Skip to main content

2020 | OriginalPaper | Buchkapitel

Detecting Covert Cryptomining Using HPC

verfasst von : Ankit Gangwal, Samuele Giuliano Piazzetta, Gianluca Lain, Mauro Conti

Erschienen in: Cryptology and Network Security

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Cybercriminals have been exploiting cryptocurrencies to commit various unique financial frauds. Covert cryptomining - which is defined as an unauthorized harnessing of victims’ computational resources to mine cryptocurrencies - is one of the prevalent ways nowadays used by cybercriminals to earn financial benefits. Such exploitation of resources causes financial losses to the victims.
In this paper, we present our efficient approach to detect covert cryptomining on users’ machine. Our solution is a generic solution that, unlike currently available solutions to detect covert cryptomining, is not tailored to a specific cryptocurrency or a particular form of cryptomining. In particular, we focus on the core mining algorithms and utilize Hardware Performance Counters (HPC) to create clean signatures that grasp the execution pattern of these algorithms on a processor. We built a complete implementation of our solution employing advanced machine learning techniques. We evaluated our methodology on two different processors through an exhaustive set of experiments. In our experiments, we considered all the cryptocurrencies mined by the top-10 mining pools, which collectively represent the largest share of the cryptomining market. Our results show that our classifier can achieve a near-perfect classification with samples of length as low as five seconds. Due to its robust and practical design, our solution can even adapt to zero-day cryptocurrencies. Finally, we believe our solution is scalable and can be deployed to tackle the uprising problem of covert cryptomining.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
A machine consistently performs heavy computations while it does cryptomining, which, in turn, continuously draws electricity.
 
3
An event is defined as a countable activity, action, or occurrence on a device.
 
4
To refer to different cryptocurrencies, we use their standard ticker symbol. See Table 3 for acronyms and their corresponding cryptocurrencies.
 
