| Title | CryingJackpot: Network Flows and Performance Counters against Cryptojacking |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Gomes, G., Dias, L., Correia, M. |
| Conference Name | 2020 IEEE 19th International Symposium on Network Computing and Applications (NCA) |
| Keywords | clustering, Clustering algorithms, cryptography, cryptojacking, data mining, feature extraction, Human Behavior, Intrusion detection, Malware, Metrics, network flows, performance counters, pubcrawl, resilience, Resiliency, security analytics, Servers, Task Analysis |
| Abstract | Cryptojacking, the appropriation of users' computational resources without their knowledge or consent to obtain cryp-tocurrencies, is a widespread attack, relatively easy to implement and hard to detect. Either browser-based or binary, cryptojacking lacks robust and reliable detection solutions. This paper presents a hybrid approach to detect cryptojacking where no previous knowledge about the attacks or training data is needed. Our Cryp-tojacking Intrusion Detection Approach, Cryingjackpot, extracts and combines flow and performance counter-based features, aggregating hosts with similar behavior by using unsupervised machine learning algorithms. We evaluate Cryingjackpot experimentally with both an artificial and a hybrid dataset, achieving F1-scores up to 97%. |
| DOI | 10.1109/NCA51143.2020.9306698 |
| Citation Key | gomes_cryingjackpot_2020 |
CryingJackpot: Network Flows and Performance Counters against Cryptojacking