Top

Published in:

2020 | OriginalPaper | Chapter

Detecting Covert Cryptomining Using HPC

Authors : Ankit Gangwal, Samuele Giuliano Piazzetta, Gianluca Lain, Mauro Conti

Published in: Cryptology and Network Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Cybercriminals have been exploiting cryptocurrencies to commit various unique financial frauds. Covert cryptomining - which is defined as an unauthorized harnessing of victims’ computational resources to mine cryptocurrencies - is one of the prevalent ways nowadays used by cybercriminals to earn financial benefits. Such exploitation of resources causes financial losses to the victims.

In this paper, we present our efficient approach to detect covert cryptomining on users’ machine. Our solution is a generic solution that, unlike currently available solutions to detect covert cryptomining, is not tailored to a specific cryptocurrency or a particular form of cryptomining. In particular, we focus on the core mining algorithms and utilize Hardware Performance Counters (HPC) to create clean signatures that grasp the execution pattern of these algorithms on a processor. We built a complete implementation of our solution employing advanced machine learning techniques. We evaluated our methodology on two different processors through an exhaustive set of experiments. In our experiments, we considered all the cryptocurrencies mined by the top-10 mining pools, which collectively represent the largest share of the cryptomining market. Our results show that our classifier can achieve a near-perfect classification with samples of length as low as five seconds. Due to its robust and practical design, our solution can even adapt to zero-day cryptocurrencies. Finally, we believe our solution is scalable and can be deployed to tackle the uprising problem of covert cryptomining.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Arcula: A Secure Hierarchical Deterministic Wallet for Multi-asset Blockchains

next chapter Lightweight Virtual Payment Channels

Available only for authorised users

A machine consistently performs heavy computations while it does cryptomining, which, in turn, continuously draws electricity.

spritz.math.unipd.it/projects/cryptojackers/.

An event is defined as a countable activity, action, or occurrence on a device.

To refer to different cryptocurrencies, we use their standard ticker symbol. See Table 3 for acronyms and their corresponding cryptocurrencies.

We use the term “PoW” to represent different consensus algorithms.

Basic events, measured by Performance Monitoring Units (PMU).

Measurable by kernel counters.

Data- and instruction-cache hardware events.

Coinhive. https://tinyurl.com/ybsy89k2

CoinMarketCap. https://tinyurl.com/o94fhlw

Crypto-Loot. https://tinyurl.com/y76ppd5g

The nvprof Tool. https://tinyurl.com/y8tqxn74

The perf Tool. https://tinyurl.com/ybpmxw8

The stress-ng Tool. https://tinyurl.com/my6ehnj

An Italian Bank’s Server was Hijacked to Mine Bitcoin (2017). https://tinyurl.com/yac8c8jq

Persistent Drive-by Cryptomining Coming to a Browser Near You (2017). https://tinyurl.com/yd5roadb

Bitcoin Energy Consumption Index (2018). https://tinyurl.com/y8w5yj9l

10.

Cryptojacking: A Modern Cash Cow (2018). https://tinyurl.com/y28eqdav

11.

Cryptojacking Attack Found on Los Angeles Times Website (2018). https://tinyurl.com/y8ghcvmd

12.

FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation (2018). https://tinyurl.com/yd2zja9q

13.

Greedy Cybercriminals Host Malware on GitHub (2018). https://tinyurl.com/y9qon8ch

14.

Is Bitcoin Mining Profitable or Worth it in 2018? (2018). https://tinyurl.com/ybnydb8g

15.

KSN Report: Ransomware and Malicious Cryptominers 2016–2018 (2018). https://tinyurl.com/y29kybtx

16.

Revenues Down, Hashrates Up: 2018 Mining Outlook by the Numbers (2018). https://tinyurl.com/yc586s9v

17.

rTorrent Client Exploited in the Wild to Deploy Monero Crypto-miner (2018). https://tinyurl.com/yaqy7u3k

18.

Tesla Hackers Hijacked Amazon Cloud Account to Mine Cryptocurrency (2018). https://tinyurl.com/y9epv3do

19.

UK ICO, USCourts.gov. Thousands of Websites Hijacked by Hidden Crypto-mining Code after Popular Plug-in Pwned (2018). https://tinyurl.com/y7upaxgv

20.

WebCobra Malware Uses Victims’ Computers to Mine Cryptocurrency (2018). https://tinyurl.com/ycuhowb3

21.

Bitcoin Mining Pools (2019). https://tinyurl.com/y8pdk922

22.

