International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Detecting A Crypto-mining Malware By Deep Learning Analysis

  • Aljehani, Shahad (Department of Computer Science, College of Computer and Information Systems, Umm Al-Qura University) ;
  • Alsuwat, Hatim (Department of Computer Science, College of Computer and Information Systems, Umm Al-Qura University)
  • Received : 2022.06.05
  • Published : 2022.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Crypto-mining malware (known as crypto-jacking) is a novel cyber-attack that exploits the victim's computing resources such as CPU and GPU to generate illegal cryptocurrency. The attacker get benefit from crypto-jacking by using someone else's mining hardware and their electricity power. This research focused on the possibility of detecting the potential crypto-mining malware in an environment by analyzing both static and dynamic approaches of deep learning. The Program Executable (PE) files were utilized with deep learning methods which are Long Short-Term Memory (LSTM). The finding revealed that LTSM outperformed both SVM and RF in static and dynamic approaches with percentage of 98% and 96%, respectively. Future studies will focus on detecting the malware using larger dataset to have more accurate and realistic results.

Keywords

References

  1. Darabian, Hamid & Homayounoot, Sajad & Dehghantanha, Ali & Hashemi, Sattar & Karimipour, Hadis & Parizi, Reza & Choo, Kim-Kwang Raymond. (2020). Detecting Cryptomining Malware: a Deep Learning Approach for Static and Dynamic Analysis. Journal of Grid Computing. 18. 10.1007/s10723-020-09510-6.
  2. A. Pastor et al., "Detection of Encrypted Cryptomining Malware Connections With Machine and Deep Learning," in IEEE Access, vol. 8, pp. 158036-158055, 2020, doi: 10.1109/ACCESS.2020.3019658.
  3. A. Marshall, "Combined crypto market capitalization races past $800 bln," https://cointelegraph.com/news/combined-crypto-market-capitalization-races-past-800-bln, accessed: 2020-02-28.
  4. Hemdan, E.ED., El-Shafai, W. & Sayed, A. CR19: a framework for preliminary detection of COVID-19 in cough audio signals using machine learning algorithms for automated medical diagnosis applications. J Ambient Intell Human Comput (2022). https://doiorg.sdl.idm.oclc.org/10.1007/s12652-022-03732-0
  5. J. Park, S. Park, K. Kim and D. Lee, "CORUS: Blockchain-Based Trustworthy Evaluation System for Efficacy of Healthcare Remedies," 2018 IEEE International Conference on Cloud Computing Technology and Science
  6. Dimiduk, D.M., Holm, E.A. & Niezgoda, S.R. Perspectives on the Impact of Machine Learning, Deep Learning, and Artificial Intelligence on Materials, Processes, and Structures Engineering. Integr Mater Manuf Innov 7, 157-172 (2018). https://doi.org/10.1007/s40192-018-0117-8
  7. Sinnott, Richard & Wu, Fang & Chen, Wenbin. (2018). A Mobile Application for Dog Breed Detection and Recognition Based on Deep Learning. 87-96. 10.1109/BDCAT.2018.00019.
  8. F. Z. Meskini and R. Aboulaich, "Multi-agent based simulation of a smart insurance using Blockchain technology," 2019 Third International Conference on Intelligent Computing in Data Sciences (ICDS), 2019, pp. 1-6, doi: 10.1109/ICDS47004.2019.8942270.
  9. M. A. Razali and S. M. Shariff, "Cmblock: In-browser detection and prevention cryptojacking tool using blacklist and behavior- based detection method," in International Visual Informatics Conference (IVIC). Springer, 2019, pp. 404-414.
  10. A. D. Yulianto, P. Sukarno, A. A. Warrdana, and M. Al Makky, "Mitigation of cryptojacking attacks using taint analysis," in 2019 4th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE). IEEE, 2019, pp. 234-238.
  11. M. Caprolu, S. Raponi, G. Oligeri, and R. Di Pietro, "Crypto mining makes noise," arXiv:1910.09272, 2019.
  12. J. Liu, Z. Zhao, X. Cui, Z. Wang, and Q. Liu, "A novel approach for detecting browser-based silent miner," in 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC). IEEE, 2018, pp. 490-497.
  13. J. Rauchberger, S. Schrittwieser, T. Dam, R. Luh, D. Buhov, G. Potzelsberger, and H. Kim, "The other side of the coin: A framework for detecting and analyzing web-based cryptocurrency mining campaigns," in Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES), 2018, pp. 1-10.
  14. I. Petrov, L. Invernizzi, and E. Bursztein, "Coinpolice: Detecting hidden cryptojacking attacks with neural networks," arXiv:2006.10861, 2020.Workshop on Mobile Cloud Computing & Services: Social Networks and Beyond (2010)
  15. Hassan, Nurul & Jain, Nishchay & Chandna, Vinay. (2018). BLOCKCHAIN, CRYPTOCURRENCY AND BITCOIN.
  16. Laila, Fetjah & Azbeg, Kebira & Ouchetto, Ouail & jai andaloussi, Said. (2021). Towards a Smart Healthcare System: An Architecture Based on IoT, Blockchain, and Fog Computing. International Journal of Healthcare Information Systems and Informatics. 16. 1-18. 10.4018/IJHISI.20211001.oa16.
