Enterprise Security Assessment Framework for Cryptocurrency Mining Based on Monero

  • M. S. Bissaliyev al-Farabi Kazakh National University
  • A. T. Nyussupov Institute of Information and Computational Technologies
  • Sh. Zh. Mussiraliyeva al-Farabi Kazakh National University

Abstract

Mining a cryptocurrency is profitable on someone’s resources. It is becoming increasing problemin the enterprise to control the operations of its infrastructure while in idle or “off-work” time. Inthis paper we present enterprise security assessment framework for cryptocurrency mining basedon Monero cryptocurrency. The framework consists from surveying power consumption on GPUmining farms and traditional desktop PCs, analysis of web resources for browser-based miningon both internal and external domain names, the handy network logs analysis tool based on theregular expressions. While there had been significant difference between GPU and traditionaldesktop PC’s power consumption, computational ratio of the idle PCs after working time remainsquestionable. In the browser-based cryptocurrency mining, there were no data on public domains,however there had been a possibility for using the private domain names, thus further researchand different tools are required. In the network analysis, there were not enough evidences on thenetwork mining, and this leads to the different research question that attackers may use proxytechniques to bypass traffic filtering and network analysis.

References

[1] Broderick, Ryan. How to Get Rich on Bitcoin, By a System Administrator Who's Secretly Growing Them On His
School's Computers. Motherbard. 2011. Accessed May 5, 2018.
https://motherboard.vice.com/en_us/article/nzzz37/how-to-get-rich-on-bitcoin-by-a-system-administrator-
who-s-secretly-growing-them-on-his-school-s-computers
[2] Getbitcoin.com.au. Government employee caught mining using work supercomputer. Getbitcoin.com.au. 2014. Accessed May 5, 2018.
https://www.getbitcoin.com.au/bitcoin-news/government-employee-caught-mining-using-work-supercomputer
[3] Falconer, Joel. ABC employee caught mining for Bitcoins on company servers. The Next Web. 2011. Accesssed May 5, 2018.
https://thenextweb.com/au/2011/06/23/abc-employee-caught-mining-for-bitcoins-on-company-servers/
[4] Seals, Tara. ABC employee caught mining for Bitcoins on company servers. Infosecurity Magazine. 2018. Accessed May 5, 2018.
https://www.infosecurity-magazine.com:443/news/cryptomining-spikes-500/
[5] Bitcoin.org. Some Bitcoin words you might hear. Vocabulary Bitcoin. 2018. Accessed May 5, 2018.
https://bitcoin.org/en/vocabulary
[6] Makandar, Aziz, and Anita Patrot. Trojan Malware Image Pattern Classication. Paper presented at the annual International Conference on Cognition and Recognition, 253-262. Springer, Singapore, 2018.
[7] Edge, Charles, and Daniel O'Donnell. Malware Security: Combating Viruses, Worms, and Root Kits. Paper presented at the annual conference for the Enterprise Mac Security, 221-242. Apress, Berkeley, CA, 2016.
[8] Hajli, Nick, and Xiaolin Lin. Exploring the security of information sharing on social networking sites: The role of perceived control of information. Journal of Business Ethics, 133, no. 1 (2016): 111-123.
[9] Zalbina, M. Ridwan, Tri Wanda Septian, Deris Stiawan, Moh Yazid Idris, Ahmad Heryanto, and Rahmat Budiarto. Payload recognition and detection of Cross Site Scripting attack. Paper present at the annual conference for Anti-Cyber Crimes (ICACC), 2017 2nd International Conference, 172-176. IEEE, Abha, 2017.
[10] Coinhive. Coinhive Monero JavaScript Mining. Coinhive. 2018. Accessed May 5, 2018.
https://coinhive.com/
[11] Eskandari, Shayan, Andreas Leoutsarakos, Troy Mursch, and Jeremy Clark. A rst look at browser-based Cryptojacking. Accessed May 5, 2018 arXiv preprint, arXiv:1803.02887, (2018).
[12] Miller, Keith W., Jerey Voas, and George F. Hurlburt. BYOD: Security and privacy considerations. I t Professional, 14, no. 5 (2012): 53-55.
[13] Kizza, Joseph Migga. Virus and Content Filtering. Paper presented at the annual conference for Guide to Computer Network Security, 325-343. Springer, London, 2015.
[14] Runeson, Per, Martin Host, Austen Rainer, and Bjorn Regnell. Case study research in software engineering Guidelines and examples. (New Jersey: John Wiley & Sons, 2012), 135-136.
[15] Pickavet, Mario, Willem Vereecken, Soe Demeyer, Pieter Audenaert, Brecht Vermeulen, Chris Develder, Didier Colle, Bart Dhoedt, and Piet Demeester. Worldwide energy needs for ICT: The rise of power-aware networking. Paper presented at the annual conference for Advanced Networks and Telecommunication Systems, 2008. ANTS'08. 2nd International Symposium on, 1-3. IEEE, Bombay, 2008.
[16] Torpey, Kyle. How Bitcoin Mining Could Solve One Of The Issues With Space-Based Solar Power. Forbes. 2018. Accessed May 5, 2017.
https://www.forbes.com/sites/ktorpey/2017/09/15/how-bitcoin-mining-could-solve-one-of-the-issues-with-
space-based-solar-power/#1d98e4a22c8d
Published
2018-08-29
How to Cite
BISSALIYEV, M. S.; NYUSSUPOV, A. T.; MUSSIRALIYEVA, Sh. Zh.. Enterprise Security Assessment Framework for Cryptocurrency Mining Based on Monero. Journal of Mathematics, Mechanics and Computer Science, [S.l.], v. 98, n. 2, p. 67-76, aug. 2018. ISSN 1563-0277. Available at: <http://bm.kaznu.kz/index.php/kaznu/article/view/400>. Date accessed: 13 nov. 2018. doi: https://doi.org/10.26577/jmmcs-2018-2-400.
Keywords cryptocurrency mining, monero, hidden mining, cloud abuse