Abstract
The booming of cryptocurrencies in the last decade brought about the burst of cryptomining for obtaining cryptocurrencies in recent years. Only those users with plenty of computing resources are able to gain profits according to the design of block chain. As a result, this brings out more and more criminal attacks to maliciously plunder private and public computing resources through networks. Consequently, the detection of malicious cryptomining behavior is particularly important for network security and management. In this paper, we designed Mining Vanguard, realizing the recognition of mining behavior through the detection of DNS behavior. By constructing a comprehensive feature set that includes both traditional DNS resolution features and morpheme features, we combine network characteristics with semantic characteristics, aiming to achieve early recognition. Through a large number of targeted experiments, it is verified that Mining Vanguard is promising for detecting mining behaviors on the Internet.
H. Li and Y. Hao—Contributed equally to this research.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Europe’s supercomputers hijacked by attackers for crypto mining, 18 May 2020. https://www.bbc.com/news/technology-58678907
Bilge, L., Sen, S., Balzarotti, D., Kirda, E., Kruegel, C.: Exposure: a passive dns analysis service to detect and report malicious domains. ACM Trans. Inf. Syst. Secur. 16(4), April 2014
Darabian, H., et al.: Detecting cryptomining malware: a deep learning approach for static and dynamic analysis. J. Grid Comput. 18(2), 293–303 (2020)
Du, C., Liu, S., Si, L., Guo, Y., Jin, T.: Using object detection network for malware detection and identification in network traffic packets. CMC-Comput. Mater. Continua 64(3), 1785–1796 (2020)
Gangwal, A., Piazzetta, S.G., Lain, G., Conti, M.: Detecting covert cryptomining using HPC. In: Krenn, S., Shulman, H., Vaudenay, S. (eds.) CANS 2020. LNCS, vol. 12579, pp. 344–364. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65411-5_17
Karn, R.R., Kudva, P., Huang, H., Suneja, S., Elfadel, I.M.: Cryptomining detection in container clouds using system calls and explainable machine learning. IEEE Trans. Parallel Distributed Syst. 32(3), 674–691 (2021). conference Name: IEEE Transactions on Parallel and Distributed Systems
Kelton, C., Balasubramanian, A., Raghavendra, R., Srivatsa, M.: Browser-based deep behavioral detection of web cryptomining with CoinSpy. In: Proceedings 2020 Workshop on Measurements, Attacks, and Defenses for the Web. Internet Society (2020)
Khaitan, S., Das, A., Gain, S., Sampath, A.: Data-driven compound splitting method for English compounds in domain names. In: Proceedings of the 18th ACM Conference on Information and Knowledge Management, CIKM 2009, pp. 207–214. Association for Computing Machinery, New York (2009)
Konoth, R.K., et al.: MineSweeper: an in-depth look into drive-by cryptocurrency mining and its defense. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 1714–1730. Association for Computing Machinery (2018)
Li, Z., Hou, J., Wang, H., Wang, C., Kang, C., Fu, P.: Ethereum behavior analysis with netflow data. In: 2019 20th Asia-Pacific Network Operations and Management Symposium (APNOMS), pp. 1–6 (2019)
Lotfollahi, M., Siavoshani, M.J., Zade, R.S.H., Saberian, M.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft. Comput. 24(3), 1999–2012 (2020)
McAfee: Cloud adoption and risk report: Work from home edition, 1 May 2020. https://www.mcafee.com
Mukhopadhyay, U., Skjellum, A., Hambolu, O., Oakley, J., Yu, L., Brooks, R.: A brief survey of cryptocurrency systems. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), pp. 745–752 (2016)
Muñoz, J.Z.i., Suárez-Varela, J., Barlet-Ros, P.: Detecting cryptocurrency miners with netflow/ipfix network measurements. In: 2019 IEEE International Symposium on Measurements Networking (M N), pp. 1–6 (2019)
Nari, S., Ghorbani, A.A.: Automated malware classification based on network behavior. In: 2013 International Conference on Computing, Networking and Communications (ICNC), pp. 642–647 (2013)
Ren, X., Gu, H., Wei, W.: Tree-rnn: tree structural recurrent neural network for network traffic classification. Expert Syst. Appl. 167, 114363 (2021)
Srinivasan, S., Bhattacharya, S., Chakraborty, R.: Segmenting web-domains and hashtags using length specific models. In: Proceedings of the 21st ACM International Conference on Information and Knowledge Management, CIKM 2012, pp. 1113–1122. Association for Computing Machinery, New York (2012)
Sun, P., Lyu, M., Li, H., Yang, B., Peng, L.: An early stage convolutional feature extracting method using for mining traffic detection. Comput. Commun. 193, 346–354 (2022)
Swedan, A., Khuffash, A.N., Othman, O., Awad, A.: Detection and prevention of malicious cryptocurrency mining on internet-connected devices. In: Proceedings of the 2nd International Conference on Future Networks and Distributed Systems, ICFNDS 2018. Association for Computing Machinery, New York (2018)
Yadav, S., Reddy, A.K.K., Reddy, A.L.N., Ranjan, S.: Detecting algorithmically generated domain-flux attacks with dns traffic analysis. IEEE/ACM Trans. Networking 20(5), 1663–1677 (2012)
Yadav, S., Reddy, A.K.K., Reddy, A.N., Ranjan, S.: Detecting algorithmically generated malicious domain names. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, pp. 48–61. IMC ’10. Association for Computing Machinery, New York (2010)
Acknowledgment
This research was partially supported by the National Natural Science Foundation of China under Grant No. 61972176, Shandong Provincial Natural Science Foundation, China under Grant No. ZR2021LZH002, Jinan Scientific Research Leader Studio, China under Grant No. 202228114, Shandong Provincial key projects of basic research, China under Grant No. ZR2022ZD01, Shandong Provincial Key R &D Program, China under Grant No. 2021SFGC0401, and Science and Technology Program of University of Jinan (XKY1802).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Li, H., Hao, Y., Lyu, M., Yu, X., Yang, B., Peng, L. (2023). An Early Stage Identification of Cryptomining Behavior with DNS Requests. In: Yang, X., et al. Advanced Data Mining and Applications. ADMA 2023. Lecture Notes in Computer Science(), vol 14180. Springer, Cham. https://doi.org/10.1007/978-3-031-46677-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-46677-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-46676-2
Online ISBN: 978-3-031-46677-9
eBook Packages: Computer ScienceComputer Science (R0)