English  |  正體中文  |  简体中文  |  Items with full text/Total items : 70585/70585 (100%)
Visitors : 23206609      Online Users : 419
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/77755


    Title: MinerGuard: A Solution to Detect Browser-Based Cryptocurrency Mining through Machine Learning
    Authors: 賴彥蓉;Lai, Yen-Jung
    Contributors: 資訊工程學系
    Keywords: 挖礦綁架;Coinhive;網頁挖礦;JavaScript 挖礦;門羅幣;Cryptojacking;Coinhive;Browser-Based Cryptocurrency Mining;JavaScript Miner;Monero
    Date: 2018-08-20
    Issue Date: 2018-08-31 14:55:03 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 2017年9月出現網頁挖礦技術Coinhive,隨後許多網站暗藏挖礦腳本,在未經使用者允許的情況下使用CPU資源來挖礦,以取代廣告收益,稱為「挖礦綁架」 (Cryptojacking) ,成為資安領域最新的攻擊趨勢。許多資安團隊提出阻擋網頁挖礦的方式,例如以黑名單過濾挖礦腳本。然而因「挖礦綁架」攻擊事件顯著上升,靜態黑名單的更新機制已無法及時保護使用者。
    本研究針對「挖礦綁架」的攻擊技術,實作以觀察使用者電腦資源為基礎的挖礦辨識機制。本研究使用機器學習的方法觀察電腦資源的變化,如CPU變化量,以便及時判斷業是否隱含挖礦腳本,並通知使用者。
    實驗後,結果顯示此系統比黑名單系統的精確度更高,且比起黑名單系統需要不斷更新黑名單,此系統並不需要人工更新。
    濫用網頁挖礦腳本,綁架使用者電腦挖礦的非法行為日發嚴重,如何有效阻擋挖礦綁架未來勢必成為資安的新議題,本研究的目標是保護人們不會在不知情的情況下淪為礦工。
    ;Since Coinhive released its browser-based cryptocurrency mining code in September 2017, many websites embed mining JavaScript to mine cryptocurrency by using CPU resources without the consent of the device owner, it’s called Cryptojacking. And Cryptojacking has become the latest attack trend in computer security field. Many security specialists provide some methods to block the mining scripts, such as filtering mining scripts by blacklist. However, due to the significant increase in the Cryptojacking attacks, the static blacklist mechanism has become useless to protect users in time.
    In this paper, we design and implement the mining identification mechanism which based on the observation of users’ computer resources. Our mechanism observes the changes of CPU usages in time to identify whether or not a website uses the mining scripts and notify the users.
    The experiment results show that our system is more accurate than the blacklist mechanism and our system does not need to update system regularly. But the blacklist mechanism has to update blacklist constantly.
    Abuse of web mining scripts and illegal acts of Cryptojacking are becoming more and more serious. The way to prevent Cryptojacking effectively will become a new issue for security. And the goal of our study is to protect people from becoming miners.
    Appears in Collections:[資訊工程研究所] 博碩士論文

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML176View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback  - 隱私權政策聲明