Detecting Cryptojacking in Cloud Environments: A Systematic Review of AI-Based Defenses, Deployment Challenges, and Research Gaps

Cryptojacking is an increasingly prevalent threat in modern cloud computing environments, where adversaries covertly hijack virtual machines, container platforms, and distributed IoT resources to mine cryptocurrency. Unlike traditional malware, cryptojacking often mimics legitimate high-intensity workloads, enabling it to persist undetected while consuming substantial computational and financial resources. The elasticity, multi-tenancy, and automation inherent to cloud systems further amplify the impact of these attacks and complicate detection.This paper presents a comprehensive systematic literature review of artificial intelligence (AI)-based techniques for detecting cryptojacking in cloud environments. Forty-one peer-reviewed studies are analyzed, covering machine learning, deep and hybrid models, transfer learning, and federated detection frameworks. The study synthesizes how these approaches operate across different layers of cloud systems, including host, network, hypervisor, and container runtime telemetry, and examines their effectiveness against modern attack strategies such as fileless mining, encrypted Stratum communication, and container abuse.In addition, this study critically evaluates dataset availability, class imbalance, reproducibility, scalability, and operational overhead, which are factors that strongly influence real-world deployment but are often underreported. Moreover, a validation study using publicly available datasets is conducted to evaluate representative machine learning models in terms of detection performance, computational cost, and sensitivity to preprocessing choices. The results confirm that high reported accuracies do not necessarily translate into deployable solutions under realistic workload conditions.The findings highlight a substantial gap between experimental performance and operational feasibility of AI-based cryptojacking defenses in cloud systems and outline future directions toward scalable, reproducible, and cloud-native detection mechanisms for next-generation distributed computing environments.