such as cryptocurrency mining. Unlike traditional CPU-based attacks, the parallel processing nature of GPUs and their high resource utilization make runtime detection exceptionally challenging. In this work, we provide a comprehensive examination of RCE exploits targeting GPUs, demonstrating an attack that…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Data Storage Technologies · Network Security and Intrusion Detection