TY - GEN
T1 - Real-Time Detection of Cryptocurrency Mining Behavior
AU - Ye, Ke
AU - Shen, Meng
AU - Gao, Zhenbo
AU - Zhu, Liehuang
N1 - Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
PY - 2022
Y1 - 2022
N2 - With the rapid development of blockchain, cryptocurrency gains more attention due to its anonymity and decentralization. However, illegal cryptocurrency mining problems, e.g., unauthorized control of victims’ devices or appropriate public resources, become more and more serious. Existing mining detection methods need to be deployed locally and require authorization from administrators, which hardly supervise an entire network segment, as it brings high installation and maintenance costs. To solve this problem, in this paper, we propose a lightweight mining behavior detection method based on traffic analysis, which leverages communication packets in the first n seconds of a flow to achieve a real-time response. The experiment results with real-world datasets prove that the proposed method can achieve 94.04% F1 score using only the first 40 s packets, 98.22% F1 score using the first 120 s packets. Moreover, it can realize unknown cryptomining service discovery for about 96.37% F1 score. Instead of installing antivirus software on the host, the proposed method based on traffic analysis can be deployed at the gateways, which brings convenience for network management.
AB - With the rapid development of blockchain, cryptocurrency gains more attention due to its anonymity and decentralization. However, illegal cryptocurrency mining problems, e.g., unauthorized control of victims’ devices or appropriate public resources, become more and more serious. Existing mining detection methods need to be deployed locally and require authorization from administrators, which hardly supervise an entire network segment, as it brings high installation and maintenance costs. To solve this problem, in this paper, we propose a lightweight mining behavior detection method based on traffic analysis, which leverages communication packets in the first n seconds of a flow to achieve a real-time response. The experiment results with real-world datasets prove that the proposed method can achieve 94.04% F1 score using only the first 40 s packets, 98.22% F1 score using the first 120 s packets. Moreover, it can realize unknown cryptomining service discovery for about 96.37% F1 score. Instead of installing antivirus software on the host, the proposed method based on traffic analysis can be deployed at the gateways, which brings convenience for network management.
KW - Blockchain
KW - Mining detection
KW - Monero
KW - Random forest
KW - Traffic analysis
UR - https://www.scopus.com/pages/publications/85145252361
U2 - 10.1007/978-981-19-8043-5_20
DO - 10.1007/978-981-19-8043-5_20
M3 - Conference contribution
AN - SCOPUS:85145252361
SN - 9789811980428
T3 - Communications in Computer and Information Science
SP - 278
EP - 291
BT - Blockchain and Trustworthy Systems - 4th International Conference, BlockSys 2022, Revised Selected Papers
A2 - Svetinovic, Davor
A2 - Zhang, Yin
A2 - Huang, Xiaoyan
A2 - Luo, Xiapu
A2 - Chen, Xingping
PB - Springer Science and Business Media Deutschland GmbH
T2 - 4th International Conference on Blockchain and Trustworthy Systems, Blocksys 2022
Y2 - 4 August 2022 through 5 August 2022
ER -