Visible to the public Behavior-Based Detection of Cryptojacking Malware

TitleBehavior-Based Detection of Cryptojacking Malware
Publication TypeConference Paper
Year of Publication2020
AuthorsTanana, D.
Conference Name2020 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT)
Keywordsbehavior-based detection, behavioral analysis, browser-based cryptojacking, complex detection technique, Computer crime, CPU load, cryptocurrencies, cryptojacking, Cryptojacking detection, cryptojacking malware, Cybercrime, cybercriminals, data mining, decision tree algorithm, Decision trees, detection program, executable-type cryptojacking, Human Behavior, illegitimate profit, Internet, invasive software, malicious mining, Metrics, pubcrawl, ransomware, resilience, Resiliency, virtual machine environment
AbstractWith rise of cryptocurrency popularity and value, more and more cybercriminals seek to profit using that new technology. Most common ways to obtain illegitimate profit using cryptocurrencies are ransomware and cryptojacking also known as malicious mining. And while ransomware is well-known and well-studied threat which is obvious by design, cryptojacking is often neglected because it's less harmful and much harder to detect. This article considers question of cryptojacking detection. Brief history and definition of cryptojacking are described as well as reasons for designing custom detection technique. We also propose complex detection technique based on CPU load by an application, which can be applied to both browser-based and executable-type cryptojacking samples. Prototype detection program based on our technique was designed using decision tree algorithm. The program was tested in a controlled virtual machine environment and achieved 82% success rate against selected number of cryptojacking samples. Finally, we'll discuss generalization of proposed technique for future work.
Citation Keytanana_behavior-based_2020