poster

POSTER: Content-Agnostic Identification of Cryptojacking in Network Traffic

Authors:

Yebo Feng,

Devkishen Sisodia,

Jun LiAuthors Info & Claims

ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

Pages 907 - 909

https://doi.org/10.1145/3320269.3405440

Published: 05 October 2020 Publication History

Get Access

Abstract

In this paper, we propose a method that detects cryptojacking activities by analyzing content-agnostic network traffic flows. Our method first distinguishes crypto-mining activities by profiling the traffic with fast Fourier transform at each time window. It then generates the variation vectors between adjacent time windows and leverages a recurrent neural network to identify the cryptojacking patterns. Compared with the existing approaches, this method is privacy-preserving and can identify both browser-based and malware-based cryptojacking activities. Additionally, this method is easy to deploy. It can monitor all the devices within a network by accessing packet headers from the gateway router.

References

[1]

Benedict Alibasa. 2019. Hackers Infect 50,000 Servers With Sophisticated Crypto Mining Malware. https://www.coindesk.com/hackers-infect-50000-servers-with-sophisticated-crypto-mining-malware.

Google Scholar

[2]

Hamid Darabian, Sajad Homayounoot, Ali Dehghantanha, Sattar Hashemi, Hadis Karimipour, Reza M Parizi, and Kim-Kwang Raymond Choo. 2020. Detecting Cryptomining Malware: a Deep Learning Approach for Static and Dynamic Analysis. Journal of Grid Computing (2020), 1--11.

Google Scholar

[3]

Yebo Feng, Jun Li, Lei Jiao, and Xintao Wu. 2019. BotFlowMon: Learning-based, Content-Agnostic Identification of Social Bot Traffic Flows. In IEEE Conference on Communications and Network Security (CNS).

Google Scholar

[4]

Geng Hong, Zhemin Yang, Sen Yang, Lei Zhang, Yuhong Nan, Zhibo Zhang, Min Yang, Yuan Zhang, Zhiyun Qian, and Haixin Duan. [n.d.]. How you get shot in the back: A systematical study about cryptojacking in the real world. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.

Google Scholar

[5]

Yessi Bello Perez. 2019. Unsuspecting victims were cryptojacked 52.7 million times in the first half of 2019. https://thenextweb.com/hardfork/2019/07/24/cryptojacking-cryptocurrency-million-hits-first-half-2019/.

Google Scholar

[6]

Ruben Recabarren and Bogdan Carbunar. 2017. Hardening stratum, the bitcoin pool mining protocol. Proceedings on Privacy Enhancing Technologies 3 (2017), 57--74.

Crossref

Google Scholar

[7]

Rashid Tahir, Sultan Durrani, Faizan Ahmed, Hammas Saeed, Fareed Zaffar, and Saqib Ilyas. 2019. The browsers strike back: countering cryptojacking and parasitic miners on the web. In IEEE Conference on Computer Communications.

Digital Library

Google Scholar

[8]

Said Varlioglu, Bilal Gonen, Murat Ozer, and Mehmet F Bastug. 2020. Is Cryptojacking Dead after Coinhive Shutdown? arXiv preprint arXiv:2001.02975 (2020).

Google Scholar

[9]

Aaron Zimba, Zhaoshun Wang, Mwenge Mulenga, and Nickson Herbert Odongo. 2018. Crypto mining attacks in information systems: An emerging threat to cyber security. Journal of Computer Information Systems (2018), 1--12.

Google Scholar

Cited By

View all

Kwedza PChindipha S(2023)Cryptojacking Detection in Cloud Infrastructure Using Network Traffic2023 International Conference on Electrical, Computer and Energy Technologies (ICECET)10.1109/ICECET58911.2023.10389593(1-6)Online publication date: 16-Nov-2023
https://doi.org/10.1109/ICECET58911.2023.10389593
Feng YLi JSisodia D(2022)CJ-Sniffer: Measurement and Content-Agnostic Detection of Cryptojacking TrafficProceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3545948.3545973(482-494)Online publication date: 26-Oct-2022
https://dl.acm.org/doi/10.1145/3545948.3545973
Russo MŠrndić NLaskov P(2021)Detection of illicit cryptomining using network metadataEURASIP Journal on Information Security10.1186/s13635-021-00126-12021:1Online publication date: 4-Dec-2021
https://doi.org/10.1186/s13635-021-00126-1
Show More Cited By

