Cryptomining Cannot Change Its Spots: Detecting Covert Cryptomining Using Magnetic Side-Channel

With new cryptocurrencies being frequently introduced to the market, the demand for cryptomining - a fundamental operation associated with most of the cryptocurrencies - has initiated a new stream of earning financial gains. The cost associated with the lucrative cryptomining has driven general masses to unethically mine cryptocurrencies using “plundered” resources in the public organizations (e.g., universities) as well as in the corporate sector that follows Bring Your Own Device (BYOD) culture. Such exploitation of the resources causes financial detriment to the affected organizations, which often discover the abuse when the damage has already been done. In this paper, we present a novel approach that leverages magnetic side-channel to detect covert cryptomining. Our proposed approach works even when the examiner does not have login-access or root-privileges on the suspect device. It merely requires the physical proximity of the examiner and a magnetic sensor, which is often available on smartphones. The fundamental idea of our approach is to profile the magnetic field emission of a processor for the set of available mining algorithms. We built a complete implementation of our system using advanced machine learning techniques. In our experiments, we included all the cryptocurrencies supported by the top-10 mining pools, which collectively comprise the largest share (84% during Q3 2018) of the cryptomining market. Moreover, we tested our methodology primarily on two different laptops. By using the data recorded from the magnetometer of an ordinary smartphone, our classifier achieved an average precision of over 88% and an average F1 score of 87%. Apart from our primary goal - which is to identify covert cryptomining - we also performed four additional experiments to further evaluate our approach. We found that due to its underlying design, our system is future-ready and can readily adapt even to zero-day cryptocurrencies.

[1]  Christopher Krügel,et al.  MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense , 2018, CCS.

[2]  Eugene Tuv,et al.  Constructing High Dimensional Feature Space for Time Series Classification , 2007, PKDD.

[3]  Stefan Savage,et al.  Botcoin: Monetizing Stolen Cycles , 2014, NDSS.

[4]  Wenyao Xu,et al.  My Smartphone Knows What You Print: Exploring Smartphone-based Side-channel Attacks Against 3D Printers , 2016, CCS.

[5]  Eamonn J. Keogh,et al.  Searching and Mining Trillions of Time Series Subsequences under Dynamic Time Warping , 2012, KDD.

[6]  Mordechai Guri,et al.  ODINI: Escaping Sensitive Data From Faraday-Caged, Air-Gapped Computers via Magnetic Fields , 2018, IEEE Transactions on Information Forensics and Security.

[7]  V. Prasad Kodali,et al.  Engineering Electromagnetic Compatibility: Principles, Measurements, and Technologies , 1996 .

[8]  Eamonn J. Keogh,et al.  Experimental comparison of representation methods and distance measures for time series data , 2010, Data Mining and Knowledge Discovery.

[9]  Mordechai Guri,et al.  MAGNETO: Covert Channel between Air-Gapped Systems and Nearby Smartphones via CPU-Generated Magnetic Fields , 2018, Future Gener. Comput. Syst..

[10]  Samuel Kounev,et al.  Variations in CPU Power Consumption , 2016, ICPE.

[11]  Stan Salvador,et al.  FastDTW: Toward Accurate Dynamic Time Warping in Linear Time and Space , 2004 .

[12]  Meinard Müller,et al.  Memory-restricted multiscale dynamic time warping , 2016, 2016 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[13]  Nikita Borisov,et al.  Mining on Someone Else's Dime: Mitigating Covert Mining Operations in Clouds and Enterprises , 2017, RAID.

[14]  Gustavo E. A. P. A. Batista,et al.  Speeding Up All-Pairwise Dynamic Time Warping Matrix Calculation , 2016, SDM.

[15]  Theophano Mitsa,et al.  Temporal Data Mining , 2010 .

[16]  Meinard Müller,et al.  An Efficient Multiscale Approach to Audio Synchronization , 2006, ISMIR.

[17]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[18]  Matthew N. O. Sadiku,et al.  Elements of Electromagnetics , 1989 .

[19]  Donald J. Berndt,et al.  Using Dynamic Time Warping to Find Patterns in Time Series , 1994, KDD Workshop.

[20]  Eamonn J. Keogh,et al.  The great time series classification bake off: a review and experimental evaluation of recent algorithmic advances , 2016, Data Mining and Knowledge Discovery.

[21]  Eamonn J. Keogh,et al.  Exact indexing of dynamic time warping , 2002, Knowledge and Information Systems.

[22]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[23]  Jan Rüth,et al.  Digging into Browser-based Crypto Mining , 2018, Internet Measurement Conference.

[24]  Javid Taheri,et al.  SparseDTW: A Novel Approach to Speed up Dynamic Time Warping , 2009, AusDM.

[25]  Kevin W. Hamlen,et al.  SEISMIC: SEcure In-lined Script Monitors for Interrupting Cryptojacks , 2018, ESORICS.

[26]  Jeremy Clark,et al.  A First Look at Browser-Based Cryptojacking , 2018, 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[27]  Stefan Katzenbeisser,et al.  Covert channels using mobile device's magnetic field sensors , 2016, 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC).

[28]  Catherine H. Gebotys,et al.  Side Channel Analysis using giant magneto-resistive (GMR) sensors , 2011 .

[29]  Li Wei,et al.  Fast time series classification using numerosity reduction , 2006, ICML.

[30]  W. Marsden I and J , 2012 .

[31]  Qixu Liu,et al.  A Novel Approach for Detecting Browser-Based Silent Miner , 2018, 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC).