Abstract
With the continued growth and popularity of blockchain-based cryptocurrencies there is a parallel growth in illegal mining to earn cryptocurrency. Since mining for cryptocurrencies requires high computational resource; malicious actors have resorted to using malicious file downloads and other methods to illegally use a victim’s system to mine for cryptocurrency without them knowing. This process is known as host-based cryptojacking and is gradually becoming one of the most popular cyberthreats in recent years. There are some proposed traditional machine learning methods to detect host-based cryptojacking but only a few have proposed using deep-learning models for detection. This paper presents a novel approach, dubbed CryptoJackingModel. This approach is a deep-learning host-based cryptojacking detection model that will effectively detect evolving host-based cryptojacking techniques and reduce false positives and false negatives. The approach has an overall accuracy of 98% on a dataset of 129,380 samples and a low performance overhead making it highly scalable. This approach will be an improvement of current countermeasures for detecting, mitigating, and preventing cryptojacking.
Similar content being viewed by others
Data availability
The dataset generated and analyzed during the current study is available from the corresponding author upon reasonable request.
References
Ahmad A, Shafiuddin W, Kama MN, Saudi MM (2019) A New Cryptojacking Malware Classifier Model Based on Dendritic Cell Algorithm. ACM International Conference Proceeding Series, 0–4. https://doi.org/10.1145/3387168.3387218
Anderson HS, Roth P (2018) EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models. http://arxiv.org/abs/1804.04637
Anjum MM, Iqbal S, Hamelin B (2022) ANUBIS: A Provenance Graph-Based Framework for Advanced Persistent Threat Detection. Proceedings of the ACM Symposium on Applied Computing, 1684–1693. https://doi.org/10.1145/3477314.3507097
Aponte-Novoa FA, Povedano Álvarez D, Villanueva-Polanco R, Sandoval Orozco AL, García Villalba LJ (2022) On detecting cryptojacking on websites: revisiting the use of classifiers. Sensors 22(23):1–15. https://doi.org/10.3390/s22239219
Arp D, Spreitzenbarth M, Hübner M, Gascon H, Rieck K (2014) Drebin: Effective and Explainable Detection of Android Malware in Your Pocket.
Barbhuiya S, Papazachos Z, Kilpatrick P, Nikolopoulos DS (2018) RADS: Real-time Anomaly Detection System for Cloud Data Centres. 1–14. http://arxiv.org/abs/1811.04481
Benyo M (2023) Evasive cryptojacking malware targeting macOS found lurking in pirated applications. https://www.jamf.com/blog/cryptojacking-macos-malware-discovered-by-jamf-threat-labs/. Last Accessed on the 3rd March 2023.
Bernstein L (1997) 2022 Sonicwall Cyber Threat Report. 5(2), 105–107.https://www.infopoint-security.de/media/2022-sonicwall-cyber-threat-report.pdf
Bosco F, Shalaginov A, Office for Harmonization in the Internal Market (Trade Marks and Designs) (2018) (n.d.). Identification and analysis of malware on selected suspected copyright-infringing websites
Caprolu M, Raponi S, Oligeri G, Di Pietro R (2019) Cryptomining makes noise: a machine learning approach for cryptojacking detection. https://doi.org/10.1016/j.comcom.2021.02.016
Carlin D, Burgess J, O’Kane P, Sezer S (2020) You Could Be Mine(d): the rise of cryptojacking. IEEE Secur Priv 18(2):16–22. https://doi.org/10.1109/MSEC.2019.2920585
CICDS2017 (2020) Intrusion Detection Evaluation Dataset. Available at: https://www.kaggle.com/datasets/cicdataset/cicids2017/code. Last Accessed 16th May 2023
Connolly L, Wall DS (2019) The rise of crypto-ransomware in a changing cybercrime landscape: taxonomising countermeasures. Comput Secur. https://doi.org/10.1016/j.cose.2019.101568
Darabian H, Homayounoot S, Dehghantanha A, Hashemi S, Karimipour H, Parizi RM, Choo KKR (2020) Detecting cryptomining malware: a deep learning approach for static and dynamic analysis. J Grid Comput 18(2):293–303. https://doi.org/10.1007/s10723-020-09510-6
Frinconi P (2023) The state of cryptojacking in the first three quarters of 2022. https://securelist.com/cryptojacking-report-2022/107898/. Last Accessed: 23rd January 2023
Gangwal A, Piazzetta SG, Lain G, Conti M (2020) Detecting covert cryptomining using HPC. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 12579 LNCS, 344–364. https://doi.org/10.1007/978-3-030-65411-5_17
Gomes F, Correia M (2020) Cryptojacking Detection with CPU Usage Metrics. 2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020. https://doi.org/10.1109/NCA51143.2020.9306696
Gomes G, Dias L, Correia M (2020) CryingJackpot: Network Flows and Performance Counters against Cryptojacking. 2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020. https://doi.org/10.1109/NCA51143.2020.9306698
Hernandez-Suarez A, Sanchez-Perez G, Toscano-Medina LK, Olivares-Mercado J, Portillo-Portilo J, Avalos JG, Villalba LJG (2022) Detecting cryptojacking web threats: an approach with autoencoders and deep dense neural networks. Appl Sci (switzerland). https://doi.org/10.3390/app12073234
ImpactCyberTrust (2019) Contagio Malware Dump. Available at: https://www.impactcybertrust.org/dataset_view?idDataset=1273. Last Accessed 16th of May 2023.
