Academic Journal
MinerGuard: A Solution to Detect Browser-Based Cryptocurrency Mining through Machine Learning
| العنوان: | MinerGuard: A Solution to Detect Browser-Based Cryptocurrency Mining through Machine Learning |
|---|---|
| المؤلفون: | Min-Hao Wu, Yen-Jung Lai, Yan-Ling Hwang, Ting-Cheng Chang, Fu-Hau Hsu |
| المصدر: | Applied Sciences, Vol 12, Iss 19, p 9838 (2022) |
| بيانات النشر: | MDPI AG, 2022. |
| سنة النشر: | 2022 |
| المجموعة: | LCC:Technology LCC:Engineering (General). Civil engineering (General) LCC:Biology (General) LCC:Physics LCC:Chemistry |
| مصطلحات موضوعية: | bitcoin, browser-based cryptocurrency mining, JavaScript miner, cryptojacking, monero, machine learning, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999 |
| الوصف: | Coinhive released its browser-based cryptocurrency mining code in September 2017, and vicious web page writers, called vicious miners hereafter, began to embed mining JavaScript code into their web pages, called mining pages hereafter. As a result, browser users surfing these web pages will benefit mine cryptocurrencies unwittingly for the vicious miners using the CPU resources of their devices. The above activity, called Cryptojacking, has become one of the most common threats to web browser users. As mining pages influence the execution efficiency of regular programs and increase the electricity bills of victims, security specialists start to provide methods to block mining pages. Nowadays, using a blocklist to filter out mining scripts is the most common solution to this problem. However, when the number of new mining pages increases quickly, and vicious miners apply obfuscation and encryption to bypass detection, the detection accuracy of blacklist-based or feature-based solutions decreases significantly. This paper proposes a solution, called MinerGuard, to detect mining pages. MinerGuard was designed based on the observation that mining JavaScript code consumes a lot of CPU resources because it needs to execute plenty of computation. MinerGuard does not need to update data used for detection frequently. On the contrary, blacklist-based or feature-based solutions must update their blocklists frequently. Experimental results show that MinerGuard is more accurate than blacklist-based or feature-based solutions in mining page detection. MinerGuard’s detection rate for mining pages is 96%, but MinerBlock, a blacklist-based solution, is 42.85%. Moreover, MinerGuard can detect 0-day mining pages and scripts, but the blacklist-based and feature-based solutions cannot. |
| نوع الوثيقة: | article |
| وصف الملف: | electronic resource |
| اللغة: | English |
| تدمد: | 2076-3417 |
| Relation: | https://www.mdpi.com/2076-3417/12/19/9838; https://doaj.org/toc/2076-3417 |
| DOI: | 10.3390/app12199838 |
| URL الوصول: | https://doaj.org/article/6cd6ffda334d4de1a3c3e1de16d1281c |
| رقم الانضمام: | edsdoj.6cd6ffda334d4de1a3c3e1de16d1281c |
| قاعدة البيانات: | Directory of Open Access Journals |
Full Text Finder | ResultId |
1 |
|---|---|
| Header |
edsdoj Directory of Open Access Journals edsdoj.6cd6ffda334d4de1a3c3e1de16d1281c 928 3 Academic Journal academicJournal 928.45361328125 |
| PLink |
https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&scope=site&db=edsdoj&AN=edsdoj.6cd6ffda334d4de1a3c3e1de16d1281c&custid=s6537998&authtype=sso |
| FullText |
Array
(
[Availability] => 0
)
Array ( [0] => Array ( [Url] => https://doaj.org/article/6cd6ffda334d4de1a3c3e1de16d1281c [Name] => EDS - DOAJ [Category] => fullText [Text] => View record in DOAJ [MouseOverText] => View record in DOAJ ) [1] => Array ( [Url] => https://resolver.ebscohost.com/openurl?custid=s6537998&groupid=main&authtype=ip,guest&sid=EBSCO:edsdoj&genre=article&issn=20763417&ISBN=&volume=12&issue=19&date=20220901&spage=9838&pages=9838-9838&title=Applied Sciences&atitle=MinerGuard%3A%20A%20Solution%20to%20Detect%20Browser-Based%20Cryptocurrency%20Mining%20through%20Machine%20Learning&id=DOI:10.3390/app12199838 [Name] => Full Text Finder (s6537998api) [Category] => fullText [Text] => Full Text Finder [Icon] => https://imageserver.ebscohost.com/branding/images/FTF.gif [MouseOverText] => Full Text Finder ) ) |
