MANiC: Multi-step Assessment for Crypto-miners
| Title | MANiC: Multi-step Assessment for Crypto-miners |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Burgess, Jonah, Carlin, Domhnall, O'Kane, Philip, Sezer, Sakir |
| Conference Name | 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security) |
| Date Published | June 2019 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-0229-0 |
| Keywords | application program interfaces, bitcoin, blacklisting, browser security, browser-hijacking, Browsers, Browsers host, composability, compositionality, CPU-based mining, Crypto-miners, Crypto-mining, crypto-mining scripts, cryptocurrencies, cryptojacking, CryptoJacking websites, data mining, Drive-by Mining, Human Behavior, human factors, malicious activities, Malicious URL, Malware, Metrics, Multistep assessment, normal browser behaviour, online front-ends, profitability, pubcrawl, related CryptoJacking research, resilience, Resiliency, suspicious behaviour, Web Browser Security, Web sites, Web-based Threats |
| Abstract | Modern Browsers have become sophisticated applications, providing a portal to the web. Browsers host a complex mix of interpreters such as HTML and JavaScript, allowing not only useful functionality but also malicious activities, known as browser-hijacking. These attacks can be particularly difficult to detect, as they usually operate within the scope of normal browser behaviour. CryptoJacking is a form of browser-hijacking that has emerged as a result of the increased popularity and profitability of cryptocurrencies, and the introduction of new cryptocurrencies that promote CPU-based mining. This paper proposes MANiC (Multi-step AssessmeNt for Crypto-miners), a system to detect CryptoJacking websites. It uses regular expressions that are compiled in accordance with the API structure of different miner families. This allows the detection of crypto-mining scripts and the extraction of parameters that could be used to detect suspicious behaviour associated with CryptoJacking. When MANiC was used to analyse the Alexa top 1m websites, it detected 887 malicious URLs containing miners from 11 different families and demonstrated favourable results when compared to related CryptoJacking research. We demonstrate that MANiC can be used to provide insights into this new threat, to identify new potential features of interest and to establish a ground-truth dataset, assisting future research. |
| URL | https://ieeexplore.ieee.org/document/8885003 |
| DOI | 10.1109/CyberSecPODS.2019.8885003 |
| Citation Key | burgess_manic_2019 |
- profitability
- Human Factors
- malicious activities
- Malicious URL
- malware
- Metrics
- Multistep assessment
- normal browser behaviour
- online front-ends
- Human behavior
- pubcrawl
- related CryptoJacking research
- resilience
- Resiliency
- suspicious behaviour
- Web Browser Security
- Web sites
- Web-based Threats
- CPU-based mining
- bitcoin
- blacklisting
- Browser Security
- browser-hijacking
- Browsers
- Browsers host
- composability
- Compositionality
- application program interfaces
- Crypto-miners
- Crypto-mining
- crypto-mining scripts
- cryptocurrencies
- cryptojacking
- CryptoJacking websites
- Data mining
- Drive-by Mining