2017年9月出現網頁挖礦技術Coinhive,隨後許多網站暗藏挖礦腳本,在未經使用者允許的情況下使用CPU資源來挖礦,以取代廣告收益,稱為「挖礦綁架」 (Cryptojacking) ,成為資安領域最新的攻擊趨勢。許多資安團隊提出阻擋網頁挖礦的方式,例如以黑名單過濾挖礦腳本。然而因「挖礦綁架」攻擊事件顯著上升,靜態黑名單的更新機制已無法及時保護使用者。 本研究針對「挖礦綁架」的攻擊技術,實作以觀察使用者電腦資源為基礎的挖礦辨識機制。本研究使用機器學習的方法觀察電腦資源的變化,如CPU變化量,以便及時判斷業是否隱含挖礦腳本,並通知使用者。 實驗後,結果顯示此系統比黑名單系統的精確度更高,且比起黑名單系統需要不斷更新黑名單,此系統並不需要人工更新。 濫用網頁挖礦腳本,綁架使用者電腦挖礦的非法行為日發嚴重,如何有效阻擋挖礦綁架未來勢必成為資安的新議題,本研究的目標是保護人們不會在不知情的情況下淪為礦工。 ;Since Coinhive released its browser-based cryptocurrency mining code in September 2017, many websites embed mining JavaScript to mine cryptocurrency by using CPU resources without the consent of the device owner, it’s called Cryptojacking. And Cryptojacking has become the latest attack trend in computer security field. Many security specialists provide some methods to block the mining scripts, such as filtering mining scripts by blacklist. However, due to the significant increase in the Cryptojacking attacks, the static blacklist mechanism has become useless to protect users in time. In this paper, we design and implement the mining identification mechanism which based on the observation of users’ computer resources. Our mechanism observes the changes of CPU usages in time to identify whether or not a website uses the mining scripts and notify the users. The experiment results show that our system is more accurate than the blacklist mechanism and our system does not need to update system regularly. But the blacklist mechanism has to update blacklist constantly. Abuse of web mining scripts and illegal acts of Cryptojacking are becoming more and more serious. The way to prevent Cryptojacking effectively will become a new issue for security. And the goal of our study is to protect people from becoming miners.