Index Terms

POSTER: Content-Agnostic Identification of Cryptojacking in Network Traffic
1. Networks
  1. Network services
    1. Network monitoring
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation

Recommendations

CJ-Sniffer: Measurement and Content-Agnostic Detection of Cryptojacking Traffic
RAID '22: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses

With the continuous appreciation of cryptocurrency, cryptojacking, the act by which computing resources are stolen to mine cryptocurrencies, is becoming more rampant. In this paper, we conduct a measurement study on cryptojacking network traffic and ...
MineThrottle: Defending against Wasm In-Browser Cryptojacking
WWW '20: Proceedings of The Web Conference 2020

In-browser cryptojacking is an urgent threat to web users, where an attacker abuses the users’ computing resources without obtaining their consent. In-browser mining programs are usually developed in WebAssembly (Wasm) for its great performance. Several ...
Poster: Adversarial Perturbation Attacks on the State-of-the-Art Cryptojacking Detection System in IoT Networks
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

The popularity of cryptocurrency raised a new cyber security threat dubbed cryptojacking representing malicious activities for abusing victims' computing resources without their consent to mine cryptocurrency. Recently, Tekiner et al. [1] proposed an ...

Comments

Information & Contributors

Information

Published In

ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

October 2020

957 pages

ISBN:9781450367509

DOI:10.1145/3320269

General Chairs:
Hung-Min Sun
National Tsing Hua University, Taiwan
,
Shiuhpyng Shieh
National Chiao Tung University, Taiwan
,
Program Chairs:
Guofei Gu
Texas A&M University, USA
,
Giuseppe Ateniese
Stevens Institute of Technology, USA

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 October 2020

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

Ripple Labs Inc.

Conference

ASIA CCS '20

Sponsor:

SIGSAC

ASIA CCS '20: The 15th ACM Asia Conference on Computer and Communications Security

October 5 - 9, 2020

Taipei, Taiwan

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
229
Total Downloads

Downloads (Last 12 months)32
Downloads (Last 6 weeks)4

Reflects downloads up to 23 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Kwedza PChindipha S(2023)Cryptojacking Detection in Cloud Infrastructure Using Network Traffic2023 International Conference on Electrical, Computer and Energy Technologies (ICECET)10.1109/ICECET58911.2023.10389593(1-6)Online publication date: 16-Nov-2023
https://doi.org/10.1109/ICECET58911.2023.10389593
Feng YLi JSisodia D(2022)CJ-Sniffer: Measurement and Content-Agnostic Detection of Cryptojacking TrafficProceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3545948.3545973(482-494)Online publication date: 26-Oct-2022
https://dl.acm.org/doi/10.1145/3545948.3545973
Russo MŠrndić NLaskov P(2021)Detection of illicit cryptomining using network metadataEURASIP Journal on Information Security10.1186/s13635-021-00126-12021:1Online publication date: 4-Dec-2021
https://doi.org/10.1186/s13635-021-00126-1
Gu ZGou GHou CXiong GLi Z(2021)LFETT2021: A Large-scale Fine-grained Encrypted Tunnel Traffic Dataset2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom53373.2021.00048(240-249)Online publication date: Oct-2021
https://doi.org/10.1109/TrustCom53373.2021.00048
Sun PPeng LYang BLiu S(2021)A Novel Feature Method for Fast Extraction of Mining Traffic2021 IEEE 23rd Int Conf on High Performance Computing & Communications; 7th Int Conf on Data Science & Systems; 19th Int Conf on Smart City; 7th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys)10.1109/HPCC-DSS-SmartCity-DependSys53884.2021.00127(783-790)Online publication date: Dec-2021
https://doi.org/10.1109/HPCC-DSS-SmartCity-DependSys53884.2021.00127
Feng YLi JJiao LWu X(2020)Towards Learning-Based, Content-Agnostic Detection of Social Bot TrafficIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.3047399(1-1)Online publication date: 2020
https://doi.org/10.1109/TDSC.2020.3047399

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

CJ-Sniffer: Measurement and Content-Agnostic Detection of Cryptojacking Traffic

MineThrottle: Defending against Wasm In-Browser Cryptojacking

Poster: Adversarial Perturbation Attacks on the State-of-the-Art Cryptojacking Detection System in IoT Networks