Feature Importances with Forests of Trees (2019). https://tinyurl.com/y3nlad2h

23.

IBM X-Force Threat Intelligence Index (2019). https://tinyurl.com/y5nbprve

24.

SonicWall Cyber Threat Report (2019). https://tinyurl.com/y3wj69s7

25.

Under the Hood of Cyber Crime (2019). https://tinyurl.com/ydhauj8x

26.

Bonneau, J., et al.: SoK: research perspectives and challenges for bitcoin and cryptocurrencies. In: 36th IEEE S&P, pp. 104–121 (2015)

27.

Chiappetta, M., et al.: Real-time detection of cache-based side-channel attacks using hardware performance counters. Appl. Soft Comput. 49, 1162–1174 (2016)CrossRef

28.

Comodo Cybersecurity: Global Threat Report Q2 2018 Edition (2018). https://tinyurl.com/y8eos9pl

29.

Conti, M., et al.: On the economic significance of ransomware campaigns: a bitcoin transactions perspective. Comput. Secur. 79, 162–189 (2018)CrossRef

30.

Cortes, C., Vapnik, V.: Support vector networks. Mach. Learn. 20(3), 273–297 (1995)CrossRefMATH

31.

Cyber Threat Alliance (CTA): The illicit cryptocurrency mining threat report (2018). https://tinyurl.com/yco7cykl

32.

Demme, J., et al.: On the feasibility of online malware detection with performance counters. In: 40th ISCA, pp. 559–570 (2013)

33.

Gangwal, A., Conti, M.: Cryptomining cannot change its spots: detecting covert cryptomining using magnetic side-channel. IEEE Trans. Inf. Forensics Secur. 15(1), 1630–1639 (2019)

34.

Ho, T.K.: Random decision forests. In: 3rd ICDAR, pp. 278–282 (1995)

35.

Hsu, C.W., et al.: A practical guide to support vector classification. Tech. rep. (2003)

36.

Huang, D.Y., et al.: Botcoin: monetizing stolen cycles. In: 21st NDSS, pp. 1–16 (2014)

37.

Konoth, R.K., et al.: MineSweeper: an in-depth look into drive-by cryptocurrency mining and its defense. In: 25th ACM CCS (2018)

38.

Liu, J., et al.: A novel approach for detecting browser-based silent miner. In: 3rd IEEE DSC, pp. 490–497 (2018)

39.

Mora, C., et al.: Bitcoin emissions alone could push global warming above \(2\,^{\circ }\rm C\). Nat. Clim. Change 8(11), 931–933 (2018)CrossRef

40.

Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). https://tinyurl.com/3f4a6lr

41.

Rauchberger, J., et al.: The other side of the coin: a framework for detecting and analyzing web-based cryptocurrency mining campaigns. In: 13th ARES, pp. 1–10 (2018)

42.

Rüth, J., et al.: Digging into browser-based crypto mining. arXiv preprint: 1808.00811 (2018)

43.

Tahir, R., et al.: Mining on someone else’s dime: mitigating covert mining operations in clouds and enterprises. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 287–310. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66332-6_13

44.

Wang, W., Ferrell, B., Xu, X., Hamlen, K.W., Hao, S.: SEISMIC: SEcure In-lined Script Monitors for Interrupting Cryptojacks. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11099, pp. 122–142. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98989-1_7CrossRef

45.

Wang, X., et al.: ConFirm: detecting firmware modifications in embedded systems using hardware performance counters. In: 34th IEEE/ACM ICCAD, pp. 544–551 (2015)

46.

Wang, X., et al.: Hardware performance counter-based malware identification and detection with adaptive compressive sensing. ACM TACO 13(1), 1–23 (2016)

47.

Wang, X., Karri, R.: NumChecker: detecting kernel control-flow modifying rootkits by using hardware performance counters. In: 50th DAC, pp. 1–7 (2013)

48.

Yuan, L., et al.: Security breaches as PMU deviation: detecting and identifying security attacks using performance counters. In: 2nd ACM SIGOPS APSys, pp. 1–6 (2011)

Title: Detecting Covert Cryptomining Using HPC
Authors: Ankit Gangwal
Samuele Giuliano Piazzetta
Gianluca Lain
Mauro Conti
Publisher: Springer International Publishing
Book: Cryptology and Network Security
Print ISBN: 978-3-030-65410-8

Electronic ISBN: 978-3-030-65411-5

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-65411-5_17

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner