Detecting Covert Cryptomining using HPC

Ankit Gangwal, Samuele Giuliano Piazzetta, Gianluca Lain, Mauro Conti

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

8 Citations (Scopus)


Cybercriminals have been exploiting cryptocurrencies to commit various unique financial frauds. Covert cryptomining - which is defined as an unauthorized harnessing of victims’ computational resources to mine cryptocurrencies - is one of the prevalent ways nowadays used by cybercriminals to earn financial benefits. Such exploitation of resources causes financial losses to the victims. In this paper, we present our efficient approach to detect covert crypto- mining on users’ machine. Our solution is a generic solution that, unlike currently available solutions to detect covert cryptomining, is not tailored to a specific cryptocurrency or a particular form of cryptomining. In particular, we focus on the core mining algorithms and utilize Hardware Performance Counters (HPC) to create clean signatures that grasp the execution pattern of these algorithms on a processor. We built a complete implementation of our solution employing advanced machine learning techniques. We evaluated our methodology on two different processors through an exhaustive set of experiments. In our experiments, we considered all the cryptocurrencies mined by the top-10 mining pools, which collectively represent the largest share of the cryptomining market. Our results show that our classifier can achieve a near-perfect classification with samples of length as low as five seconds. Due to its robust and practical design, our solution can even adapt to zero-day cryptocurrencies. Finally, we believe our solution is scalable and can be deployed to tackle the uprising problem of covert cryptomining.
Original languageEnglish
Title of host publicationCryptology and Network Security
Subtitle of host publication19th International Conference, CANS 202, Proceedings
EditorsS. Krenn, H. Shulman, S. Vaudenay
Place of PublicationCham
PublisherSpringer Science+Business Media
Number of pages21
ISBN (Electronic)978-3-030-65411-5
ISBN (Print)978-3-030-65410-8
Publication statusPublished - 2020
EventCryptology And Network Security - Virtually due to Covid, Vienna, Austria
Duration: 14 Dec 202016 Dec 2020
Conference number: 19th

Publication series

NamePart of the Lecture Notes in Computer Science book series (LNCS, volume 12579)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceCryptology And Network Security
Abbreviated titleCANS
Internet address


  • Cryptocurrency
  • Machine learning
  • Mining
  • Profiling


Dive into the research topics of 'Detecting Covert Cryptomining using HPC'. Together they form a unique fingerprint.

Cite this