Detecting Illicit Cryptocurrency Mining Activity in Cloud Computing Platform

Cloud computing adoption in IT infrastructure is one of the key elements in the digital transformation strategy of an organization. The features such as on-demand self-service, resource allocation elasticity and massive scalability that cloud solutions offer have further accelerated adoption during Covid-19 Pandemics. This is because during a lockdown, the organization IT infrastructure must be able to cater for the dynamic requirements while supporting a remote working environment for their employees. Although cloud computing adoption brings many benefits to the organization, cloud users can abuse the cloud platform to conduct illicit cryptocurrency mining activity. The illicit crypto mining activity could be also caused by the spread of malware or security breaches on the cloud computing platform. The unwanted crypto mining activities will cause financial loss to the organization due to increased power consumption because of constant CPU utilization, inflated cooling needs and wasteful computing cycle. To address the problem, this paper proposed a method to effectively detect cryptocurrency mining activity in cloud computing environments. In the method, the cloud’s system metrics were collected, pre-processed, and then undergoes features extraction. Then the AD3 algorithm was used to process the values of the features to separate the noise caused by the background process and crypto mining activity for anomaly detection. To evaluate the effectiveness of the proposed method, it was tested on the cloud platform running an OpenStack and the result shows that the proposed method can effectively detect crypto-mining activity and differentiate it from other background activity noise. During mining activity was simulated, the graph of features density values shows a significant drop indicating an anomaly. The method can be further expanded to detect anomalies in a hybrid cloud or container-based environment