论文信息 - The Other Side of the Coin: A Framework for Detecting and Analyzing Web-based Cryptocurrency Mining Campaigns

The Other Side of the Coin: A Framework for Detecting and Analyzing Web-based Cryptocurrency Mining Campaigns

Mining for crypto currencies is usually performed on high-performance single purpose hardware or GPUs. However, mining can be easily parallelized and distributed over many less powerful systems. Cryptojacking is a new threat on the Internet and describes code included in websites that uses a visitor's CPU to mine for crypto currencies without the their consent. This paper introduces MiningHunter, a novel web crawling framework which is able to detect mining scripts even if they obfuscate their malicious activities. We scanned the Alexa Top 1 million websites for cryptojacking, collected more than 13,400,000 unique JavaScript files with a total size of 246 GB and found that 3,178 websites perform cryptocurrency mining without their visitors' consent. Furthermore, MiningHunter can be used to provide an in-depth analysis of cryptojacking campaigns. To show the feasibility of the proposed framework, three of such campaigns are examined in detail. Our results provide the most comprehensive analysis to date of the spread of cryptojacking on the Internet.

[1] He Liu,et al. Click Trajectories: End-to-End Analysis of the Spam Value Chain , 2011, 2011 IEEE Symposium on Security and Privacy.

[2] Fang Yu,et al. Knowing your enemy: understanding and detecting malicious web advertising , 2012, CCS '12.

[3] Jérôme Segura. A look into the global ‘ drive-by cryptocurrency mining ’ phenomenon , 2017 .

[4] Stefan Savage,et al. Botcoin: Monetizing Stolen Cycles , 2014, NDSS.

[5] Daniel Davis Wood,et al. ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[6] Gianluca Stringhini,et al. The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements , 2014, Internet Measurement Conference.

[7] Tsz Hon Yuen,et al. RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero , 2017, ESORICS.

[8] Satoshi Nakamoto. Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[9] Elmar Gerhards-Padilla,et al. Case study of the Miner Botnet , 2012, 2012 4th International Conference on Cyber Conflict (CYCON 2012).

[10] Nicolas van Saberhagen. CryptoNote v 2.0 , 2013 .

[11] Jeffrey S. Rosenschein,et al. Bitcoin Mining Pools: A Cooperative Game Theoretic Analysis , 2015, AAMAS.

[12] Jeremy Clark,et al. SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.