MinerGuard: A Solution to Detect Browser-Based Cryptocurrency Mining through Machine Learning

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：38

、訪客IP：18.116.21.194

姓名

賴彥蓉(Yen-Jung Lai) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

(MinerGuard: A Solution to Detect Browser-Based Cryptocurrency Mining through Machine Learning)

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye	★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

2017年9月出現網頁挖礦技術Coinhive，隨後許多網站暗藏挖礦腳本，在未經使用者允許的情況下使用CPU資源來挖礦，以取代廣告收益，稱為「挖礦綁架」 (Cryptojacking) ，成為資安領域最新的攻擊趨勢。許多資安團隊提出阻擋網頁挖礦的方式，例如以黑名單過濾挖礦腳本。然而因「挖礦綁架」攻擊事件顯著上升，靜態黑名單的更新機制已無法及時保護使用者。
本研究針對「挖礦綁架」的攻擊技術，實作以觀察使用者電腦資源為基礎的挖礦辨識機制。本研究使用機器學習的方法觀察電腦資源的變化，如CPU變化量，以便及時判斷業是否隱含挖礦腳本，並通知使用者。
實驗後，結果顯示此系統比黑名單系統的精確度更高，且比起黑名單系統需要不斷更新黑名單，此系統並不需要人工更新。
濫用網頁挖礦腳本，綁架使用者電腦挖礦的非法行為日發嚴重，如何有效阻擋挖礦綁架未來勢必成為資安的新議題，本研究的目標是保護人們不會在不知情的情況下淪為礦工。

摘要(英)

Since Coinhive released its browser-based cryptocurrency mining code in September 2017, many websites embed mining JavaScript to mine cryptocurrency by using CPU resources without the consent of the device owner, it’s called Cryptojacking. And Cryptojacking has become the latest attack trend in computer security field. Many security specialists provide some methods to block the mining scripts, such as filtering mining scripts by blacklist. However, due to the significant increase in the Cryptojacking attacks, the static blacklist mechanism has become useless to protect users in time.
In this paper, we design and implement the mining identification mechanism which based on the observation of users’ computer resources. Our mechanism observes the changes of CPU usages in time to identify whether or not a website uses the mining scripts and notify the users.
The experiment results show that our system is more accurate than the blacklist mechanism and our system does not need to update system regularly. But the blacklist mechanism has to update blacklist constantly.
Abuse of web mining scripts and illegal acts of Cryptojacking are becoming more and more serious. The way to prevent Cryptojacking effectively will become a new issue for security. And the goal of our study is to protect people from becoming miners.

關鍵字(中)

★ 挖礦綁架
★ Coinhive
★ 網頁挖礦
★ JavaScript 挖礦
★ 門羅幣

關鍵字(英)

★ Cryptojacking
★ Coinhive
★ Browser-Based Cryptocurrency Mining
★ JavaScript Miner
★ Monero

論文目次

Chinese Abstract i
English Abstract ii
Acknowledgement iii
Table of Contents iv
List of Figures v
List of Tables vi
Chapter 1. Introduction 1
Chapter 2. Background 4
2.1 Browser-Based Cryptocurrency Mining 4
2.2 Monero 6
2.3 Cryptojacking 7
2.4 Machine Learning 8
2.5 Artificial Neural Network 9
Chapter 3. Related Work 11
3.1 MinerBlock 11
3.2 No Coin - Block miners on the web! 12
3.3 AntiMiner - No 1 Coin Minerblock 13
3.4 Trend Micro Locality Sensitive Hashing 15
Chapter 4. System Design 16
4.1 Design Principle 16
4.2 System Architecture 17
4.3 Main Components 20
Chapter 5. Evaluation 26
5.1 Environment 26
5.2 Test Cases 26
5.3 Experiments 27
Chapter 6. Discussion 32
6.1 Limitations 32
6.2 Future Work 32
Chapter 7. Conclusion 33
References 34

