Detecting Cryptomining Using Dynamic Analysis

Domhnall Carlin, Philip O'Kane, Sakir Sezer, Jonah Burgess

Research output: Chapter in Book/Report/Conference proceedingConference contribution

44 Citations (Scopus)
2115 Downloads (Pure)

Abstract

With the rise in worth and popularity of cryptocurrencies, a new opportunity for criminal gain is being exploited and with little currently offered in the way of defence. The cost of mining (i.e. earning cryptocurrency through CPU-intensive calculations that underpin the blockchain technology) can be prohibitively expensive, with hardware costs and electrical overheads previously offering a loss compared to the cryptocurrency gained. Off-loading these costs along a distributed network of machines via malware offers an instantly profitable scenario, though standard Anti-virus (AV) products offer some defences against file-based threats. However, newer fileless malicious attacks, occurring through the browser on seemingly legitimate websites, can easily evade detection and surreptitiously engage the victim machine in computationally-expensive cryptomining (cryptojacking). With no current academic literature on the dynamic opcode analysis of cryptomining, to the best of our knowledge, we present the first such experimental study. Indeed, this is the first such work presenting opcode analysis on non-executable files. Our results show that browser-based cryptomining within our dataset can be detected by dynamic opcode analysis, with accuracies of up to 100%. Further to this, our model can distinguish between cryptomining sites, weaponized benign sites, de-weaponized cryptomining sites and real world benign sites. As it is process-based, our technique offers an opportunity to rapidly detect, prevent and mitigate such attacks, a novel contribution which should encourage further future work
Original languageEnglish
Title of host publicationProceedings of the 2018 International conference on privacy, security, and trust (PST 2018)
Publication statusPublished - 28 Aug 2018
EventPrivacy, Security and Trust 2018 - Belfast, United Kingdom
Duration: 28 Aug 201830 Aug 2018

Conference

ConferencePrivacy, Security and Trust 2018
Abbreviated titlePST 2018
Country/TerritoryUnited Kingdom
CityBelfast
Period28/08/201830/08/2018

Fingerprint

Dive into the research topics of 'Detecting Cryptomining Using Dynamic Analysis'. Together they form a unique fingerprint.

Cite this