Covert mining of cryptocurrency implies the use of valuable computing resources and high energy consumption. In this paper, we propose MineCap, a dynamic online mechanism for detecting and blocking covert cryptocurrency mining flows, using machine learning on software-defined networking. The proposed mechanism relies on Spark Streaming for online processing of network flows, and, when identifying a mining flow, it requests the flow blocking to the network controller. We also propose a learning technique called super incremental learning, a variant of the super learner applied to online learning, which takes the classification probabilities of an ensemble of classifiers as features for an incremental learning classifier. Hence, we design an accurate mechanism to classify mining flows that learn with incoming data with an average of 98% accuracy, 99% precision, 97% sensitivity, and 99.9% specificity and avoid concept drift–related issues.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Tax calculation will be finalised during checkout.
Available on https://github.com/mininet/mininet.
Available on https://osrg.github.io/ryu/.
Available at https://github.com/DanielArndt/flowtbag.
The mining traffic used to train the machine learning algorithms originates from the execution of the cpuminer and the xmrig mining applications.
Available at https://github.com/appneta/tcpreplay.
The datasets are available upon email requests to the authors.
Available at https://minergate.com.
Available at https://guiminer.org.
Ingols K (2009) Modeling modern network attacks and countermeasures using attack graphs. Computer security applications conference
Porras PA, Valdes A (2001) Network surveillance. US Patent 6,321,338
de Oliveira MT, Carrara GR, Fernandes NC, Albuquerque CVN, Carrano RC, de Medeiros DSV, Mattos DMF (2019) Towards a performance evaluation of private blockchain frameworks using a realistic workload. In: 2019 22nd conference on innovation in clouds, internet and networks and workshops (ICIN) Paris
Tahir R, Huzaifa M, Das A, Ahmad M, Gunter C, Zaffar F, Caesar M, Borisov N (2017) Mining on someone else’s dime: Mitigating covert mining operations in clouds and enterprises. In: International symposium on research in attacks, intrusions, and defenses. Springer, pp 287–310
Neto HNC, Fernandes NC, Mattos DMF (2019) Minecap: online detection and blocking of cryptocurrency mining on software-defined networking. In: 1st blockchain, robotics and AI for networking security conference. DNAC
Bannour F, Souihi S, Mellouk A (2018) Distributed SDN control: survey, taxonomy, and challenges. IEEE Communications Surveys Tutorials 20(1):333–354
Mattos DMF, Duarte OCMB, Pujolle G (2016) Reverse update: a consistent policy update scheme for software-defined networking. IEEE Commun Lett 20(5):886–889
Van der Laan MJ, Polley EC, Hubbard AE (2007) Super learner. Statistical Applications in Genetics and Molecular Biology 6(1)
Zaharia M, Xin RS, Wendell P, Das T, Armbrust M, Dave A, Meng X, Rosen J, Venkataraman S, Franklin MJ, et al. (2016) Apache spark: a unified engine for big data processing. Commun ACM 59 (11):56–65
Konoth RK, Vineti E, Moonsamy V, Lindorfer M, Kruegel C, Bos H, Vigna G (2018) Minesweeper: an in-depth look into drive-by cryptocurrency mining and its defense. In: Proceedings of the 2018 ACM SIGSAC conference on computer and communications security. ACM, pp 1714–1730
Wang W, Ferrell B, Xu X, Hamlen KW, Hao S (2018) Seismic: secure in-lined script monitors for interrupting cryptojacks. In: European symposium on research in computer security. Springer, pp 122–142
Sanz IJ, Mattos DMF, Duarte OCMB (2018) SFCPerf: An automatic performance evaluation framework for service function chaining. In: NOMS 2018 - 2018 IEEE/IFIP network operations and management symposium, pp 1–9
Carbone P, Ewen S, Haridi S, Katsifodimos A, Markl V, Tzoumas K (2015) Apache flink: unified stream and batch processing in a single engine. Data Engineering: 28–38
Andreoni Lopez M, Mattos DMF, Duarte OCMB, Pujolle G (2019) Toward a monitoring and threat detection system based on stream processing as a virtual network function for big data. Concurrency and Computation: Practice and Experience 31(20):e5344
Zaharia M, Das T, Li H, Shenker S, Stoica I (2012) Discretized streams: an efficient and fault-tolerant model for stream processing on large clusters. In: Proceedings of the 4th USENIX conference on Hot Topics in Cloud Ccomputing, pp 10–10
Fei-Fei L, Fergus R, Perona P (2007) Learning generative visual models from few training examples: an incremental bayesian approach tested on 101 object categories. Computer Vision and Image Understanding 106 (1):59–70. special issue on Generative Model Based Vision
Gama J, žliobaitė I, Bifet A, Pechenizkiy M, Bouchachia A (2014) A survey on concept drift adaptation. ACM computing surveys (CSUR) 46(4):44
Wang S, Minku LL, Ghezzi D, Caltabiano D, Tino P, Yao X (2013) Concept drift detection for online class imbalance learning. In: The 2013 Int joint conference on neural networks (IJCNN), pp 1–10
Polikar R, Upda L, Upda SS, Honavar V (2001) Learn++: an incremental learning algorithm for supervised neural networks. IEEE transactions on systems, man, and cybernetics, Part C (Applications and Reviews) 31(4):497–508
Lopez MA, Lobato AGP, Duarte OCMB (2016) A performance comparison of open-source stream processing platforms. In: 2016 IEEE Global Communications Conference (GLOBECOM), pp 1–6
OpenFlow Switch Specification Version 1.3.0 (Wire Protocol 0x04). The OpenFlow Consortium, Jun. 2012. [Online]. Available: https://www.opennetworking.org
Luengo J, Fernández A, García S, Herrera F (2011) Addressing data complexity for imbalanced data sets: analysis of smote-based oversampling and evolutionary undersampling. Soft Comput 15(10):1909–1936
Pietraszek T, Tanner A (2005) Data mining and machine learning—towards reducing false positives in intrusion detection. Inf Sec Tech Rep 10(3):169–183
We would like to acknowledge CNPq, CAPES, FAPERJ, RNP, and the ANEEL’s R&D program (PD-07130-0053/2018) for the partial funding of this research.
We would like to acknowledge CNPq, CAPES, FAPERJ, and RNP for the partial funding of this research.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
About this article
Cite this article
Neto, H.N.C., Lopez, M.A., Fernandes, N.C. et al. MineCap: super incremental learning for detecting and blocking cryptocurrency mining on software-defined networking. Ann. Telecommun. 75, 121–131 (2020). https://doi.org/10.1007/s12243-019-00744-4
- Machine learning
- Super learner
- Incremental learning
- Super incremental learning