Jayasinghe K, Poravi G (2020) A survey of attack instances of cryptojacking targeting cloud infrastructure. ACM Int Conf Proc Series 115:100–107. https://doi.org/10.1145/3379310.3379323
Khan Abbasi MH, Ullah S, Ahmad T, Buriro A (2023) A real-time hybrid approach to combat in-browser cryptojacking malware. Appl Sci (switzerland). https://doi.org/10.3390/app13042039
Lachtar N, Elkhail AA, Bacha A, Malik H (2020) A cross-stack approach towards defending against cryptojacking. IEEE Comput Archit Lett 19(2):126–129. https://doi.org/10.1109/LCA.2020.3017457
Nappa A, Rafique MZ, Caballero J (2015) The MALICIA dataset: identification and analysis of drive-by download operations. Int J Inf Secur 14(1):15–33. https://doi.org/10.1007/s10207-014-0248-7
Naseem F, Aris A, Babun L, Tekiner E, Uluagac AS (2021) MINOS: a Lightweight Real-Time Cryptojacking Detection System. Proceedings 2021 Network and Distributed System Security Symposium (NDSS), February, 1–15. https://doi.org/10.14722/ndss.2021.24444
Norman Xavier S, Sahni V (2020) Machine Learning Approaches to Detect Browser-Based Cryptomining MSc Internship MSc in Cyber Security Machine Learning Approaches to Detect Browser-Based Cryptomining. https://www.cyberthreatalliance.org/wp-content/uploads/2018/09/CTA-Illicit-CryptoMining-
Petrov I, Invernizzi L, Bursztein E (2020) CoinPolice: Detecting Hidden Cryptojacking Attacks with Neural Networks. http://arxiv.org/abs/2006.10861
Razali MA, Mohd Shariff S (2019) CMblock: In-browser detection and prevention cryptojacking tool using blacklist and behavior-based detection method. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 11870 LNCS (October 2019), 404–414. https://doi.org/10.1007/978-3-030-34032-2_36
Romano A, Zheng Y, Wang W (2020) MinerRay: Semantics-Aware Analysis for Ever-Evolving Cryptojacking Detection. Proceedings—2020 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020, 1129–1140. https://doi.org/10.1145/3324884.3416580
Saad M, Khormali A, Mohaisen A (2018) End-to-End Analysis of In-Browser Cryptojacking. http://arxiv.org/abs/1809.02152
Sanda O, Pavlidis M, Polatidis N (2022) A Regulatory Readiness Assessment Framework for Blockchain Adoption in Healthcare. 65–87
Sivaraju SS (2022) An insight into deep learning based cryptojacking detection model. J Trends Comput Sci Smart Technol 4(3):175–184. https://doi.org/10.36548/jtcsst.2022.3.006
Skybox security (2021) Cryptomining is hottest new malware type, research reveals. https://www.skyboxsecurity.com/blog/cryptomining-hottest-new-malware-type-research-reveals/ Last Accessed 17th Febuary 2023
SonicWall (2023) Latest Threat Intelligence Reveals Rising Tide of Cryptojacking. Available at: Latest Threat Intelligence Reveals Rising Tide of Cryptojacking (Accessed 6 April 2023)
Tanana D (2020) Behavior-Based Detection of Cryptojacking Malware. Proceedings—2020 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology, USBEREIT 2020, 543–545. https://doi.org/10.1109/USBEREIT48449.2020.9117732
Tayyab U-H, Khan FB, Durad MH, Khan A, Lee YS (2022) A survey of the recent trends in deep learning based malware detection. J Cybersecurity Privacy 2(4):800–829. https://doi.org/10.3390/jcp2040041
Tekiner E, Acar A, Uluagac AS, Kirda E, Selcuk AA (2021) SoK: Cryptojacking malware. Proceedings—2021 IEEE European Symposium on Security and Privacy, Euro S and P 2021, September, 120–139. https://doi.org/10.1109/EuroSP51992.2021.00019
Toulas B (2022) Google Chrome extension used to steal cryptocurrency and passwords. https://www.bleepingcomputer.com/news/security/google-chrome-extension-used-to-steal-cryptocurrency-passwords/. Last Accessed: 23rd January 2023
Varlioglu S, Gonen B, Ozer M, Bastug M (2020) Is cryptojacking dead after coinhive shutdown? Proceedings—3rd International Conference on Information and Computer Technologies, ICICT 2020, 385–389. https://doi.org/10.1109/ICICT50521.2020.00068
Varlioglu S, Elsayed N, Elsayed Z, Ozer M (2022) The Dangerous Combo: Fileless Malware and Cryptojacking. Conference Proceedings—IEEE SOUTHEASTCON, 2022-March, 125–132. https://doi.org/10.1109/SoutheastCon48659.2022.9764043
Xu G, Dong W, Xing J, Lei W, Liu J, Gong L, Feng M, Zheng X, Liu S (2022) Delay-CJ: a novel cryptojacking covert attack method based on delayed strategy and its detection. Digital Commun Netw. https://doi.org/10.1016/j.dcan.2022.04.030
Zvelo (2018) Cryptojacking Infection Methods: Identification and Prevention Tips. Available at: https://zvelo.com/cryptojacking-infection-methods-identification-prevention-tips/ (Last Accessed: 15th June 2023)
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Sanda, O., Pavlidis, M. & Polatidis, N. A deep learning approach for host-based cryptojacking malware detection. Evolving Systems 15, 41–56 (2024). https://doi.org/10.1007/s12530-023-09534-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12530-023-09534-9