Abstract
Cybercriminals have been exploiting cryptocurrencies to commit various unique financial frauds. Covert cryptomining - which is defined as an unauthorized harnessing of victims’ computational resources to mine cryptocurrencies - is one of the prevalent ways nowadays used by cybercriminals to earn financial benefits. Such exploitation of resources causes financial losses to the victims. In this paper, we present our efficient approach to detect covert crypto- mining on users’ machine. Our solution is a generic solution that, unlike currently available solutions to detect covert cryptomining, is not tailored to a specific cryptocurrency or a particular form of cryptomining. In particular, we focus on the core mining algorithms and utilize Hardware Performance Counters (HPC) to create clean signatures that grasp the execution pattern of these algorithms on a processor. We built a complete implementation of our solution employing advanced machine learning techniques. We evaluated our methodology on two different processors through an exhaustive set of experiments. In our experiments, we considered all the cryptocurrencies mined by the top-10 mining pools, which collectively represent the largest share of the cryptomining market. Our results show that our classifier can achieve a near-perfect classification with samples of length as low as five seconds. Due to its robust and practical design, our solution can even adapt to zero-day cryptocurrencies. Finally, we believe our solution is scalable and can be deployed to tackle the uprising problem of covert cryptomining.
Original language | English |
---|---|
Title of host publication | Cryptology and Network Security |
Subtitle of host publication | 19th International Conference, CANS 202, Proceedings |
Editors | S. Krenn, H. Shulman, S. Vaudenay |
Place of Publication | Cham |
Publisher | Springer |
Pages | 344–364 |
Number of pages | 21 |
ISBN (Electronic) | 978-3-030-65411-5 |
ISBN (Print) | 978-3-030-65410-8 |
DOIs | |
Publication status | Published - 2020 |
Event | Cryptology And Network Security - Virtually due to Covid, Vienna, Austria Duration: 14 Dec 2020 → 16 Dec 2020 Conference number: 19th https://cans2020.at/ |
Publication series
Name | Part of the Lecture Notes in Computer Science book series (LNCS, volume 12579) |
---|---|
Publisher | Springer |
Volume | 12579 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | Cryptology And Network Security |
---|---|
Abbreviated title | CANS |
Country/Territory | Austria |
City | Vienna |
Period | 14/12/20 → 16/12/20 |
Internet address |
Keywords
- Cryptocurrency
- Machine learning
- Mining
- Profiling