Cryptocurrency malware hunting: A deep Recurrent Neural Network approach

Abstract In recent years, cryptocurrency trades have increased dramatically, and this trend has attracted cyber-threat actors to exploit the existing vulnerabilities and infect their targets. The malicious actors use cryptocurrency malware to perform complex computational tasks using infected devices. Since cryptocurrency malware threats perform a legal process, it is a challenging task to detect this type of threat by a manual or heuristic method. In this paper, we propose a novel deep Recurrent Neural Network ( RNN ) learning model for hunting cryptocurrency malware threats. Specifically, our proposed model utilizes the RNN to analyze Windows applications’ operation codes (Opcodes) as a case study. We collect a real-world dataset that comprises of 500 cryptocurrency malware and 200 benign-ware samples, respectively. The proposed model trains with five different Long Short-Term Memory ( LSTM ) structures and is evaluated by a 10-fold cross-validation ( CV ) technique. The obtained results prove that a 3-layer configuration model gains 98% of detection accuracy, which is the highest rate among other current configurations. We also applied traditional machine learning ( ML ) classifiers to show the applicability of deep learners ( LSTM ) versus traditional models in dealing with cryptocurrency malware.

[1]  Ali Dehghantanha,et al.  Blockchain-Enabled Authentication Handover With Efficient Privacy Protection in SDN-Based 5G Networks , 2019, IEEE Transactions on Network Science and Engineering.

[2]  Giuseppe De Pietro,et al.  Deep neural network for hierarchical extreme multi-label text classification , 2019, Appl. Soft Comput..

[3]  Ricardo A. S. Fernandes,et al.  Predicting the direction, maximum, minimum and closing prices of daily Bitcoin exchange rate using machine learning techniques , 2019, Appl. Soft Comput..

[4]  Emin Gün Sirer,et al.  Majority is not enough , 2013, Financial Cryptography.

[5]  Ali Dehghantanha,et al.  Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence , 2018, IEEE Transactions on Emerging Topics in Computing.

[6]  Zhenlong Yuan,et al.  Droid-Sec: deep learning in android malware detection , 2015, SIGCOMM 2015.

[7]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[8]  Nitish Srivastava,et al.  Dropout: a simple way to prevent neural networks from overfitting , 2014, J. Mach. Learn. Res..

[9]  Martín Abadi,et al.  TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems , 2016, ArXiv.

[10]  Tooska Dargahi,et al.  A systematic , 2022 .

[11]  Qi Zhang,et al.  An Energy-Efficient SDN Controller Architecture for IoT Networks With Blockchain-Based Security , 2020, IEEE Transactions on Services Computing.

[12]  Zhenlong Yuan,et al.  DroidDetector: Android Malware Characterization and Detection Using Deep Learning , 2016 .

[13]  Jasni Mohamad Zain,et al.  WINDOWS PRIVILEGE ESCALATION THROUGH NETWORK BACKDOOR AND INFORMATION MINING USING USB HACKTOOL , 2018 .

[14]  Yoshua Bengio,et al.  A Neural Probabilistic Language Model , 2003, J. Mach. Learn. Res..

[15]  Zhang Wei,et al.  Analog circuit fault diagnosis using Ada Boost and SVM , 2008, 2008 International Conference on Communications, Circuits and Systems.

[16]  Moayad Aloqaily,et al.  Applied Comparative Evaluation of the Metasploit Evasion Module , 2019, 2019 IEEE Symposium on Computers and Communications (ISCC).

[17]  Samir Saadi,et al.  Portfolio diversification with virtual currency: Evidence from bitcoin , 2019, International Review of Financial Analysis.

[18]  Jan Rüth,et al.  Digging into Browser-based Crypto Mining , 2018, Internet Measurement Conference.

[19]  Fei-Yue Wang,et al.  Blockchain and Cryptocurrencies: Model, Techniques, and Applications , 2018, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[20]  Liang Xiao,et al.  Cloud-Based Malware Detection Game for Mobile Devices with Offloading , 2017, IEEE Transactions on Mobile Computing.

[21]  Kevin Jones,et al.  Early Stage Malware Prediction Using Recurrent Neural Networks , 2017, Comput. Secur..

[22]  Alexandru Vulpe,et al.  Crypto-Mining Application Fingerprinting Method , 2018, 2018 International Conference on Communications (COMM).

[23]  Uttam Ghosh,et al.  An Improved Communications in Cyber Physical System Architecture, Protocols and Applications , 2019, 2019 16th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[24]  Gautam Srivastava,et al.  Decentralized Authentication of Distributed Patients in Hospital Networks Using Blockchain , 2020, IEEE Journal of Biomedical and Health Informatics.

[25]  Moayad Aloqaily,et al.  A Blockchain Framework for Securing Connected and Autonomous Vehicles , 2019, Sensors.

[26]  Tomé Almeida Borges,et al.  Ensemble of machine learning algorithms for cryptocurrency investment with different data resampling methods , 2020, Appl. Soft Comput..

[27]  Ali Dehghantanha,et al.  Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning , 2019, IEEE Transactions on Sustainable Computing.

[28]  Ravikiran Vatrapu,et al.  A first estimation of the proportion of cybercriminal entities in the bitcoin ecosystem using supervised machine learning , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[29]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[30]  Rafiqul Islam,et al.  Protecting data from malware threats using machine learning technique , 2017, 2017 12th IEEE Conference on Industrial Electronics and Applications (ICIEA).

[31]  Jonathan Oliver,et al.  Mining Malware to Detect Variants , 2014, 2014 Fifth Cybercrime and Trustworthy Computing Conference.

[32]  Ali Dehghantanha,et al.  A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting , 2018, Future Gener. Comput. Syst..

[33]  Charles Kamhoua,et al.  Towards Secure Software-Defined Networking Integrated Cyber-Physical Systems: Attacks and Countermeasures , 2019, Cybersecurity and Privacy in Cyber-Physical Systems.

[34]  Konstantin Berlin,et al.  Deep neural network based malware detection using two dimensional binary program features , 2015, 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).

[35]  Yhlas Sovbetov Factors Influencing Cryptocurrency Prices: Evidence from Bitcoin, Ethereum, Dash, Litcoin, and Monero , 2018 .

[36]  Jürgen Schmidhuber,et al.  LSTM: A Search Space Odyssey , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[37]  Aaron Zimba,et al.  Crypto Mining Attacks in Information Systems: An Emerging Threat to Cyber Security , 2018, J. Comput. Inf. Syst..

[38]  Somdip Dey,et al.  Securing Majority-Attack in Blockchain Using Machine Learning and Algorithmic Game Theory: A Proof of Work , 2018, 2018 10th Computer Science and Electronic Engineering (CEEC).

[39]  Charles Elkan,et al.  Learning to Diagnose with LSTM Recurrent Neural Networks , 2015, ICLR.

[40]  Reza M. Parizi,et al.  A high-performance framework for a network programmable packet processor using P4 and FPGA , 2020, J. Netw. Comput. Appl..

[41]  Piotr Indyk,et al.  Approximate Nearest Neighbor: Towards Removing the Curse of Dimensionality , 2012, Theory Comput..

[42]  Reza M. Parizi,et al.  P4-to-blockchain: A secure blockchain-enabled packet parser for software defined networking , 2020, Comput. Secur..