參考文獻

[1] S. Nakamoto, "Bitcoin: a peer-to-peer electronic cash system," 2009. [Online]. Available: http://www.bitcoin.org/bitcoin.pdf.
[2] S. Nakamoto, "Satoshi. Bitcoin v0.1 released," Jan. 2009. [Online]. Available: https://www.mail-archive.com/cryptography@metzdowd.com/msg10142.html.
[3] B. Wiki, "Important milestones of the bitcoin project," [Online]. Available: https://en.bitcoin.it/wiki/Category:History. [Accessed 23 Jun. 2018].
[4] M. B. Taylor, "The Evolution of Bitcoin Hardware," IEEE Computer, vol. 50, no. 9, pp. 58-66, 2017.
[5] R. Quigley, "Bitcoin For the Uninitiated: Now, A Browser-Based Mining Client," 19 May 2011. [Online]. Available: https://www.themarysue.com/browser-based-bitcoin-mining/. [Accessed 23 Jun. 2018].
[6] B. Magazine, "Bitpay Breaks Daily Volume Record with Butterfly ASIC mining release," Jun. 2012. [Online]. Available: https://bitcoinmagazine.com/articles/bitpay-breaks-daily-volume-record-with-butterfly-asic-mining-release-1340734589/. [Accessed 24 Jun. 2018].
[7] Coinhive, "Monetize Your Business With Your Users′ CPU Power," [Online]. Available: https://coinhive.com/. [Accessed 3 Jul. 2018].
[8] J. Hruska, "Browser-based mining malware found on pirate bay," Sep. 2017. [Online]. Available: https://www.extremetech.com/internet/255971-browserbased-cryptocurrency-malware-appears-online-pirate-bay. [Accessed 3 Jul. 2018].
[9] J. Segura, "A look into the global drive-by cryptocurrency mining phenomenon," Nov. 2017. [Online]. Available: https://blog.malwarebytes.com/cybercrime/2017/11/a-look-into-the-global-drive-by-cryptocurrency-mining-phenomenon/. [Accessed 23 Jun. 2018].
[10] W. d. Groot, "Cryptojacking found on 2496 online stores," 7 Nov. 2017. [Online]. Available: https://gwillem.gitlab.io/2017/11/07/cryptojacking-found-on-2496-stores/. [Accessed 24 Jun. 2018].
[11] CryptoMineDev, "MinerBlock," 2017, 18 Sep.. [Online]. Available: https://github.com/xd4rker/MinerBlock. [Accessed 3 Jul. 2018].
[12] Keraf, "No Coin," 11 Sep. 2017. [Online]. Available: https://github.com/keraf/NoCoin/. [Accessed 3 Jul. 2018].
[13] Tunghobrens, "Anti Miner - No 1 Coin Minerblock," [Online]. Available: https://chrome.google.com/webstore/detail/anti-miner-no-1-coin-mine/ibhpgkhoicjhklmbhdoeikeggbeejonj. [Accessed 6 Jul. 2018].
[14] Trend Micro, "Cluster of Coins: How Machine Learning Detects Cryptocurrency-mining Malware," 26 May 2018. [Online]. Available: http://newsroom.trendmicro.com/blog/security-intelligence/cluster-coins-how-machine-learning-detects-cryptocurrency-mining-malware. [Accessed 3 Jul. 2018].
[15] BitcoinPlus.com, "Get Bitcoin. It′s Easy," May. 2011. [Online]. Available: https://web.archive.org/web/20110823093029/http://www.bitcoinplus.com/. [Accessed 23 Jun. 2018].
[16] Monero, "Monero - secure, private, untraceable," 2014. [Online]. Available: https://getmonero.org/. [Accessed 3 Jul. 2018].
[17] Chrome, "What are extensions?," 2018. [Online]. Available: https://developer.chrome.com/extensions. [Accessed 3 Jul. 2018].
[18] MDN, "Browser Extensions - Mozilla | MDN," 2018. [Online]. Available: https://developer.mozilla.org/en-US/Add-ons/WebExtensions. [Accessed 3 Jul. 2018].

指導教授

許富皓(Fu-Hau Hsu)

審核日期

2018-8-20

推文