Annual Computer Security Applications Conference (ACSAC) 2021

Full Program »

MineHunter: A Practical Cryptomining Traffic Detection Algorithm Based on Time Series Tracking

With the development of cryptocurrencies' market, the problem of cryptojacking, which is an unauthorized control of someone else's computer to mine cryptocurrency, has been more and more serious. Existing cryptojacking detection methods require to install anti-virus software on the host or load plug-in in the browser, which are difficult to deploy on enterprise or campus networks with a large number of hosts and servers. To bridge the gap, we propose MineHunter, a practical cryptomining traffic detection algorithm based on time series tracking. Instead of being deployed at the hosts, MineHunter detects the cryptomining traffic at the entrance of enterprise or campus networks. Minehunter has taken into account the challenges faced by the actual deployment environment, including extremely unbalanced datasets, controllable alarms, traffic confusion, and efficiency. The accurate network-level detection is achieved by analyzing the network traffic characteristics of cryptomining and investigating the association between the network flow sequence of cryptomining and the block creation sequence of cryptocurrency. We evaluate our algorithm at the entrance of a large office building in a campus network for a month. The total volumes exceed 28 TeraBytes. Our experimental results show that MineHunter can achieve precision of 97.0% and recall of 99.7%.

Shize Zhang
Tsinghua University

Zhiliang Wang
Tsinghua University

Jiahai Yang
Tsinghua University

Xin Cheng
Tsinghua University

XiaoQian Ma
Beijing Wuzi University

Hui Zhang
Tsinghua University

Bo Wang
Tsinghua University

Zimu Li
Tsinghua University

Jianping Wu
Tsinghua University

Paper (ACM DL)

Slides

Video

 



Powered by OpenConf®
Copyright©2002-2021 Zakon Group LLC