Measuring Cryptocurrency Mining in Public Cloud Services: A Security Perspective

Adeniran, Ayodeji; Mohaisen, David

doi:10.1007/978-3-031-26303-3_12

Ayodeji Adeniran⁹ &
David Mohaisen⁹

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13831))

Included in the following conference series:

International Conference on Computational Data and Social Networks

472 Accesses
1 Citations

Abstract

Cryptocurrencies, arguably the most prominent application of blockchain systems, have been on the rise with wide mainstream acceptance. A central entity in cryptocurrencies is “mining pools”, groups of cooperating cryptocurrency miners who agree to share block rewards in proportion to their contributed mining hash power. Despite the many promised benefits of cryptocurrencies, they are equally utilized for malicious activities, e.g., ransomware payments, stealthy command, and control, etc. Thus, understanding the interplay between cryptocurrencies, particularly the mining pools, and other essential infrastructures for profiling and characterization is necessary.

In this paper, we initiate the study of the interplay between mining pools and public clouds by analyzing their communication association through passive domain name system (pDNS) traces. We observe that 24 cloud providers have some association with mining pools as observed from the pDNS query traces, where popular public cloud providers, namely Amazon and Google, have almost 48% of such an association. Moreover, we found that the cloud provider presence and cloud provider-to-mining pool association exhibit a heavy-tailed distribution, emphasizing an intrinsic preferential attachment model with both mining pools and cloud providers. We measure the security risk and exposure of the cloud providers, as that might aid in understanding the intent of the mining. Among the top two cloud providers, we found almost 35% and 30% of their associated endpoints are positively detected to be associated with malicious activities, per the virustotal.com scan. Finally, we found that the mining pools presented in our dataset are predominantly used for mining Metaverse currencies, highlighting a shift in cryptocurrency use and demonstrating the prevalence of mining using public clouds.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 54.99; Price excludes VAT (USA)

Softcover Book: USD 69.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

References

Bansal, S.K.: Linux worm targets internet-enabled home appliances to mine cryptocurrencies (2014). https://thehackernews.com/2014/03/linux-worm-targets-internet-enabled.html
Bertino, E., Islam, N.: Botnets and internet of things security. Computer 50(2), 76–79 (2017)
Article Google Scholar
Böck, L., Alexopoulos, N., Saracoglu, E., Mühlhäuser, M., Vasilomanolakis, E.: Assessing the threat of blockchain-based botnets. In: 2019 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–11. IEEE (2019)
Google Scholar
Eskandari, S., Leoutsarakos, A., Mursch, T., Clark, J.: A first look at browser-based cryptojacking. In: IEEE European Symposium on Security and Privacy Workshops, EuroS &P Workshops, London, United Kingdom, pp. 58–66 (2018). https://doi.org/10.1109/EuroSPW.2018.00014
Huang, D.Y., et al.: Botcoin: monetizing stolen cycles. In: The Network and Distributed System Security Symposium (2014)
Google Scholar
Kharraz, A., et al.: Outguard: detecting in-browser covert cryptocurrency mining in the wild. In: Liu, L., et al. (eds.) The World Wide Web Conference, WWW 2019, San Francisco, CA, USA, 13–17 May 2019, pp. 840–852. ACM (2019). https://doi.org/10.1145/3308558.3313665
Kim, H., Park, J., Kwon, H., Jang, K., Choi, S.J., Seo, H.: Detecting block cipher encryption for defense against crypto ransomware on low-end internet of things. In: You, I. (ed.) WISA 2020. LNCS, vol. 12583, pp. 16–30. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65299-9_2
Chapter Google Scholar
Krishnan, H., Saketh, S., Vaibhav, V.: Cryptocurrency mining transition to cloud. Int. J. Adv. Comput. Sci. Appl. 6 (2015)
Google Scholar
Perdisci, R., Papastergiou, T., Alrawi, O., Antonakakis, M.: IoTFinder: efficient large-scale identification of IoT devices via passive DNS traffic analysis. In: IEEE European Symposium on Security and Privacy, EuroS &P 2020, pp. 474–489. IEEE (2020). https://doi.org/10.1109/EuroSP48549.2020.00037
Rüth, J., Zimmermann, T., Wolsing, K., Hohlfeld, O.: Digging into browser-based crypto mining. In: Proceedings of the Internet Measurement Conference 2018, IMC 2018. ACM, New York (2018). https://doi.org/10.1145/3278532.3278539
Saad, M., Chen, S., Mohaisen, D.: SyncAttack: double-spending in bitcoin without mining power. In: ACM Conference on Computer and Communications Security, pp. 1668–1685. ACM (2021). https://doi.org/10.1145/3460120.3484568
Saad, M., Choi, J., Nyang, D., Kim, J., Mohaisen, A.: Toward characterizing blockchain-based cryptocurrencies for highly accurate predictions. IEEE Syst. J. 14(1), 321–332 (2020). https://doi.org/10.1109/JSYST.2019.2927707
Article Google Scholar
Saad, M., Khormali, A., Mohaisen, A.: Dine and dash: static, dynamic, and economic analysis of in-browser cryptojacking. In: 2019 APWG Symposium on Electronic Crime Research, eCrime 2019, Pittsburgh, PA, USA, 13–15 November 2019, pp. 1–12. IEEE (2019). https://doi.org/10.1109/eCrime47957.2019.9037576
Sari, A., Kilic, S.: Exploiting cryptocurrency miners with OISNT techniques. Trans. Netw. Commun. 5(6) (2017)
Google Scholar
Tahir, R., et al.: Mining on someone else’s dime: mitigating covert mining operations in clouds and enterprises. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 287–310. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66332-6_13
Chapter Google Scholar
The Guardian: Cryptocurrency miners using hacked cloud accounts, google warns (2021). shorturl.at/bgwA9
Google Scholar

Download references

Acknowledgement

This research was supported by the Global Research Laboratory (GRL) Program through the National Research Foundation of Korea funded by the Ministry of Science and ICT (NRF-2016K1A1A2912757). Part of this work was additionally supported by CyberFlorida Seed Grant (2021–2022).

Author information

Authors and Affiliations

University of Central Florida, Orlando, USA
Ayodeji Adeniran & David Mohaisen

Authors

Ayodeji Adeniran
View author publications
You can also search for this author in PubMed Google Scholar
David Mohaisen
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to David Mohaisen .

Editor information

Editors and Affiliations

Virginia Commonwealth University, Richmond, VA, USA
Thang N. Dinh
Yeung Kin Man Academic Building, City University Hong Kong, Kowloon Tong, Hong Kong
Minming Li

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Adeniran, A., Mohaisen, D. (2023). Measuring Cryptocurrency Mining in Public Cloud Services: A Security Perspective. In: Dinh, T.N., Li, M. (eds) Computational Data and Social Networks . CSoNet 2022. Lecture Notes in Computer Science, vol 13831. Springer, Cham. https://doi.org/10.1007/978-3-031-26303-3_12

Download citation

DOI: https://doi.org/10.1007/978-3-031-26303-3_12
Published: 11 February 2023
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-26302-6
Online ISBN: 978-3-031-26303-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Measuring Cryptocurrency Mining in Public Cloud Services: A Security Perspective