中央研究院 資訊科學研究所

活動訊息

友善列印

列印可使用瀏覽器提供的(Ctrl+P)功能

Detection of browser-based crytocurrency mining

:::

Detection of browser-based crytocurrency mining

  • 講者Veelasha Moonsamy 博士 (荷蘭拉布大學資訊系)
    邀請人:楊柏因
  • 時間2019-10-31 (Thu.) 10:00 ~ 11:00
  • 地點資訊所新館106演講廳
摘要

A wave of alternative coins that can be effectively mined without specialized hardware and a surge in cryptocurrencies’ market value has led to the development of cryptocurrency mining (cryptomining) services, which can be easily integrated into websites to monetize the computational power of their visitors. While legitimate website operators are exploring these services as an alternative to advertisements, they have also drawn the attention of cybercriminals: drive-by mining (also known as cryptojacking) is a new web-based attack, in which an infected website secretly executes JavaScript code and/or a WebAssembly module in the user’s browser to mine cryptocurrencies without her consent. In this talk, I will elaborate on the comprehensive analysis we performed on Alexa’s Top 1 Million websites to shed light on the prevalence and profitability of this attack. We study the websites affected by drive-by mining to understand the techniques being used to evade detection, and the latest web technologies being exploited to efficiently mine cryptocurrency. As a result of our study, we identified 20 active cryptomining campaigns. Furthermore, motivated by our findings, we investigate possible countermeasures against this type of attack. I will discuss how current blacklisting approaches and heuristics based on CPU usage are insufficient, and present MineSweeper, a novel detection technique that is based on the intrinsic characteristics of cryptomining code, and, thus, is resilient to obfuscation.