All accepted publications from SPARTA partners under its funding.
CryingJackpot: Network Flows and Performance Counters against Cryptojacking.
Gilberto Gomes, Luis Dias, Miguel CorreiaAbstract
Cryptojacking, the appropriation of users’ computa- tional resources without their knowledge or consent to obtain cryp- tocurrencies, is a widespread attack, relatively easy to implement and hard to detect. Either browser-based or binary, cryptojacking lacks robust and reliable detection solutions. This paper presents a hybrid approach to detect cryptojacking where no previous knowledge about the attacks or training data is needed. Our Cryp- tojacking Intrusion Detection Approach, CRYINGJACKPOT, extracts and combines flow and performance counter-based features, aggre- gating hosts with similar behavior by using unsupervised machine learning algorithms. We evaluate CRYINGJACKPOT experimentally with both an artificial and a hybrid dataset, achieving F1-scores up to 97%.