Crypto Mining Makes Noise

by   Maurantonio Caprolu, et al.

A new cybersecurity attack (cryptojacking) is emerging, in both the literature and in the wild, where an adversary illicitly runs Crypto-clients software over the devices of unaware users. This attack has been proved to be very effective given the simplicity of running a Crypto-client into a target device, e.g., by means of web-based Java scripting. In this scenario, we propose Crypto-Aegis, a solution to detect and identify Crypto-clients network traffic–even when it is VPN-ed. In detail, our contributions are the following: (i) We identify and model a new type of attack, i.e., the sponge-attack, being a generalization of cryptojacking; (ii) We provide a detailed analysis of real network traffic generated by 3 major cryptocurrencies; (iii) We investigate how VPN tunneling shapes the network traffic generated by Crypto-clients by considering two major VPNbrands; (iv) We propose Crypto-Aegis, a Machine Learning (ML) based framework that builds over the previous steps to detect crypto-mining activities; and, finally, (v) We compare our results against competing solutions in the literature. Evidence from of our experimental campaign show the exceptional quality and viability of our solution–Crypto-Aegis achieves an F1-score of 0.96 and an AUC of 0.99. Given the extent and novelty of the addressed threat we believe that our approach and our results, other than being interesting on their own, also pave the way for further research in this area.


page 8

page 9

page 10


Extraction of Complex DNN Models: Real Threat or Boogeyman?

Recently, machine learning (ML) has introduced advanced solutions to man...

V2X-Boosted Federated Learning for Cooperative Intelligent Transportation Systems with Contextual Client Selection

Machine learning (ML) has revolutionized transportation systems, enablin...

Decentralized Lightweight Detection of Eclipse Attacks on Bitcoin Clients

Clients of permissionless blockchain systems, like Bitcoin, rely on an u...

Construction of Two Statistical Anomaly Features for Small-Sample APT Attack Traffic Classification

Advanced Persistent Threat (APT) attack, also known as directed threat a...

Adversarial Machine Learning Threat Analysis in Open Radio Access Networks

The Open Radio Access Network (O-RAN) is a new, open, adaptive, and inte...

Efficient passive membership inference attack in federated learning

In cross-device federated learning (FL) setting, clients such as mobiles...

Collaborative SQL-injections detection system with machine learning

Data mining and information extraction from data is a field that has gai...

Please sign up or login with your details

Forgot password? Click here to reset