Cryptomining makes noise: Detecting cryptojacking via Machine Learning
<p dir="ltr">Cryptojacking occurs when an adversary illicitly runs crypto-mining software over the devices of unaware users. This novel cybersecurity attack, that is emerging in both the literature and in the wild, has proved to be very effective given the simplicity of running a cry...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | , , |
| Published: |
2021
|
| Subjects: | |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1864513561809649664 |
|---|---|
| author | Maurantonio Caprolu (16928412) |
| author2 | Simone Raponi (14158911) Gabriele Oligeri (14151426) Roberto Di Pietro (16864155) |
| author2_role | author author author |
| author_facet | Maurantonio Caprolu (16928412) Simone Raponi (14158911) Gabriele Oligeri (14151426) Roberto Di Pietro (16864155) |
| author_role | author |
| dc.creator.none.fl_str_mv | Maurantonio Caprolu (16928412) Simone Raponi (14158911) Gabriele Oligeri (14151426) Roberto Di Pietro (16864155) |
| dc.date.none.fl_str_mv | 2021-04-01T00:00:00Z |
| dc.identifier.none.fl_str_mv | 10.1016/j.comcom.2021.02.016 |
| dc.relation.none.fl_str_mv | https://figshare.com/articles/journal_contribution/Cryptomining_makes_noise_Detecting_cryptojacking_via_Machine_Learning/24080691 |
| dc.rights.none.fl_str_mv | CC BY 4.0 info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Information and computing sciences Cybersecurity and privacy Distributed computing and systems software Machine learning Machine Learning Network traffic analysis Security Cryptojacking Cryptocurrencies Blockchain |
| dc.title.none.fl_str_mv | Cryptomining makes noise: Detecting cryptojacking via Machine Learning |
| dc.type.none.fl_str_mv | Text Journal contribution info:eu-repo/semantics/publishedVersion text contribution to journal |
| description | <p dir="ltr">Cryptojacking occurs when an adversary illicitly runs crypto-mining software over the devices of unaware users. This novel cybersecurity attack, that is emerging in both the literature and in the wild, has proved to be very effective given the simplicity of running a crypto-client into a target device. Several countermeasures have recently been proposed, with different features and performance, but all characterized by a host-based architecture. The cited solutions, designed to protect the individual user, are not suitable for efficiently protecting a corporate network, especially against insiders. In this paper, we propose a network-based approach to detect and identify crypto-clients activities by solely relying on the network traffic, even when encrypted and mixed with non-malicious traces. First, we provide a detailed analysis of the real network traces generated by three major cryptocurrencies, Bitcoin, Monero, and Bytecoin, considering both the normal traffic and the one shaped by a VPN. Then, we propose Crypto-Aegis, a Machine Learning (ML) based framework built over the results of our investigation, aimed at detecting cryptocurrencies related activities, e.g., pool mining, solo mining, and active full nodes. Our solution achieves a striking 0.96 of F1-score and 0.99 of AUC for the ROC, while enjoying a few other properties, such as device and infrastructure independence. Given the extent and novelty of the addressed threat we believe that our approach, supported by its excellent results, pave the way for further research in this area.</p><h2>Other Information</h2><p dir="ltr">Published in: Computer Communications<br>License: <a href="https://creativecommons.org/licenses/by/4.0/legalcode" target="_blank">https://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1016/j.comcom.2021.02.016" target="_blank">https://dx.doi.org/10.1016/j.comcom.2021.02.016</a></p> |
| eu_rights_str_mv | openAccess |
| id | Manara2_8682645d82b1ec40208748664600de40 |
| identifier_str_mv | 10.1016/j.comcom.2021.02.016 |
| network_acronym_str | Manara2 |
| network_name_str | Manara2 |
| oai_identifier_str | oai:figshare.com:article/24080691 |
| publishDate | 2021 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| rights_invalid_str_mv | CC BY 4.0 |
| spelling | Cryptomining makes noise: Detecting cryptojacking via Machine LearningMaurantonio Caprolu (16928412)Simone Raponi (14158911)Gabriele Oligeri (14151426)Roberto Di Pietro (16864155)Information and computing sciencesCybersecurity and privacyDistributed computing and systems softwareMachine learningMachine LearningNetwork traffic analysisSecurityCryptojackingCryptocurrenciesBlockchain<p dir="ltr">Cryptojacking occurs when an adversary illicitly runs crypto-mining software over the devices of unaware users. This novel cybersecurity attack, that is emerging in both the literature and in the wild, has proved to be very effective given the simplicity of running a crypto-client into a target device. Several countermeasures have recently been proposed, with different features and performance, but all characterized by a host-based architecture. The cited solutions, designed to protect the individual user, are not suitable for efficiently protecting a corporate network, especially against insiders. In this paper, we propose a network-based approach to detect and identify crypto-clients activities by solely relying on the network traffic, even when encrypted and mixed with non-malicious traces. First, we provide a detailed analysis of the real network traces generated by three major cryptocurrencies, Bitcoin, Monero, and Bytecoin, considering both the normal traffic and the one shaped by a VPN. Then, we propose Crypto-Aegis, a Machine Learning (ML) based framework built over the results of our investigation, aimed at detecting cryptocurrencies related activities, e.g., pool mining, solo mining, and active full nodes. Our solution achieves a striking 0.96 of F1-score and 0.99 of AUC for the ROC, while enjoying a few other properties, such as device and infrastructure independence. Given the extent and novelty of the addressed threat we believe that our approach, supported by its excellent results, pave the way for further research in this area.</p><h2>Other Information</h2><p dir="ltr">Published in: Computer Communications<br>License: <a href="https://creativecommons.org/licenses/by/4.0/legalcode" target="_blank">https://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1016/j.comcom.2021.02.016" target="_blank">https://dx.doi.org/10.1016/j.comcom.2021.02.016</a></p>2021-04-01T00:00:00ZTextJournal contributioninfo:eu-repo/semantics/publishedVersiontextcontribution to journal10.1016/j.comcom.2021.02.016https://figshare.com/articles/journal_contribution/Cryptomining_makes_noise_Detecting_cryptojacking_via_Machine_Learning/24080691CC BY 4.0info:eu-repo/semantics/openAccessoai:figshare.com:article/240806912021-04-01T00:00:00Z |
| spellingShingle | Cryptomining makes noise: Detecting cryptojacking via Machine Learning Maurantonio Caprolu (16928412) Information and computing sciences Cybersecurity and privacy Distributed computing and systems software Machine learning Machine Learning Network traffic analysis Security Cryptojacking Cryptocurrencies Blockchain |
| status_str | publishedVersion |
| title | Cryptomining makes noise: Detecting cryptojacking via Machine Learning |
| title_full | Cryptomining makes noise: Detecting cryptojacking via Machine Learning |
| title_fullStr | Cryptomining makes noise: Detecting cryptojacking via Machine Learning |
| title_full_unstemmed | Cryptomining makes noise: Detecting cryptojacking via Machine Learning |
| title_short | Cryptomining makes noise: Detecting cryptojacking via Machine Learning |
| title_sort | Cryptomining makes noise: Detecting cryptojacking via Machine Learning |
| topic | Information and computing sciences Cybersecurity and privacy Distributed computing and systems software Machine learning Machine Learning Network traffic analysis Security Cryptojacking Cryptocurrencies Blockchain |