Abstract
The developing technic and the variety of Mining Trojan is increasingly threatening the computational resources from the weak-defend systems. Mining Trojan is illicitly implanted into the systems and mines cryptocurrency such as Bitcon through the hijacked resource. Previous work focuses on performing binary classification to identify a malicious software from the benign ones, but fail to classify the specific Mining Trojan. In order to tackle the above issues, in this paper, we propose a hierarchical detector, called Miner-Killer, to effectively and precisely classify Mining Trojans apart from the benign ones. First, Miner-Killer converts binary codes from Trojan samples to format files, assembly files and string files. Second, the static features are extracted by MSFV Extractor. Then, an ensemble learning model is trained by the extracted features and is applied to classify the unseen Mining Trojans. Experiments on two real-world datasets demonstrate that our proposed method can significantly detect the Mining Trojans, which outperforms the state-of-the-art methods applied to detect malware.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anderson, B., Quist, D., Neil, J., Storlie, C., Lane, T.: Graph-based malware detection using dynamic analysis. J. Comput. Virol. 7(4), 247–258 (2011)
Anderson, B., Storlie, C., Lane, T.: Improving malware classification: bridging the static/dynamic gap. In: Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence, pp. 3–14 (2012)
Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 178–197. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74320-0_10
Böhme, R., Christin, N., Edelman, B., Moore, T.: Bitcoin: economics, technology, and governance. J. Econ. Perspect. 29(2), 213–38 (2015)
Carlin, D., Burgess, J., O’Kane, P., Sezer, S.: You could be mine (d): the rise of cryptojacking. IEEE Secur. Priv. 18(2), 16–22 (2019)
Cesare, S., Xiang, Y., Zhou, W.: Control flow-based malware variantdetection. IEEE Trans. Dependable Secure Comput. 11(4), 307–317 (2013)
David, B., Filiol, E., Gallienne, K.: Structural analysis of binary executable headers for malware detection optimization. J. Comput. Virol. Hacking Tech. 13(2), 87–93 (2016). https://doi.org/10.1007/s11416-016-0274-2
Eskandari, S., Leoutsarakos, A., Mursch, T., Clark, J.: A first look at browser-based cryptojacking. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 58–66. IEEE (2018)
Grinberg, R.: Bitcoin: an innovative alternative digital currency. Hastings Sci. Tech. LJ 4, 159 (2012)
Hong, G., et al.: How you get shot in the back: a systematical study about cryptojacking in the real world. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1701–1713 (2018)
Idika, N., Mathur, A.P.: A survey of malware detection techniques. Purdue University 48, 2007–2 (2007)
Jordaney, R., et al.: Transcend: detecting concept drift in malware classification models. In: 26th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 2017), pp. 625–642 (2017)
Kolosnjaji, B., Zarras, A., Webster, G., Eckert, C.: Deep learning for classification of malware system call sequences. In: Kang, B.H., Bai, Q. (eds.) AI 2016. LNCS (LNAI), vol. 9992, pp. 137–149. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-50127-7_11
Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res. 7(Dec), 2721–2744 (2006)
Lo, R.W., Levitt, K.N., Olsson, R.A.: MCF: a malicious code filter. Comput. Secur. 14(6), 541–566 (1995)
Mariconti, E., Onwuzurike, L., Andriotis, P., De Cristofaro, E., Ross, G., Stringhini, G.: Mamadroid: detecting android malware by building Markov chains of behavioral models. arXiv preprint arXiv:1612.04433 (2016)
Microsoft 365 Defender Threat Intelligence Team: Threat actor leverages coin miner techniques to stay under the radar - here’s how to spot them (2020). https://www.microsoft.com/security/blog/2020/11/30/
QiAnXin Technology Research Institute: Datacon 2020-malware (2020). https://datacon.qianxin.com/opendata/maliciouscode
Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C.K.: Malware detection by eating a whole EXE. In: The Workshops of the Thirty-Second AAAI Conference on Artificial Intelligence, New Orleans, Louisiana, USA, 2–7 February 2018. AAAI Workshops, vol. WS-18, pp. 268–276. AAAI Press (2018)
Raff, E., Nicholas, C.: An alternative to NCD for large sequences, Lempel-Ziv Jaccard distance. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1007–1015 (2017)
Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)
Rodriguez, J.D.P., Posegga, J.: Rapid: resource and API-based detection against in-browser miners. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 313–326 (2018)
Santos, I., Devesa, J., Brezo, F., Nieves, J., Bringas, P.G.: OPEM: a static-dynamic approach for machine-learning-based malware detection. In: Herrero, A., et al. (eds.) International Joint Conference CISIS’12-ICEUTE 12-SOCO 12 Special Sessions, pp. 271–280. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-33018-6_28
Shafiq, M.Z., Tabish, S.M., Mirza, F., Farooq, M.: PE-miner: mining structural information to detect malicious executables in realtime. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 121–141. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04342-0_7
Tencent Security Threat Intelligence Center: 2019 annual mining trojan report (2020). https://s.tencent.com/research/report/887.html
Zareh, A., Shahriari, H.R.: Botcointrap: detection of bitcoin miner botnet using host based approach. In: 2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), pp. 1–6. IEEE (2018)
Zhang, J., Qin, Z., Yin, H., Ou, L., Xiao, S., Hu, Y.: Malware variant detection using opcode image recognition with small training sets. In: 2016 25th International Conference on Computer Communication and Networks (ICCCN), pp. 1–9. IEEE (2016)
Acknowledgment
This work was supported by the National Key R&D Program of China with No. 2018YFC0806900 and No. 2018YFB0805004, Beijing Municipal Science & Technology Commission with Project No. Z191100007119009, NSFC No.61902397, NSFC No. U2003111 and NSFC No. 61871378.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Tang, Z., Wang, Q., Li, W., Bao, H., Liu, F., Wang, W. (2021). Mining Trojan Detection Based on Multi-dimensional Static Features. In: Lu, W., Sun, K., Yung, M., Liu, F. (eds) Science of Cyber Security. SciSec 2021. Lecture Notes in Computer Science(), vol 13005. Springer, Cham. https://doi.org/10.1007/978-3-030-89137-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-89137-4_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89136-7
Online ISBN: 978-3-030-89137-4
eBook Packages: Computer ScienceComputer Science (R0)