  17. Ullah, I. et al. (2022) 'Certificate-Based Signature Scheme for Industrial Internet of Things Using Hyperelliptic Curve Cryptography', Wireless Communications & Mobile Computing, pp. 1-8. doi: 10.1155/2022/7336279.
  18. Dar, MA, Askar, A, Alyahya, D & Bhat, SA 2021, 'Lightweight and Secure Elliptical Curve Cryptography (ECC) Key Exchange for Mobile Phones', International Journal of Interactive Mobile Technologies, vol. 15, no. 23, pp. 89-103. https://doi.org/10.3991/ijim.v15i23.26337
  19. Bitcoin.org. 2022. Bitcoin - Open source P2P money. [online] Available at: [Accessed 12 March 2022].
  20. Alkaeed, MK, Alamro, Z, Al-Ali, MS, Al-Mohammed, HA & Khan, KM 2020, 'Highlight on Cryptocurrencies Mining with CPUs and GPUs and their Benefits Based on their Characteristics', 2020 IEEE 10th International Conference on System Engineering and Technology (ICSET), System Engineering and Technology (ICSET), 2020 IEEE 10th International Conference on, pp. 67-72.
  21. Wheeler, KA & Bowers, AW 2019, 'A Comparative Power Quality Analysis of Cryptocurrency Mining Loads', 2019 IEEE Canadian Conference of Electrical and Computer Engineering (CCECE), Electrical and Computer Engineering (CCECE), 2019 IEEE Canadian Conference of, pp. 1-5
  22. Nadeau, M., 2022. What is cryptojacking? How to prevent, detect, and recover from it. [online] CSO Online. Available at: [Accessed 12 March 2022].
  23. Ning, R, Wang, C, Xin, C, Li, J, Zhu, L & Wu, H n.d., 'CapJack: Capture In-Browser Crypto-jacking by Deep Capsule Network through Behavioral Analysis', Proceedings - IEEE INFOCOM, vol. 2019-April, pp. 1873-1881.
  24. E. Tekiner, A. Acar, A. S. Uluagac, E. Kirda and A. A. Selcuk, "SoK: Cryptojacking Malware," 2021 IEEE European Symposium on Security and Privacy (EuroS&P), 2021, pp. 120-139, doi: 10.1109/EuroSP51992.2021.00019.
  25. Zimba, A, Zhaoshun Wang, Hongsong Chen & Mulenga, M 2019, 'Recent Advances in Cryptovirology: State-of-the-Art Crypto Mining and Crypto Ransomware Attacks', KSII Transactions on Internet & Information Systems, vol. 13, no. 6, pp. 3258-3279. https://doi.org/10.3837/tiis.2019.06.027
  26. J. Ruth, T. Zimmermann, K. Wolsing, and O. Hohlfeld, "Digging into browser-based crypto mining," in Proceedings of the Internet Measurement Conference (IMC) 2018, 2018, pp. 70-76.
  27. "Browser-based deep behavioral detection of web cryptomining with coinspy," in Workshop on Measurements, Attacks, and De-fenses for the Web (MADWeb) 2020, 2020, pp. 1-12.
  28. H. N. C. Neto, M. A. Lopez, N. C. Fernandes, and D. M. Mattos, "Minecap: super incremental learning for detecting and blocking cryptocurrency mining on software-defined networking," Annals of Telecommunications, pp. 1-11, 2020.
  29. W.Wang, B.Ferrell, X.Xu, K.W.Hamlen, and S.Hao,"Seismic: Secure in-lined script monitors for interrupting cryptojacks," in European Symposium on Research in Computer Security (ES- ORICS). Springer, 2018, pp. 122-142.
  30. R.K.Konoth, E.Vineti, V.Moonsamy, M.Lindorfer, C.Kruegel, H. Bos, and G. Vigna, "Minesweeper: An in-depth look into drive- by cryptocurrency mining and its defense," in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2018, pp. 1714-1730.
  31. "Browser-based deep behavioral detection of web cryptomining with coinspy," in Workshop on Measurements, Attacks, and De- fenses for the Web (MADWeb) 2020, 2020, pp. 1-12.
  32. M. Musch, C. Wressnegger, M. Johns, and K. Rieck, "Thieves in the browser: Web-based cryptojacking in the wild," in Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES), 2019, pp. 1-10.
  33. W. Bian, W. Meng, and M. Zhang, "Minethrottle: Defending against wasm in-browser cryptojacking," in Proceedings of The Web Conference (WWW) 2020, 2020, pp. 3112-3118.
  34. I. Petrov, L. Invernizzi, and E. Bursztein, "Coinpolice: Detecting hidden cryptojacking attacks with neural networks," arXiv:2006.10861, 2020.
  35. M. Caprolu, S. Raponi, G. Oligeri, and R. Di Pietro, "Crypto mining makes noise," arXiv:1910.09272, 2019.
  36. J. Z. i Munoz, J. Suarez-Varela, and P. Barlet-Ros, "Detecting cryptocurrency miners with netflow/ipfix network measurements," in 2019 IEEE International Symposium on Measurements & Networking (M&N). IEEE, 2019, pp. 1-6.
  37. H. Darabian, S. Homayounoot, A. Dehghantanha, S. Hashemi, H. Karimipour, R. M. Parizi, and K.-K. R. Choo, "Detecting cryptomining malware: a deep learning approach for static and dynamic analysis," Journal of Grid Computing, pp. 1-11, 2020.
  38. Yazdinejad, A., HaddadPajouh, H., Dehghantanha, A., Parizi, R., Srivastava, G., & Chen, M. (2020). Cryptocurrency malware hunting: A deep Recurrent Neural Network approach. Applied Soft Computing, 96, 106630. doi: 10.1016/j.asoc.2020.106630