How to detect cryptocurrency miners? By traffic forensics!

Abstract Cryptocurrencies set a new trend for a financial interaction between people. In order to successfully meet this use-case, cryptocurrencies combine various advanced information technologies (e.g., blockchain as a replicated database, asymmetrical ciphers and hashes guaranteeing integrity properties, peer-to-peer networking providing fault-tolerant service). Mining process not only introduces new cryptocurrency units, but it has become a business how to generate revenue in real life. This paper aims at different approaches how to detect cryptocurrency mining within corporate networks (where it should not be present). Mining activity is often a sign of malware presence or unauthorized exploitation of company resources. The article provides an in-depth overview of pooled mining process including deployment and operational details. Two detection methods and their implementations are available for network administrators, law enforcement agents and the general public interested in cryptocurrency mining forensics.

[1]  Stefan Savage,et al.  Botcoin: Monetizing Stolen Cycles , 2014, NDSS.

[2]  Reuben Grinberg Bitcoin: An Innovative Alternative Digital Currency , 2011 .

[3]  Jeffrey S. Rosenschein,et al.  Bitcoin Mining Pools: A Cooperative Game Theoretic Analysis , 2015, AAMAS.

[4]  A.W.G. de Vries Bitcoin's Growing Energy Problem , 2018 .

[5]  Feng Hao,et al.  ZombieCoin: Powering Next-Generation Botnets with Bitcoin , 2015, Financial Cryptography Workshops.

[6]  Elaine Shi,et al.  The Ring of Gyges: Investigating the Future of Criminal Smart Contracts , 2016, CCS.

[7]  Karl J. O'Dwyer,et al.  Bitcoin mining and its energy footprint , 2014 .

[8]  Beverly Johnson The advantages and disadvantages of the Deep Web, Tor network, virtual currencies and the regulatory challenges thereof , 2014 .

[9]  Benoit Claise,et al.  Cisco Systems NetFlow Services Export Version 9 , 2004, RFC.

[10]  Joshua A. Kroll,et al.  The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries , 2013 .

[11]  Aiko Pras,et al.  Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX , 2014, IEEE Communications Surveys & Tutorials.

[12]  Leyla Bilge,et al.  Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks , 2015, DIMVA.

[13]  Hana Kubatova,et al.  NEMEA: A framework for network traffic analysis , 2016, 2016 12th International Conference on Network and Service Management (CNSM).

[14]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[15]  Syed Taha Ali,et al.  Bitcoin: Perils of an Unregulated Global P2P Currency , 2015, Security Protocols Workshop.

[16]  W. Timothy Strayer,et al.  Using Machine Learning Techniques to Identify Botnet Traffic , 2006 .

[17]  Zubair A. Baig,et al.  Ransomware: Emergence of the cyber-extortion menace , 2015 .

[18]  The Silk Road, Bitcoins and the Global Prohibition Regime on the International Trade in Illicit Drugs: Can this Storm Be Weathered? , 2015 .

[19]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques, 3rd Edition , 1999 .