MANiC: Multi-step Assessment for Crypto-miners

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Forthcoming

    View graph of relations

    Modern Browsers have become sophisticated applications that provide a portal to the internet. Browsers host a complex mix of interpreters such as HTML and JavaScript which allow the user's browser to perform malicious activities, this threat is known as browser-hijacking. These types of attacks can be particularly difficult to detect as they usually operate within the scope of normal browser behaviour. CryptoJacking is a form of browser-hijacking which has emerged as a result of the increased popularity and profitability of cryptocurrencies and the introduction of new cryptocurrencies that promote CPU-based mining.

    This paper proposes MANiC (Multi-step AssessmeNt for Crypto-miners); a system to detect CryptoJacking websites. It uses regular expressions compiled in accordance with the API structure of different miner families to detect crypto-mining scripts and extract parameters that could be used to detect suspicious behaviour associated with CryptoJacking. When MANiC was used to analyse the Alexa top 1m websites, it detected 887 malicious URLs containing miners from 11 different families. We propose that MANiC can be used to provide insights into this new threat, identify new potential features of interest and establish a ground-truth dataset to assist future research.

    Documents

    • MANiC: Multi-step Assessment for Crypto-miners

      Rights statement: Copyright 2019 IEEE. This work is made available online in accordance with the publisher’s policies. Please refer to any applicable terms of use of the publisher.

      Accepted author manuscript, 313 KB, PDF-document

      Embargo ends: 22/05/2020

    Original languageEnglish
    Title of host publicationInternational Conference on Cyber Security and Protection of Digital Services 03/06/2019 → 04/06/2019 Oxford, United Kingdom
    Publisher IEEE
    Publication statusAccepted - 26 Mar 2019
    EventInternational Conference on Cyber Security and Protection of Digital Services - University of Oxford, Oxford, United Kingdom
    Duration: 03 Jun 201904 Jun 2019

    Conference

    ConferenceInternational Conference on Cyber Security and Protection of Digital Services
    Abbreviated titleCyberSecurity2019
    CountryUnited Kingdom
    CityOxford
    Period03/06/201904/06/2019

      Research areas

    • CryptoJacking, Malware, Cyber-Security

    ID: 170662932