Mining on Someone Else's Dime: Mitigating Covert Mining Operations in Clouds and Enterprises [chapter]

Rashid Tahir, Muhammad Huzaifa, Anupam Das, Mohammad Ahmad, Carl Gunter, Fareed Zaffar, Matthew Caesar, Nikita Borisov
2017 Lecture Notes in Computer Science  
Covert cryptocurrency mining operations are causing notable losses to both cloud providers and enterprises. Increased power consumption resulting from constant CPU and GPU usage from mining, inflated cooling and electricity costs, and wastage of resources that could otherwise benefit legitimate users are some of the factors that contribute to these incurred losses. Affected organizations currently have no way of detecting these covert, and at times illegal miners and often discover the abuse
more » ... n attackers have already fled and the damage is done. In this paper, we present MineGuard, a tool that can detect mining behavior in real-time across pools of mining VMs or processes, and prevent abuse despite an active adversary trying to bypass the defenses. Our system employs hardware-assisted profiling to create discernible signatures for various mining algorithms and can accurately detect these, with negligible overhead (< 0.01%), for both CPU and GPU-based miners. We empirically demonstrate the uniqueness of mining behavior and show the effectiveness of our mitigation approach(≈ 99.7% detection rate). Furthermore, we characterize the noise introduced by virtualization and incorporate it into our detection mechanism making it highly robust. The design of MineGuard is both practical and usable and requires no modification to the core infrastructure of commercial clouds or enterprises.
doi:10.1007/978-3-319-66332-6_13 fatcat:gke6m46wazhubndezdfasis7km