Abstract
With the rise in worth and popularity of cryptocurrencies,
a new opportunity for criminal gain is being exploited
and with little currently offered in the way of defence. The cost
of mining (i.e. earning cryptocurrency through CPU-intensive
calculations that underpin the blockchain technology) can be
prohibitively expensive, with hardware costs and electrical overheads
previously offering a loss compared to the cryptocurrency
gained. Off-loading these costs along a distributed network of
machines via malware offers an instantly profitable scenario,
though standard Anti-virus (AV) products offer some defences
against file-based threats. However, newer fileless malicious
attacks, occurring through the browser on seemingly legitimate
websites, can easily evade detection and surreptitiously engage
the victim machine in computationally-expensive cryptomining
(cryptojacking).
With no current academic literature on the dynamic opcode
analysis of cryptomining, to the best of our knowledge, we
present the first such experimental study. Indeed, this is the first
such work presenting opcode analysis on non-executable files.
Our results show that browser-based cryptomining within our
dataset can be detected by dynamic opcode analysis, with
accuracies of up to 100%. Further to this, our model can
distinguish between cryptomining sites, weaponized benign sites,
de-weaponized cryptomining sites and real world benign sites. As
it is process-based, our technique offers an opportunity to rapidly
detect, prevent and mitigate such attacks, a novel contribution
which should encourage further future work
Original language | English |
---|---|
Title of host publication | Proceedings of the 2018 International conference on privacy, security, and trust (PST 2018) |
Publication status | Published - 28 Aug 2018 |
Event | Privacy, Security and Trust 2018 - Belfast, United Kingdom Duration: 28 Aug 2018 → 30 Aug 2018 |
Conference
Conference | Privacy, Security and Trust 2018 |
---|---|
Abbreviated title | PST 2018 |
Country/Territory | United Kingdom |
City | Belfast |
Period | 28/08/2018 → 30/08/2018 |
Fingerprint
Dive into the research topics of 'Detecting Cryptomining Using Dynamic Analysis'. Together they form a unique fingerprint.Datasets
-
Dataset for "MANiC: Multi-step Assessment for Crypto-miners"
Burgess, J. (Creator), Queen's University Belfast, 25 Feb 2020
DOI: 10.17034/ea782cda-b3ac-4fc3-b78b-c81324453280
Dataset
File
Student theses
-
Investigation of browser and web-based threats
Burgess, J. (Author), McLaughlin, K. (Supervisor) & Sezer, S. (Supervisor), Jul 2023Student thesis: Doctoral Thesis › Doctor of Philosophy
File