Detecting Cryptojacking in Cloud Environments: A Systematic Review of AI-Based Defenses, Deployment Challenges, and Research Gaps

Detecting Cryptojacking in Cloud Environments: A Systematic Review of AI-Based Defenses, Deployment Challenges, and Research Gaps | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Detecting Cryptojacking in Cloud Environments: A Systematic Review of AI-Based Defenses, Deployment Challenges, and Research Gaps Amitabh Chakravorty, Nelly Elsayed This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-8627518/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Cryptojacking is an increasingly prevalent threat in modern cloud computing environments, where adversaries covertly hijack virtual machines, container platforms, and distributed IoT resources to mine cryptocurrency. Unlike traditional malware, cryptojacking often mimics legitimate high-intensity workloads, enabling it to persist undetected while consuming substantial computational and financial resources. The elasticity, multi-tenancy, and automation inherent to cloud systems further amplify the impact of these attacks and complicate detection.This paper presents a comprehensive systematic literature review of artificial intelligence (AI)-based techniques for detecting cryptojacking in cloud environments. Forty-one peer-reviewed studies are analyzed, covering machine learning, deep and hybrid models, transfer learning, and federated detection frameworks. The study synthesizes how these approaches operate across different layers of cloud systems, including host, network, hypervisor, and container runtime telemetry, and examines their effectiveness against modern attack strategies such as fileless mining, encrypted Stratum communication, and container abuse.In addition, this study critically evaluates dataset availability, class imbalance, reproducibility, scalability, and operational overhead, which are factors that strongly influence real-world deployment but are often underreported. Moreover, a validation study using publicly available datasets is conducted to evaluate representative machine learning models in terms of detection performance, computational cost, and sensitivity to preprocessing choices. The results confirm that high reported accuracies do not necessarily translate into deployable solutions under realistic workload conditions.The findings highlight a substantial gap between experimental performance and operational feasibility of AI-based cryptojacking defenses in cloud systems and outline future directions toward scalable, reproducible, and cloud-native detection mechanisms for next-generation distributed computing environments. Cryptojacking Cloud computing Artificial intelligence Machine learning Scalability Reproducibility Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-8627518","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":598650718,"identity":"fbd452c6-03df-4e65-b4fb-515eb986180c","order_by":0,"name":"Amitabh Chakravorty","email":"","orcid":"","institution":"University of Cincinnati","correspondingAuthor":false,"prefix":"","firstName":"Amitabh","middleName":"","lastName":"Chakravorty","suffix":""},{"id":598650719,"identity":"95532200-b33d-4590-b420-6b8e364e88cd","order_by":1,"name":"Nelly Elsayed","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA/klEQVRIiWNgGAWjYDACdijNDyYNLCA8HnxamKG0ZANYiwQJWgwOgCkitPAzsz/8zFNxJ3HzjeSnG34USDAYHD/A+OBtG24tks08xtI8Z54lbruRZnazB+gwgzMJzIZz8WgxOMzDIM3bdhioJYftBg9Iyw0GNqAIbi32h9kf/+b9dzhx84wctpt/IFrYf+PTYsDMYCbN23A4cYNEDtttmC3M+LRIHOYxs5xz7LDxjDPPzG7LGEjwSJ5JbJaccw63Fv729sc33tQclu1vT352880fGzm+44cPfnhThlsLCDABY8GxAcoBshkb8CiGAMYfwGAgqGoUjIJRMApGLgAAoi5PE/mdwRgAAAAASUVORK5CYII=","orcid":"","institution":"University of Cincinnati","correspondingAuthor":true,"prefix":"","firstName":"Nelly","middleName":"","lastName":"Elsayed","suffix":""}],"badges":[],"createdAt":"2026-01-17 17:08:32","currentVersionCode":1,"declarations":{"humanSubjects":false,"vertebrateSubjects":false,"conflictsOfInterestStatement":false,"humanSubjectEthicalGuidelines":false,"humanSubjectConsent":false,"humanSubjectClinicalTrial":false,"humanSubjectCaseReport":false,"vertebrateSubjectEthicalGuidelines":false},"doi":"10.21203/rs.3.rs-8627518/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-8627518/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":104400924,"identity":"aaeb47cc-c3ff-403b-870d-646eee623a9d","added_by":"auto","created_at":"2026-03-11 12:11:26","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":1994937,"visible":true,"origin":"","legend":"","description":"","filename":"Cryptojacking.pdf","url":"https://assets-eu.researchsquare.com/files/rs-8627518/v1_covered_dcb82075-724d-49b4-a952-640db43cea66.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Detecting Cryptojacking in Cloud Environments: A Systematic Review of AI-Based Defenses, Deployment Challenges, and Research Gaps","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":true,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Cryptojacking, Cloud computing, Artificial intelligence, Machine learning, Scalability, Reproducibility","lastPublishedDoi":"10.21203/rs.3.rs-8627518/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-8627518/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"Cryptojacking is an increasingly prevalent threat in modern cloud computing environments, where adversaries covertly hijack virtual machines, container platforms, and distributed IoT resources to mine cryptocurrency. Unlike traditional malware, cryptojacking often mimics legitimate high-intensity workloads, enabling it to persist undetected while consuming substantial computational and financial resources. The elasticity, multi-tenancy, and automation inherent to cloud systems further amplify the impact of these attacks and complicate detection.This paper presents a comprehensive systematic literature review of artificial intelligence (AI)-based techniques for detecting cryptojacking in cloud environments. Forty-one peer-reviewed studies are analyzed, covering machine learning, deep and hybrid models, transfer learning, and federated detection frameworks. The study synthesizes how these approaches operate across different layers of cloud systems, including host, network, hypervisor, and container runtime telemetry, and examines their effectiveness against modern attack strategies such as fileless mining, encrypted Stratum communication, and container abuse.In addition, this study critically evaluates dataset availability, class imbalance, reproducibility, scalability, and operational overhead, which are factors that strongly influence real-world deployment but are often underreported. Moreover, a validation study using publicly available datasets is conducted to evaluate representative machine learning models in terms of detection performance, computational cost, and sensitivity to preprocessing choices. The results confirm that high reported accuracies do not necessarily translate into deployable solutions under realistic workload conditions.The findings highlight a substantial gap between experimental performance and operational feasibility of AI-based cryptojacking defenses in cloud systems and outline future directions toward scalable, reproducible, and cloud-native detection mechanisms for next-generation distributed computing environments.","manuscriptTitle":"Detecting Cryptojacking in Cloud Environments: A Systematic Review of AI-Based Defenses, Deployment Challenges, and Research Gaps","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2026-03-02 20:09:54","doi":"10.21203/rs.3.rs-8627518/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"93df976e-1ba8-4a97-912e-e3f965804500","owner":[],"postedDate":"March 2nd, 2026","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2026-03-02T20:10:08+00:00","versionOfRecord":[],"versionCreatedAt":"2026-03-02 20:09:54","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-8627518","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-8627518","identity":"rs-8627518","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}