5
We use the term “PoW” to represent different consensus algorithms.
 
6
Basic events, measured by Performance Monitoring Units (PMU).
 
7
Measurable by kernel counters.
 
8
Data- and instruction-cache hardware events.
 
Literatur
26.
Zurück zum Zitat Bonneau, J., et al.: SoK: research perspectives and challenges for bitcoin and cryptocurrencies. In: 36th IEEE S&P, pp. 104–121 (2015) Bonneau, J., et al.: SoK: research perspectives and challenges for bitcoin and cryptocurrencies. In: 36th IEEE S&P, pp. 104–121 (2015)
27.
Zurück zum Zitat Chiappetta, M., et al.: Real-time detection of cache-based side-channel attacks using hardware performance counters. Appl. Soft Comput. 49, 1162–1174 (2016)CrossRef Chiappetta, M., et al.: Real-time detection of cache-based side-channel attacks using hardware performance counters. Appl. Soft Comput. 49, 1162–1174 (2016)CrossRef
29.
Zurück zum Zitat Conti, M., et al.: On the economic significance of ransomware campaigns: a bitcoin transactions perspective. Comput. Secur. 79, 162–189 (2018)CrossRef Conti, M., et al.: On the economic significance of ransomware campaigns: a bitcoin transactions perspective. Comput. Secur. 79, 162–189 (2018)CrossRef
30.
Zurück zum Zitat Cortes, C., Vapnik, V.: Support vector networks. Mach. Learn. 20(3), 273–297 (1995)CrossRefMATH Cortes, C., Vapnik, V.: Support vector networks. Mach. Learn. 20(3), 273–297 (1995)CrossRefMATH
32.
Zurück zum Zitat Demme, J., et al.: On the feasibility of online malware detection with performance counters. In: 40th ISCA, pp. 559–570 (2013) Demme, J., et al.: On the feasibility of online malware detection with performance counters. In: 40th ISCA, pp. 559–570 (2013)
33.
Zurück zum Zitat Gangwal, A., Conti, M.: Cryptomining cannot change its spots: detecting covert cryptomining using magnetic side-channel. IEEE Trans. Inf. Forensics Secur. 15(1), 1630–1639 (2019) Gangwal, A., Conti, M.: Cryptomining cannot change its spots: detecting covert cryptomining using magnetic side-channel. IEEE Trans. Inf. Forensics Secur. 15(1), 1630–1639 (2019)
34.
Zurück zum Zitat Ho, T.K.: Random decision forests. In: 3rd ICDAR, pp. 278–282 (1995) Ho, T.K.: Random decision forests. In: 3rd ICDAR, pp. 278–282 (1995)
35.
Zurück zum Zitat Hsu, C.W., et al.: A practical guide to support vector classification. Tech. rep. (2003) Hsu, C.W., et al.: A practical guide to support vector classification. Tech. rep. (2003)
36.
Zurück zum Zitat Huang, D.Y., et al.: Botcoin: monetizing stolen cycles. In: 21st NDSS, pp. 1–16 (2014) Huang, D.Y., et al.: Botcoin: monetizing stolen cycles. In: 21st NDSS, pp. 1–16 (2014)
37.
Zurück zum Zitat Konoth, R.K., et al.: MineSweeper: an in-depth look into drive-by cryptocurrency mining and its defense. In: 25th ACM CCS (2018) Konoth, R.K., et al.: MineSweeper: an in-depth look into drive-by cryptocurrency mining and its defense. In: 25th ACM CCS (2018)
38.
Zurück zum Zitat Liu, J., et al.: A novel approach for detecting browser-based silent miner. In: 3rd IEEE DSC, pp. 490–497 (2018) Liu, J., et al.: A novel approach for detecting browser-based silent miner. In: 3rd IEEE DSC, pp. 490–497 (2018)
39.
Zurück zum Zitat Mora, C., et al.: Bitcoin emissions alone could push global warming above \(2\,^{\circ }\rm C\). Nat. Clim. Change 8(11), 931–933 (2018)CrossRef Mora, C., et al.: Bitcoin emissions alone could push global warming above \(2\,^{\circ }\rm C\). Nat. Clim. Change 8(11), 931–933 (2018)CrossRef
41.
Zurück zum Zitat Rauchberger, J., et al.: The other side of the coin: a framework for detecting and analyzing web-based cryptocurrency mining campaigns. In: 13th ARES, pp. 1–10 (2018) Rauchberger, J., et al.: The other side of the coin: a framework for detecting and analyzing web-based cryptocurrency mining campaigns. In: 13th ARES, pp. 1–10 (2018)
42.
Zurück zum Zitat Rüth, J., et al.: Digging into browser-based crypto mining. arXiv preprint: 1808.00811 (2018) Rüth, J., et al.: Digging into browser-based crypto mining. arXiv preprint: 1808.00811 (2018)
43.
Zurück zum Zitat Tahir, R., et al.: Mining on someone else’s dime: mitigating covert mining operations in clouds and enterprises. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 287–310. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66332-6_13 Tahir, R., et al.: Mining on someone else’s dime: mitigating covert mining operations in clouds and enterprises. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 287–310. Springer, Cham (2017). https://​doi.​org/​10.​1007/​978-3-319-66332-6_​13
45.
Zurück zum Zitat Wang, X., et al.: ConFirm: detecting firmware modifications in embedded systems using hardware performance counters. In: 34th IEEE/ACM ICCAD, pp. 544–551 (2015) Wang, X., et al.: ConFirm: detecting firmware modifications in embedded systems using hardware performance counters. In: 34th IEEE/ACM ICCAD, pp. 544–551 (2015)
46.
Zurück zum Zitat Wang, X., et al.: Hardware performance counter-based malware identification and detection with adaptive compressive sensing. ACM TACO 13(1), 1–23 (2016) Wang, X., et al.: Hardware performance counter-based malware identification and detection with adaptive compressive sensing. ACM TACO 13(1), 1–23 (2016)
47.
Zurück zum Zitat Wang, X., Karri, R.: NumChecker: detecting kernel control-flow modifying rootkits by using hardware performance counters. In: 50th DAC, pp. 1–7 (2013) Wang, X., Karri, R.: NumChecker: detecting kernel control-flow modifying rootkits by using hardware performance counters. In: 50th DAC, pp. 1–7 (2013)
48.
Zurück zum Zitat Yuan, L., et al.: Security breaches as PMU deviation: detecting and identifying security attacks using performance counters. In: 2nd ACM SIGOPS APSys, pp. 1–6 (2011) Yuan, L., et al.: Security breaches as PMU deviation: detecting and identifying security attacks using performance counters. In: 2nd ACM SIGOPS APSys, pp. 1–6 (2011)
Metadaten
Titel
Detecting Covert Cryptomining Using HPC
verfasst von
Ankit Gangwal
Samuele Giuliano Piazzetta
Gianluca Lain
Mauro Conti
Copyright-Jahr
2020
DOI
https://doi.org/10.1007/978-3-030-65411-5_17