System and method of detecting unauthorized access to computing resources for cryptomining

Assignee

• Acronis International GmbH · CH

Inventors

• Vadim Karasev · Moskovskiy, RU
• Sergey Lebedev · Moscow, RU
• Ravikant Tiwari · Moscow, RU
• Oleg Ishanov · Moscow, RU
• Evgeny A. Aseev · Moscow, RU
• Vladimir Strogov · Moscow, RU
• Serguei Beloussov · Moscow, RU
• Stanislav Protasov · Moscow, RU

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/033
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Disclosed herein are systems and method for detecting unauthorized access to computing resources for cryptomining. In one exemplary aspect, a method may detect that at least one process has been launched on a computer system. In response to the detecting, the method may collect data related to the launch of the at least one process. The method may compare the collected data with behavioral rules specifying compliant behavior on the computer system. The method may identify suspicious behavior associated with the at least one process in response to determining that the collected data does not meet the behavioral rules. The method may generate an alert indicative of the suspicious behavior. In response to identifying the suspicious behavior, the method may obtain telemetry data of the computer system, and may update the behavioral rules based on the telemetry data to improve accuracy of identifying further suspicious behavior.