| Items |
Array
(
[Name] => Title
[Label] => Title
[Group] => Ti
[Data] => MinerGuard: A Solution to Detect Browser-Based Cryptocurrency Mining through Machine Learning
)
Array ( [Name] => Author [Label] => Authors [Group] => Au [Data] => <searchLink fieldCode="AR" term="%22Min-Hao+Wu%22">Min-Hao Wu</searchLink><br /><searchLink fieldCode="AR" term="%22Yen-Jung+Lai%22">Yen-Jung Lai</searchLink><br /><searchLink fieldCode="AR" term="%22Yan-Ling+Hwang%22">Yan-Ling Hwang</searchLink><br /><searchLink fieldCode="AR" term="%22Ting-Cheng+Chang%22">Ting-Cheng Chang</searchLink><br /><searchLink fieldCode="AR" term="%22Fu-Hau+Hsu%22">Fu-Hau Hsu</searchLink> ) Array ( [Name] => TitleSource [Label] => Source [Group] => Src [Data] => Applied Sciences, Vol 12, Iss 19, p 9838 (2022) ) Array ( [Name] => Publisher [Label] => Publisher Information [Group] => PubInfo [Data] => MDPI AG, 2022. ) Array ( [Name] => DatePubCY [Label] => Publication Year [Group] => Date [Data] => 2022 ) Array ( [Name] => Subset [Label] => Collection [Group] => HoldingsInfo [Data] => LCC:Technology<br />LCC:Engineering (General). Civil engineering (General)<br />LCC:Biology (General)<br />LCC:Physics<br />LCC:Chemistry ) Array ( [Name] => Subject [Label] => Subject Terms [Group] => Su [Data] => <searchLink fieldCode="DE" term="%22bitcoin%22">bitcoin</searchLink><br /><searchLink fieldCode="DE" term="%22browser-based+cryptocurrency+mining%22">browser-based cryptocurrency mining</searchLink><br /><searchLink fieldCode="DE" term="%22JavaScript+miner%22">JavaScript miner</searchLink><br /><searchLink fieldCode="DE" term="%22cryptojacking%22">cryptojacking</searchLink><br /><searchLink fieldCode="DE" term="%22monero%22">monero</searchLink><br /><searchLink fieldCode="DE" term="%22machine+learning%22">machine learning</searchLink><br /><searchLink fieldCode="DE" term="%22Technology%22">Technology</searchLink><br /><searchLink fieldCode="DE" term="%22Engineering+%28General%29%2E+Civil+engineering+%28General%29%22">Engineering (General). Civil engineering (General)</searchLink><br /><searchLink fieldCode="DE" term="%22TA1-2040%22">TA1-2040</searchLink><br /><searchLink fieldCode="DE" term="%22Biology+%28General%29%22">Biology (General)</searchLink><br /><searchLink fieldCode="DE" term="%22QH301-705%2E5%22">QH301-705.5</searchLink><br /><searchLink fieldCode="DE" term="%22Physics%22">Physics</searchLink><br /><searchLink fieldCode="DE" term="%22QC1-999%22">QC1-999</searchLink><br /><searchLink fieldCode="DE" term="%22Chemistry%22">Chemistry</searchLink><br /><searchLink fieldCode="DE" term="%22QD1-999%22">QD1-999</searchLink> ) Array ( [Name] => Abstract [Label] => Description [Group] => Ab [Data] => Coinhive released its browser-based cryptocurrency mining code in September 2017, and vicious web page writers, called vicious miners hereafter, began to embed mining JavaScript code into their web pages, called mining pages hereafter. As a result, browser users surfing these web pages will benefit mine cryptocurrencies unwittingly for the vicious miners using the CPU resources of their devices. The above activity, called Cryptojacking, has become one of the most common threats to web browser users. As mining pages influence the execution efficiency of regular programs and increase the electricity bills of victims, security specialists start to provide methods to block mining pages. Nowadays, using a blocklist to filter out mining scripts is the most common solution to this problem. However, when the number of new mining pages increases quickly, and vicious miners apply obfuscation and encryption to bypass detection, the detection accuracy of blacklist-based or feature-based solutions decreases significantly. This paper proposes a solution, called MinerGuard, to detect mining pages. MinerGuard was designed based on the observation that mining JavaScript code consumes a lot of CPU resources because it needs to