Mitigation of Cryptojacking Attacks Using Taint Analysis
| Title | Mitigation of Cryptojacking Attacks Using Taint Analysis |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Yulianto, Arief Dwi, Sukarno, Parman, Warrdana, Aulia Arif, Makky, Muhammad Al |
| Conference Name | 2019 4th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE) |
| Date Published | Nov. 2019 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-5118-2 |
| Keywords | abuse case, Attack Modeling, Browsers, Central Processing Unit, CPU resources, CPU usage, cross-site scripting, cryptocurrency, cryptography, cryptojacking, cryptomining, data mining, Google Chrome, Human Behavior, human factors, in-browsercryptojacking mitigation, malicious cryptocurrency mining, Malware, man-in-the-middle, man-in-the-middle attack, Metrics, mitigation, online front-ends, pubcrawl, resilience, Resiliency, script characteristics, security of data, taint analysis, taint analysis method, threat model, Web site background, Web sites |
| Abstract | Cryptojacking (also called malicious cryptocurrency mining or cryptomining) is a new threat model using CPU resources covertly "mining" a cryptocurrency in the browser. The impact is a surge in CPU Usage and slows the system performance. In this research, in-browsercryptojacking mitigation has been built as an extension in Google Chrome using Taint analysis method. The method used in this research is attack modeling with abuse case using the Man-In-The-Middle (MITM) attack as a testing for mitigation. The proposed model is designed so that users will be notified if a cryptojacking attack occurs. Hence, the user is able to check the script characteristics that run on the website background. The results of this research show that the taint analysis is a promising method to mitigate cryptojacking attacks. From 100 random sample websites, the taint analysis method can detect 19 websites that are infcted by cryptojacking. |
| URL | https://ieeexplore.ieee.org/document/9003742 |
| DOI | 10.1109/ICITISEE48480.2019.9003742 |
| Citation Key | yulianto_mitigation_2019 |
- Resiliency
- malware
- man-in-the-middle
- man-in-the-middle attack
- Metrics
- mitigation
- online front-ends
- pubcrawl
- resilience
- malicious cryptocurrency mining
- script characteristics
- security of data
- taint analysis
- taint analysis method
- threat model
- Web site background
- Web sites
- abuse case
- in-browsercryptojacking mitigation
- Human Factors
- Human behavior
- Google Chrome
- Data mining
- cryptomining
- cryptojacking
- Cryptography
- cryptocurrency
- cross-site scripting
- CPU usage
- CPU resources
- Central Processing Unit
- Browsers
- Attack Modeling