TY - GEN
T1 - Mining on someone else’s dime
T2 - 20th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2017
AU - Tahir, Rashid
AU - Huzaifa, Muhammad
AU - Das, Anupam
AU - Ahmad, Mohammad
AU - Gunter, Carl
AU - Zaffar, Fareed
AU - Caesar, Matthew
AU - Borisov, Nikita
N1 - Publisher Copyright:
© 2017, Springer International Publishing AG.
PY - 2017
Y1 - 2017
N2 - Covert cryptocurrency mining operations are causing notable losses to both cloud providers and enterprises. Increased power consumption resulting from constant CPU and GPU usage from mining, inflated cooling and electricity costs, and wastage of resources that could otherwise benefit legitimate users are some of the factors that contribute to these incurred losses. Affected organizations currently have no way of detecting these covert, and at times illegal miners and often discover the abuse when attackers have already fled and the damage is done. In this paper, we present MineGuard, a tool that can detect mining behavior in real-time across pools of mining VMs or processes, and prevent abuse despite an active adversary trying to bypass the defenses. Our system employs hardware-assisted profiling to create discernible signatures for various mining algorithms and can accurately detect these, with negligible overhead (<0.01%), for both CPU and GPU-based miners. We empirically demonstrate the uniqueness of mining behavior and show the effectiveness of our mitigation approach(≈99.7% detection rate). Furthermore, we characterize the noise introduced by virtualization and incorporate it into our detection mechanism making it highly robust. The design of MineGuard is both practical and usable and requires no modification to the core infrastructure of commercial clouds or enterprises..
AB - Covert cryptocurrency mining operations are causing notable losses to both cloud providers and enterprises. Increased power consumption resulting from constant CPU and GPU usage from mining, inflated cooling and electricity costs, and wastage of resources that could otherwise benefit legitimate users are some of the factors that contribute to these incurred losses. Affected organizations currently have no way of detecting these covert, and at times illegal miners and often discover the abuse when attackers have already fled and the damage is done. In this paper, we present MineGuard, a tool that can detect mining behavior in real-time across pools of mining VMs or processes, and prevent abuse despite an active adversary trying to bypass the defenses. Our system employs hardware-assisted profiling to create discernible signatures for various mining algorithms and can accurately detect these, with negligible overhead (<0.01%), for both CPU and GPU-based miners. We empirically demonstrate the uniqueness of mining behavior and show the effectiveness of our mitigation approach(≈99.7% detection rate). Furthermore, we characterize the noise introduced by virtualization and incorporate it into our detection mechanism making it highly robust. The design of MineGuard is both practical and usable and requires no modification to the core infrastructure of commercial clouds or enterprises..
UR - http://www.scopus.com/inward/record.url?scp=85032864447&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85032864447&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-66332-6_13
DO - 10.1007/978-3-319-66332-6_13
M3 - Conference contribution
AN - SCOPUS:85032864447
SN - 9783319663319
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 287
EP - 310
BT - Research in Attacks, Intrusions, and Defenses - 20th International Symposium, RAID 2017, Proceedings
A2 - Polychronakis, Michalis
A2 - Antonakakis, Manos
A2 - Dacier, Marc
A2 - Bailey, Michael
PB - Springer
Y2 - 18 September 2017 through 20 September 2017
ER -