Dine and Dash: Static, Dynamic, and Economic Analysis of In-Browser Cryptojacking

Saad, Muhammad; Khormali, Aminollah; Mohaisen, Aziz

doi:10.1109/ecrime47957.2019.9037576

Cited by 20 publications

(17 citation statements)

References 39 publications

(39 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…from NoCoin [20]. However the size of this dataset is small, only ∼150 domains many of which are simply WebSocket proxy servers for PoW communications that can also be used by benign pages [38]. While the recent work of Outguard [21] does provide a list of domains they found to be participating in cryptojacking, we found that many of these are no longer participating in mining, or simply no longer exist.…”

Section: A Coinspy Model Training and Implementationmentioning

confidence: 97%

“…To increase the rate of PoW completions at the client, the miners typically spawn threads from the browser environment, known as WebWorkers [46]. The Web miner's servers, which actually manage the interactions with the blockchain, are often found from a rotating list of proxy servers as to avoid client-side blacklisting [21], [38]. The Web miner pays the Web server a cut of the cryptocurrency for any blocks successfully mined by the client (or a just fixed payout per compute cycles), similar in fashion to a finder's fee.…”

Section: B Web Mining At the Browsermentioning

confidence: 99%

“…Antivirus software such as Symmantec also detect cryptomining using a static signature. The problem is that static code signatures and pattern matching can be evaded, and such evasion techniques are already being deployed by cryptominers [16], [38].…”

Section: A Cryptomining On the Webmentioning

confidence: 99%

“…Another closely related work [38], supplements their static analyses, based on code length and complexity of cryptomining scripts, by providing a first look at how behavioral features change for sites under cryptomining. While they do not provide an explicit behavioral detector and accuracy metrics, they observe the changes in CPU Usage, Web Socket packet sizes, and browser power consumption.…”

Section: A Cryptomining On the Webmentioning

confidence: 99%

“…To date, there has been much work highlighting the presence, economic impact, and obtrusiveness, of Web mining [14], [37], [38]. There has also been an influx of recent works that focus on extracting features, both static and dynamic, of miners to build models for determining cryptomining behavior on Web pages [21], [16], [23].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Browser-Based Deep Behavioral Detection of Web Cryptomining with CoinSpy

Kelton¹,

Balasubramanian²,

Raghavendra³

et al. 2020

Proceedings 2020 Workshop on Measurements, Attacks, and Defenses for the Web

View full text Add to dashboard Cite

Although the cryptocurrency hype over the past year may be seen by some as a benign social fad, to the Web community it is the center point for a series of ethically dubious ransomware attacks. Browser based cryptomining, or cryptojacking has gained widespread attention. Cryptojacking consists of Web servers delivering cryptocurrency mining scripts to clients, and using the client resources to play part in a distributed coin mining scheme. Although Web server operators defend the ethics of their involvement by quoting mining as a substitute for advertisement revenue, these scripts can hog massive amounts of client-side resources and can be delivered without client consent, presenting a high potential for abuse. Regardless of how ethical these campaigns are, what remains constant is the need for their detection. While there has been an array of work in defending against such cryptojacking campaigns, these defenses remain quite preliminary. We present CoinSpy, an entirely in-browser tool built using deep learning techniques for the detection of cryptomining activity within Web pages. A key challenge is that there is limited visibility into the client resource usage from within the browser sandbox. CoinSpy extracts several signals from information available from the browser and combines them using deep learning to build a powerful cryptojacking classifier. We argue why CoinSpy is the most robust defense against current and future cryptojacking attacks as compared to recent work, and show that it can detect various cryptojacking campaigns with 97% accuracy.

show abstract

Section: A Coinspy Model Training and Implementationmentioning

confidence: 97%

Section: B Web Mining At the Browsermentioning

confidence: 99%

Section: A Cryptomining On the Webmentioning

confidence: 99%

Section: A Cryptomining On the Webmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Browser-Based Deep Behavioral Detection of Web Cryptomining with CoinSpy

Kelton¹,

Balasubramanian²,

Raghavendra³

et al. 2020

Proceedings 2020 Workshop on Measurements, Attacks, and Defenses for the Web

View full text Add to dashboard Cite

show abstract

A taxonomy of endpoint vulnerabilities and affected blockchain architecture layers

Noor,

Mustafa

2024

Concurrency and Computation

View full text Add to dashboard Cite

Blockchain technology has gained significant attention and adoption due to its decentralized nature, and promising secure and immutable transactions. The interpretation of Blockchain's components has been presented in an innovative manner, illustrating the features they enable or manage. However, its networks do not appear so immune to vulnerabilities like any other technological system. Among the typical weaknesses, endpoint vulnerabilities refer to weaknesses in the endpoints that interact with the blockchain network. They pose a significant risk to the security and integrity of the entire system. These vulnerabilities can affect blockchain networks including smart contract vulnerabilities, wallet vulnerabilities, and communication vulnerabilities. In view of the absence of any viable taxonomic description and associated value, we attempted a novel comprehensive classification of endpoint vulnerabilities. The proposed taxonomy is designed to logically categorize and classify the various endpoint vulnerabilities through a pictorial representation. It encompasses wallet vulnerabilities, malware, cryptojacking and human negligence. Additionally, this paper proposes a novel approach to mapping endpoint vulnerabilities to the blockchain abstract layer. It gives a unique way to study the vulnerabilities and layers' relation. Finally, the corresponding violated principles behind the vulnerabilities have been identified and indicated. By providing a structured taxonomy of endpoint vulnerabilities, this paper aims to enhance the understanding of the security challenges associated with blockchain applications. By understanding and addressing the taxonomy of endpoint vulnerabilities, blockchain practitioners and researchers can enhance blockchain networks' overall security and trustworthiness, paving the way for broader adoption and utilization of this transformative technology. It may have implications in terms of identifying, linking, developing control, and finally mitigating endpoint vulnerabilities in the rapidly changing environment.

show abstract

Measuring Cryptocurrency Mining in Public Cloud Services: A Security Perspective

Adeniran

Mohaisen

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Dine and Dash: Static, Dynamic, and Economic Analysis of In-Browser Cryptojacking

Cited by 20 publications

References 39 publications

Browser-Based Deep Behavioral Detection of Web Cryptomining with CoinSpy

Browser-Based Deep Behavioral Detection of Web Cryptomining with CoinSpy

A taxonomy of endpoint vulnerabilities and affected blockchain architecture layers

Measuring Cryptocurrency Mining in Public Cloud Services: A Security Perspective

Contact Info

Product

Resources

About