	US 12,068,936 B2
	Detection of unauthorized cryptomining
Dylan Reid, Atlanta, GA (US); and Joseph Soryal, Ridgewood, NY (US)
Assigned to AT&T Intellectual Property I, L.P., Atlanta, GA (US)
Filed by AT&T Intellectual Property I, L.P., Atlanta, GA (US)
Filed on Oct. 25, 2021, as Appl. No. 17/452,219.
Application 17/452,219 is a continuation of application No. 16/601,677, filed on Oct. 15, 2019, granted, now 11,159,407.
Prior Publication US 2022/0045925 A1, Feb. 10, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 15/16 (2006.01); H04L 9/06 (2006.01); H04L 9/08 (2006.01); H04L 43/0876 (2022.01); H04L 45/125 (2022.01); H04L 47/72 (2022.01); H04L 9/00 (2022.01)

CPC H04L 43/0876 (2013.01) [H04L 9/0643 (2013.01); H04L 9/0819 (2013.01); H04L 9/088 (2013.01); H04L 45/125 (2013.01); H04L 47/72 (2013.01); H04L 9/50 (2022.05)]

20 Claims

1. A method comprising:

determining, by a processing system of a device, an electricity utilization of the device is in excess of an electricity utilization threshold;

obtaining, by the processing system in response to the determining, utilization information of the device comprising: processor utilization information, memory utilization information, and network utilization information;

detecting, by the processing system in response to the obtaining, from the utilization information of the device, a pattern comprising: a first network utilization burst, a processor utilization exceeding a processor utilization threshold and a memory utilization exceeding a memory utilization threshold over at least a designated period of time following the first network utilization burst, and a second network utilization burst after at least the designated period of time; and

generating, by the processing system, an unauthorized cryptomining alert in response to the detecting the pattern.