Mining on someone else’s dime: Mitigating covert mining operations in clouds and enterprises

Rashid Tahir, Muhammad Huzaifa, Anupam Das, Mohammad Ahmad, Carl Gunter, Fareed Zaffar, Matthew Caesar, Nikita Borisov

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Covert cryptocurrency mining operations are causing notable losses to both cloud providers and enterprises. Increased power consumption resulting from constant CPU and GPU usage from mining, inflated cooling and electricity costs, and wastage of resources that could otherwise benefit legitimate users are some of the factors that contribute to these incurred losses. Affected organizations currently have no way of detecting these covert, and at times illegal miners and often discover the abuse when attackers have already fled and the damage is done. In this paper, we present MineGuard, a tool that can detect mining behavior in real-time across pools of mining VMs or processes, and prevent abuse despite an active adversary trying to bypass the defenses. Our system employs hardware-assisted profiling to create discernible signatures for various mining algorithms and can accurately detect these, with negligible overhead (<0.01%), for both CPU and GPU-based miners. We empirically demonstrate the uniqueness of mining behavior and show the effectiveness of our mitigation approach(≈99.7% detection rate). Furthermore, we characterize the noise introduced by virtualization and incorporate it into our detection mechanism making it highly robust. The design of MineGuard is both practical and usable and requires no modification to the core infrastructure of commercial clouds or enterprises..

Original languageEnglish (US)
Title of host publicationResearch in Attacks, Intrusions, and Defenses - 20th International Symposium, RAID 2017, Proceedings
EditorsMichalis Polychronakis, Manos Antonakakis, Marc Dacier, Michael Bailey
PublisherSpringer
Pages287-310
Number of pages24
ISBN (Print)9783319663319
DOIs
StatePublished - 2017
Event20th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2017 - Atlanta, United States
Duration: Sep 18 2017Sep 20 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10453 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other20th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2017
Country/TerritoryUnited States
CityAtlanta
Period9/18/179/20/17

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Mining on someone else’s dime: Mitigating covert mining operations in clouds and enterprises'. Together they form a unique fingerprint.

Cite this