execute plenty of computation. MinerGuard does not need to update data used for detection frequently. On the contrary, blacklist-based or feature-based solutions must update their blocklists frequently. Experimental results show that MinerGuard is more accurate than blacklist-based or feature-based solutions in mining page detection. MinerGuard’s detection rate for mining pages is 96%, but MinerBlock, a blacklist-based solution, is 42.85%. Moreover, MinerGuard can detect 0-day mining pages and scripts, but the blacklist-based and feature-based solutions cannot. ) Array ( [Name] => TypeDocument [Label] => Document Type [Group] => TypDoc [Data] => article ) Array ( [Name] => Format [Label] => File Description [Group] => SrcInfo [Data] => electronic resource ) Array ( [Name] => Language [Label] => Language [Group] => Lang [Data] => English ) Array ( [Name] => ISSN [Label] => ISSN [Group] => ISSN [Data] => 2076-3417 ) Array ( [Name] => NoteTitleSource [Label] => Relation [Group] => SrcInfo [Data] => https://www.mdpi.com/2076-3417/12/19/9838; https://doaj.org/toc/2076-3417 ) Array ( [Name] => DOI [Label] => DOI [Group] => ID [Data] => 10.3390/app12199838 ) Array ( [Name] => URL [Label] => Access URL [Group] => URL [Data] => <link linkTarget="URL" linkTerm="https://doaj.org/article/6cd6ffda334d4de1a3c3e1de16d1281c" linkWindow="_blank">https://doaj.org/article/6cd6ffda334d4de1a3c3e1de16d1281c</link> ) Array ( [Name] => AN [Label] => Accession Number [Group] => ID [Data] => edsdoj.6cd6ffda334d4de1a3c3e1de16d1281c ) |
| RecordInfo |
Array
(
[BibEntity] => Array
(
[Identifiers] => Array
(
[0] => Array
(
[Type] => doi
[Value] => 10.3390/app12199838
)
)
[Languages] => Array
(
[0] => Array
(
[Text] => English
)
)
[PhysicalDescription] => Array
(
[Pagination] => Array
(
[PageCount] => 1
[StartPage] => 9838
)
)
[Subjects] => Array
(
[0] => Array
(
[SubjectFull] => bitcoin
[Type] => general
)
[1] => Array
(
[SubjectFull] => browser-based cryptocurrency mining
[Type] => general
)
[2] => Array
(
[SubjectFull] => JavaScript miner
[Type] => general
)
[3] => Array
(
[SubjectFull] => cryptojacking
[Type] => general
)
[4] => Array
(
[SubjectFull] => monero
[Type] => general
)
[5] => Array
(
[SubjectFull] => machine learning
[Type] => general
)
[6] => Array
(
[SubjectFull] => Technology
[Type] => general
)
[7] => Array
(
[SubjectFull] => Engineering (General). Civil engineering (General)
[Type] => general
)
[8] => Array
(
[SubjectFull] => TA1-2040
[Type] => general
)
[9] => Array
(
[SubjectFull] => Biology (General)
[Type] => general
)
[10] => Array
(
[SubjectFull] => QH301-705.5
[Type] => general
)
[11] => Array
(
[SubjectFull] => Physics
[Type] => general
)
[12] => Array
(
[SubjectFull] => QC1-999
[Type] => general
)
[13] => Array
(
[SubjectFull] => Chemistry
[Type] => general
)
[14] => Array
(
[SubjectFull] => QD1-999
[Type] => general
)
)
[Titles] => Array
(
[0] => Array
(
[TitleFull] => MinerGuard: A Solution to Detect Browser-Based Cryptocurrency Mining through Machine Learning
[Type] => main
)
)
)
[BibRelationships] => Array
(
[HasContributorRelationships] => Array
(
[0] => Array
(
[PersonEntity] => Array
(
[Name] => Array
(
[NameFull] => Min-Hao Wu
)
)
)
[1] => Array
(
[PersonEntity] => Array
(
[Name] => Array
(
[NameFull] => Yen-Jung Lai
)
)
)
[2] => Array
(
[PersonEntity] => Array
(
[Name] => Array
(
[NameFull] => Yan-Ling Hwang
)
)
)
[3] => Array
(
[PersonEntity] => Array
(
[Name] => Array
(
[NameFull] => Ting-Cheng Chang
)
)
)
[4] => Array
(
[PersonEntity] => Array
(
[Name] => Array
(
[NameFull] => Fu-Hau Hsu
)
)
)
)
[IsPartOfRelationships] => Array
(
[0] => Array
(
[BibEntity] => Array
(
[Dates] => Array
(
[0] => Array
(
[D] => 01
[M] => 09
[Type] => published
[Y] => 2022
)
)
[Identifiers] => Array
(
[0] => Array
(
[Type] => issn-print
[Value] => 20763417
)
)
[Numbering] => Array
(
[0] => Array
(
[Type] => volume
[Value] => 12
)
[1] => Array
(
[Type] => issue
[Value] => 19
)
)
[Titles] => Array
(
[0] => Array
(
[TitleFull] => Applied Sciences
[Type] => main
)
)
)
)
)
)
)
|
| IllustrationInfo |