Abstract
Cryptocurrencies, arguably the most prominent application of blockchain systems, have been on the rise with wide mainstream acceptance. A central entity in cryptocurrencies is “mining pools”, groups of cooperating cryptocurrency miners who agree to share block rewards in proportion to their contributed mining hash power. Despite the many promised benefits of cryptocurrencies, they are equally utilized for malicious activities, e.g., ransomware payments, stealthy command, and control, etc. Thus, understanding the interplay between cryptocurrencies, particularly the mining pools, and other essential infrastructures for profiling and characterization is necessary.
In this paper, we initiate the study of the interplay between mining pools and public clouds by analyzing their communication association through passive domain name system (pDNS) traces. We observe that 24 cloud providers have some association with mining pools as observed from the pDNS query traces, where popular public cloud providers, namely Amazon and Google, have almost 48% of such an association. Moreover, we found that the cloud provider presence and cloud provider-to-mining pool association exhibit a heavy-tailed distribution, emphasizing an intrinsic preferential attachment model with both mining pools and cloud providers. We measure the security risk and exposure of the cloud providers, as that might aid in understanding the intent of the mining. Among the top two cloud providers, we found almost 35% and 30% of their associated endpoints are positively detected to be associated with malicious activities, per the virustotal.com scan. Finally, we found that the mining pools presented in our dataset are predominantly used for mining Metaverse currencies, highlighting a shift in cryptocurrency use and demonstrating the prevalence of mining using public clouds.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bansal, S.K.: Linux worm targets internet-enabled home appliances to mine cryptocurrencies (2014). https://thehackernews.com/2014/03/linux-worm-targets-internet-enabled.html
Bertino, E., Islam, N.: Botnets and internet of things security. Computer 50(2), 76–79 (2017)
Böck, L., Alexopoulos, N., Saracoglu, E., Mühlhäuser, M., Vasilomanolakis, E.: Assessing the threat of blockchain-based botnets. In: 2019 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–11. IEEE (2019)
Eskandari, S., Leoutsarakos, A., Mursch, T., Clark, J.: A first look at browser-based cryptojacking. In: IEEE European Symposium on Security and Privacy Workshops, EuroS &P Workshops, London, United Kingdom, pp. 58–66 (2018). https://doi.org/10.1109/EuroSPW.2018.00014
Huang, D.Y., et al.: Botcoin: monetizing stolen cycles. In: The Network and Distributed System Security Symposium (2014)
Kharraz, A., et al.: Outguard: detecting in-browser covert cryptocurrency mining in the wild. In: Liu, L., et al. (eds.) The World Wide Web Conference, WWW 2019, San Francisco, CA, USA, 13–17 May 2019, pp. 840–852. ACM (2019). https://doi.org/10.1145/3308558.3313665
Kim, H., Park, J., Kwon, H., Jang, K., Choi, S.J., Seo, H.: Detecting block cipher encryption for defense against crypto ransomware on low-end internet of things. In: You, I. (ed.) WISA 2020. LNCS, vol. 12583, pp. 16–30. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65299-9_2
Krishnan, H., Saketh, S., Vaibhav, V.: Cryptocurrency mining transition to cloud. Int. J. Adv. Comput. Sci. Appl. 6 (2015)
Perdisci, R., Papastergiou, T., Alrawi, O., Antonakakis, M.: IoTFinder: efficient large-scale identification of IoT devices via passive DNS traffic analysis. In: IEEE European Symposium on Security and Privacy, EuroS &P 2020, pp. 474–489. IEEE (2020). https://doi.org/10.1109/EuroSP48549.2020.00037
Rüth, J., Zimmermann, T., Wolsing, K., Hohlfeld, O.: Digging into browser-based crypto mining. In: Proceedings of the Internet Measurement Conference 2018, IMC 2018. ACM, New York (2018). https://doi.org/10.1145/3278532.3278539
Saad, M., Chen, S., Mohaisen, D.: SyncAttack: double-spending in bitcoin without mining power. In: ACM Conference on Computer and Communications Security, pp. 1668–1685. ACM (2021). https://doi.org/10.1145/3460120.3484568
Saad, M., Choi, J., Nyang, D., Kim, J., Mohaisen, A.: Toward characterizing blockchain-based cryptocurrencies for highly accurate predictions. IEEE Syst. J. 14(1), 321–332 (2020). https://doi.org/10.1109/JSYST.2019.2927707
Saad, M., Khormali, A., Mohaisen, A.: Dine and dash: static, dynamic, and economic analysis of in-browser cryptojacking. In: 2019 APWG Symposium on Electronic Crime Research, eCrime 2019, Pittsburgh, PA, USA, 13–15 November 2019, pp. 1–12. IEEE (2019). https://doi.org/10.1109/eCrime47957.2019.9037576
Sari, A., Kilic, S.: Exploiting cryptocurrency miners with OISNT techniques. Trans. Netw. Commun. 5(6) (2017)
Tahir, R., et al.: Mining on someone else’s dime: mitigating covert mining operations in clouds and enterprises. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 287–310. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66332-6_13
The Guardian: Cryptocurrency miners using hacked cloud accounts, google warns (2021). shorturl.at/bgwA9
Acknowledgement
This research was supported by the Global Research Laboratory (GRL) Program through the National Research Foundation of Korea funded by the Ministry of Science and ICT (NRF-2016K1A1A2912757). Part of this work was additionally supported by CyberFlorida Seed Grant (2021–2022).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Adeniran, A., Mohaisen, D. (2023). Measuring Cryptocurrency Mining in Public Cloud Services: A Security Perspective. In: Dinh, T.N., Li, M. (eds) Computational Data and Social Networks . CSoNet 2022. Lecture Notes in Computer Science, vol 13831. Springer, Cham. https://doi.org/10.1007/978-3-031-26303-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-26303-3_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-26302-6
Online ISBN: 978-3-031-26303-3
eBook Packages: Computer ScienceComputer Science (R0)