Enterprise Security Assessment Framework for Cryptocurrency Mining Based on Monero

Авторлар

  • M. S. Bissaliyev al-Farabi Kazakh National University
  • A. T. Nyussupov Institute of Information and Computational Technologies
  • Sh. Zh. Mussiraliyeva al-Farabi Kazakh National University

DOI:

https://doi.org/10.26577/jmmcs-2018-2-400
        145 73

Кілттік сөздер:

cryptocurrency mining, monero, hidden mining, cloud abuse

Аннотация

Mining a cryptocurrency is profitable on someone’s resources. It is becoming increasing problem
in the enterprise to control the operations of its infrastructure while in idle or “off-work” time. In
this paper we present enterprise security assessment framework for cryptocurrency mining based
on Monero cryptocurrency. The framework consists from surveying power consumption on GPU
mining farms and traditional desktop PCs, analysis of web resources for browser-based mining
on both internal and external domain names, the handy network logs analysis tool based on the
regular expressions. While there had been significant difference between GPU and traditional
desktop PC’s power consumption, computational ratio of the idle PCs after working time remains
questionable. In the browser-based cryptocurrency mining, there were no data on public domains,
however there had been a possibility for using the private domain names, thus further research
and different tools are required. In the network analysis, there were not enough evidences on the
network mining, and this leads to the different research question that attackers may use proxy
techniques to bypass traffic filtering and network analysis.

Библиографиялық сілтемелер

[1] Broderick, Ryan. How to Get Rich on Bitcoin, By a System Administrator Who's Secretly Growing Them On His
School's Computers. Motherbard. 2011. Accessed May 5, 2018.
https://motherboard.vice.com/en_us/article/nzzz37/how-to-get-rich-on-bitcoin-by-a-system-administrator-
who-s-secretly-growing-them-on-his-school-s-computers
[2] Getbitcoin.com.au. Government employee caught mining using work supercomputer. Getbitcoin.com.au. 2014. Accessed May 5, 2018.
https://www.getbitcoin.com.au/bitcoin-news/government-employee-caught-mining-using-work-supercomputer
[3] Falconer, Joel. ABC employee caught mining for Bitcoins on company servers. The Next Web. 2011. Accesssed May 5, 2018.
https://thenextweb.com/au/2011/06/23/abc-employee-caught-mining-for-bitcoins-on-company-servers/
[4] Seals, Tara. ABC employee caught mining for Bitcoins on company servers. Infosecurity Magazine. 2018. Accessed May 5, 2018.
https://www.infosecurity-magazine.com:443/news/cryptomining-spikes-500/
[5] Bitcoin.org. Some Bitcoin words you might hear. Vocabulary Bitcoin. 2018. Accessed May 5, 2018.
https://bitcoin.org/en/vocabulary
[6] Makandar, Aziz, and Anita Patrot. Trojan Malware Image Pattern Classication. Paper presented at the annual International Conference on Cognition and Recognition, 253-262. Springer, Singapore, 2018.
[7] Edge, Charles, and Daniel O'Donnell. Malware Security: Combating Viruses, Worms, and Root Kits. Paper presented at the annual conference for the Enterprise Mac Security, 221-242. Apress, Berkeley, CA, 2016.
[8] Hajli, Nick, and Xiaolin Lin. Exploring the security of information sharing on social networking sites: The role of perceived control of information. Journal of Business Ethics, 133, no. 1 (2016): 111-123.
[9] Zalbina, M. Ridwan, Tri Wanda Septian, Deris Stiawan, Moh Yazid Idris, Ahmad Heryanto, and Rahmat Budiarto. Payload recognition and detection of Cross Site Scripting attack. Paper present at the annual conference for Anti-Cyber Crimes (ICACC), 2017 2nd International Conference, 172-176. IEEE, Abha, 2017.
[10] Coinhive. Coinhive Monero JavaScript Mining. Coinhive. 2018. Accessed May 5, 2018.
https://coinhive.com/
[11] Eskandari, Shayan, Andreas Leoutsarakos, Troy Mursch, and Jeremy Clark. A rst look at browser-based Cryptojacking. Accessed May 5, 2018 arXiv preprint, arXiv:1803.02887, (2018).
[12] Miller, Keith W., Jerey Voas, and George F. Hurlburt. BYOD: Security and privacy considerations. I t Professional, 14, no. 5 (2012): 53-55.
[13] Kizza, Joseph Migga. Virus and Content Filtering. Paper presented at the annual conference for Guide to Computer Network Security, 325-343. Springer, London, 2015.
[14] Runeson, Per, Martin Host, Austen Rainer, and Bjorn Regnell. Case study research in software engineering Guidelines and examples. (New Jersey: John Wiley & Sons, 2012), 135-136.
[15] Pickavet, Mario, Willem Vereecken, Soe Demeyer, Pieter Audenaert, Brecht Vermeulen, Chris Develder, Didier Colle, Bart Dhoedt, and Piet Demeester. Worldwide energy needs for ICT: The rise of power-aware networking. Paper presented at the annual conference for Advanced Networks and Telecommunication Systems, 2008. ANTS'08. 2nd International Symposium on, 1-3. IEEE, Bombay, 2008.
[16] Torpey, Kyle. How Bitcoin Mining Could Solve One Of The Issues With Space-Based Solar Power. Forbes. 2018. Accessed May 5, 2017.
https://www.forbes.com/sites/ktorpey/2017/09/15/how-bitcoin-mining-could-solve-one-of-the-issues-with-
space-based-solar-power/#1d98e4a22c8d

Жүктелулер

Как цитировать

Bissaliyev, M. S., Nyussupov, A. T., & Mussiraliyeva, S. Z. (2018). Enterprise Security Assessment Framework for Cryptocurrency Mining Based on Monero. Қазұу Хабаршысы. Математика, механика, информатика сериясы, 98(2), 67–76. https://doi.org/10.26577/jmmcs-2018-2-400

Шығарылым

Бөлім

Компьютерлік ғылым