Shaoke Xi (Zhejiang University), Tianyi Fu (Zhejiang University), Kai Bu (Zhejiang University), Chunling Yang (Zhejiang University), Zhihua Chang (Zhejiang University), Wenzhi Chen (Zhejiang University), Zhou Ma (Zhejiang University), Chongjie Chen (HANG ZHOU CITY BRAIN CO., LTD), Yongsheng Shen (HANG ZHOU CITY BRAIN CO., LTD), Kui Ren (Zhejiang University)

The rapid growth of cryptojacking and the increase in regulatory bans on cryptomining have prompted organizations to enhance detection ability within their networks. Traditional methods, including rule-based detection and deep packet inspection, fall short in timely and comprehensively identifying new and encrypted mining threats. In contrast, learning-based techniques show promise by identifying content-agnostic traffic patterns, adapting to a wide range of cryptomining configurations. However, existing learning-based systems often lack scalability in real-world detection, primarily due to challenges with unlabeled, imbalanced, and high-speed traffic inputs. To address these issues, we introduce MineShark, a system that identifies robust patterns of mining traffic to distinguish between vast quantities of benign traffic and automates the confirmation of model outcomes through active probing to prevent an overload of model alarms. As model inference labels are progressively confirmed, MineShark conducts self-improving updates to enhance model accuracy. MineShark is capable of line-rate detection at various traffic volume scales with the allocation of different amounts of CPU and GPU resources. In a 10 Gbps campus network deployment lasting ten months, MineShark detected cryptomining connections toward 105 mining pools ahead of concurrently deployed commercial systems, 17.6% of which were encrypted. It automatically filtered over 99.3% of false alarms and achieved an average packet processing throughput of 1.3 Mpps, meeting the line-rate demands of a 10 Gbps network, with a negligible loss rate of 0.2%. We publicize MineShark for broader use.

View More Papers

I know what you MEME! Understanding and Detecting Harmful...

Yong Zhuang (Wuhan University), Keyan Guo (University at Buffalo), Juan Wang (Wuhan University), Yiheng Jing (Wuhan University), Xiaoyang Xu (Wuhan University), Wenzhe Yi (Wuhan University), Mengda Yang (Wuhan University), Bo Zhao (Wuhan University), Hongxin Hu (University at Buffalo)

Read More

On the Robustness of LDP Protocols for Numerical Attributes...

Xiaoguang Li (Xidian University, Purdue University), Zitao Li (Alibaba Group (U.S.) Inc.), Ninghui Li (Purdue University), Wenhai Sun (Purdue University, West Lafayette, USA)

Read More

Securing BGP ASAP: ASPA and other Post-ROV Defenses

Justin Furuness (University of Connecticut), Cameron Morris (University of Connecticut), Reynaldo Morillo (University of Connecticut), Arvind Kasiliya (University of Connecticut), Bing Wang (University of Connecticut), Amir Herzberg (University of Connecticut)

Read More

The Kids Are All Right: Investigating the Susceptibility of...

Elijah Bouma-Sims (Carnegie Mellon University), Lily Klucinec (Carnegie Mellon University), Mandy Lanyon (Carnegie Mellon University), Julie Downs (Carnegie Mellon University), Lorrie Faith Cranor (Carnegie Mellon University)

Read More