Title | Detecting Cryptojacking Traffic Based on Network Behavior Features |
Publication Type | Conference Paper |
Year of Publication | 2021 |
Authors | Hu, Xiaoyan, Shu, Zhuozhuo, Song, Xiaoyi, Cheng, Guang, Gong, Jian |
Conference Name | 2021 IEEE Global Communications Conference (GLOBECOM) |
Keywords | Botnet, cryptography, cryptojacking, feature extraction, Hardware, Human Behavior, Inspection, ma-chine learning, Metrics, network traffic behavior, privacy, pubcrawl, resilience, Resiliency, telecommunication traffic |
Abstract | Bitcoin and other digital cryptocurrencies have de-veloped rapidly in recent years. To reduce hardware and power costs, many criminals use the botnet to infect other hosts to mine cryptocurrency for themselves, which has led to the proliferation of mining botnets and is referred to as cryptojacking. At present, the mechanisms specific to cryptojacking detection include host-based, Deep Packet Inspection (DPI) based, and dynamic network characteristics based. Host-based detection requires detection installation and running at each host, and the other two are heavyweight. Besides, DPI-based detection is a breach of privacy and loses efficacy if encountering encrypted traffic. This paper de-signs a lightweight cryptojacking traffic detection method based on network behavior features for an ISP, without referring to the payload of network traffic. We set up an environment to collect cryptojacking traffic and conduct a cryptojacking traffic study to obtain its discriminative network traffic features extracted from only the first four packets in a flow. Our experimental study suggests that the machine learning classifier, random forest, based on the extracted discriminative network traffic features can accurately and efficiently detect cryptojacking traffic. |
DOI | 10.1109/GLOBECOM46510.2021.9685085 |
Citation Key | hu_detecting_2021 |