DeepAI AI Chat
Log In Sign Up

Crypto Mining Makes Noise

by   Maurantonio Caprolu, et al.

A new cybersecurity attack (cryptojacking) is emerging, in both the literature and in the wild, where an adversary illicitly runs Crypto-clients software over the devices of unaware users. This attack has been proved to be very effective given the simplicity of running a Crypto-client into a target device, e.g., by means of web-based Java scripting. In this scenario, we propose Crypto-Aegis, a solution to detect and identify Crypto-clients network traffic–even when it is VPN-ed. In detail, our contributions are the following: (i) We identify and model a new type of attack, i.e., the sponge-attack, being a generalization of cryptojacking; (ii) We provide a detailed analysis of real network traffic generated by 3 major cryptocurrencies; (iii) We investigate how VPN tunneling shapes the network traffic generated by Crypto-clients by considering two major VPNbrands; (iv) We propose Crypto-Aegis, a Machine Learning (ML) based framework that builds over the previous steps to detect crypto-mining activities; and, finally, (v) We compare our results against competing solutions in the literature. Evidence from of our experimental campaign show the exceptional quality and viability of our solution–Crypto-Aegis achieves an F1-score of 0.96 and an AUC of 0.99. Given the extent and novelty of the addressed threat we believe that our approach and our results, other than being interesting on their own, also pave the way for further research in this area.


page 8

page 9

page 10


Extraction of Complex DNN Models: Real Threat or Boogeyman?

Recently, machine learning (ML) has introduced advanced solutions to man...

V2X-Boosted Federated Learning for Cooperative Intelligent Transportation Systems with Contextual Client Selection

Machine learning (ML) has revolutionized transportation systems, enablin...

Decentralized Lightweight Detection of Eclipse Attacks on Bitcoin Clients

Clients of permissionless blockchain systems, like Bitcoin, rely on an u...

Construction of Two Statistical Anomaly Features for Small-Sample APT Attack Traffic Classification

Advanced Persistent Threat (APT) attack, also known as directed threat a...

SplitGP: Achieving Both Generalization and Personalization in Federated Learning

A fundamental challenge to providing edge-AI services is the need for a ...

Very Pwnable Network: Cisco AnyConnect Security Analysis

Corporate Virtual Private Networks (VPNs) enable users to work from home...

A Continued Fraction-Hyperbola based Attack on RSA cryptosystem

In this paper we present new arithmetical and algebraic results followin...