Ege Tekiner (Florida International University), Abbas Acar (Florida International University), Selcuk Uluagac (Florida International University)

Recently, cryptojacking malware has become an easy way of reaching and profiting from a large number of victims. Prior works studied the cryptojacking detection systems focusing on both in-browser and host-based cryptojacking malware. However, none of these earlier works investigated different attack configurations and network settings in this context. For example, an attacker with an aggressive profit strategy may increase computational resources to the maximum utilization to benefit more in a short time, while a stealthy attacker may want to stay undetected longer time on the victim's device. The accuracy of the detection mechanism may differ for an aggressive and stealthy attacker. Not only profit strategies but also the cryptojacking malware type, the victim's device as well as various network settings where the network is fully or partially compromised may play a key role in the performance evaluation of the detection mechanisms. In addition, smart home networks with multiple IoT devices are easily exploited by the attackers, and they are equipped to mine cryptocurrency on behalf of the attacker. However, no prior works investigated the impact of cryptojacking malware on IoT devices and compromised smart home networks. In this paper, we first propose an accurate and efficient IoT cryptojacking detection mechanism based on network traffic features, which can detect both in-browser and host-based cryptojacking. Then, we focus on the cryptojacking implementation problem on new device categories (e.g., IoT) and designed several novel experiment scenarios to assess our detection mechanism to cover the current attack surface of the attackers. Particularly, we tested our mechanism in various attack configurations and network settings. For this, we used a dataset of network traces consisting of 6.4M network packets and showed that our detection algorithm can obtain accuracy as high as 99% with only one hour of training data. To the best of our knowledge, this work is the first study focusing on IoT cryptojacking and the first study analyzing various attacker behaviors and network settings in the area of cryptojacking detection.

View More Papers

Fooling the Eyes of Autonomous Vehicles: Robust Physical Adversarial...

Wei Jia (School of Cyber Science and Engineering, Huazhong University of Science and Technology), Zhaojun Lu (School of Cyber Science and Engineering, Huazhong University of Science and Technology), Haichun Zhang (Huazhong University of Science and Technology), Zhenglin Liu (Huazhong University of Science and Technology), Jie Wang (Shenzhen Kaiyuan Internet Security Co., Ltd), Gang Qu (University…

Read More

PoF: Proof-of-Following for Vehicle Platoons

Ziqi Xu (University of Arizona), Jingcheng Li (University of Arizona), Yanjun Pan (University of Arizona), Loukas Lazos (University of Arizona, Tucson), Ming Li (University of Arizona, Tucson), Nirnimesh Ghose (University of Nebraska–Lincoln)

Read More

Log4shell: Redefining the Web Attack Surface

Douglas Everson (Clemson University), Long Cheng (Clemson University), and Zhenkai Zhang (Clemson University)

Read More

DITTANY: Strength-Based Dynamic Information Flow Analysis Tool for x86...

Walid J. Ghandour, Clémentine Maurice (CNRS, CRIStAL)

Read More