detection of browser based cryptocurrency mining
play

Detection of browser-based cryptocurrency mining Veelasha Moonsamy - PowerPoint PPT Presentation

Sep 21, 2023 •346 likes •1.44k views

Detection of browser-based cryptocurrency mining Veelasha Moonsamy Radboud University, The Netherlands 25 June 2019 Blockchain and Cryptocurrencies Security School University of Padova, Italy Radboud University, Nijmegen, NL 2 DiS research

  1. Current detection method: Blacklist-based approach ◮ Existing defenses: ◮ CoinBlockerList 2 : maintains a blacklist of mining pools and proxy servers that are manually collected from reports on security blogs and Twitter ◮ Dr. Mine 3 : blocks drive-by mining by means of explicitly blacklisted URLs (based on for e.g. CoinBlockerLists) ◮ MinerBlock 4 : combines blacklists with detecting potential mining code inside loaded JavaScript files 2 https://gitlab.com/ZeroDot1/CoinBlockerLists 3 https://github.com/1lastBr3ath/drmine 4 https://github.com/xd4rker/MinerBlock 16

  2. Current detection method: Blacklist-based approach ◮ Existing defenses: ◮ CoinBlockerList 2 : maintains a blacklist of mining pools and proxy servers that are manually collected from reports on security blogs and Twitter ◮ Dr. Mine 3 : blocks drive-by mining by means of explicitly blacklisted URLs (based on for e.g. CoinBlockerLists) ◮ MinerBlock 4 : combines blacklists with detecting potential mining code inside loaded JavaScript files ◮ Shortcomings: ◮ Not scalable ◮ Prone to high false negatives ◮ Easily defeated by URL randomization and domain generation algorithms 2 https://gitlab.com/ZeroDot1/CoinBlockerLists 3 https://github.com/1lastBr3ath/drmine 4 https://github.com/xd4rker/MinerBlock 16

  3. Current detection methods: High CPU-based approach ◮ Several studies found high CPU usage from the website can be used as an indicator of drive-by mining 17

  4. Current detection methods: High CPU-based approach ◮ Several studies found high CPU usage from the website can be used as an indicator of drive-by mining ◮ Consequently, many drive-by miners started throttling their CPU usage to around 25% 17

  5. Current detection methods: High CPU-based approach ◮ Several studies found high CPU usage from the website can be used as an indicator of drive-by mining ◮ Consequently, many drive-by miners started throttling their CPU usage to around 25% ◮ Implications: ◮ False positives, as there might exist other CPU-intensive use cases (e.g. games) ◮ False negatives, as cryptominers have started to throttle their CPU usage to evade detection 17

  6. Minesweeper: contributions ◮ Perform first in-depth assessment of drive-by mining 18

  7. Minesweeper: contributions ◮ Perform first in-depth assessment of drive-by mining ◮ Discuss why current defenses based on blacklisting and CPU usage are ineffective 18

  8. Minesweeper: contributions ◮ Perform first in-depth assessment of drive-by mining ◮ Discuss why current defenses based on blacklisting and CPU usage are ineffective ◮ Propose MineSweeper , a novel detection approach based on the identification of the cryptographic functions (static analysis) and cache events (during run-time) 18

  9. Drive-by mining in the wild ◮ Conducted a large-scale analysis with the aim to answer the following questions: 19

  10. Drive-by mining in the wild ◮ Conducted a large-scale analysis with the aim to answer the following questions: 1. How prevalent is drive-by mining in the wild? 19

  11. Drive-by mining in the wild ◮ Conducted a large-scale analysis with the aim to answer the following questions: 1. How prevalent is drive-by mining in the wild? 2. How many different drive-by mining services exist currently? 19

  12. Drive-by mining in the wild ◮ Conducted a large-scale analysis with the aim to answer the following questions: 1. How prevalent is drive-by mining in the wild? 2. How many different drive-by mining services exist currently? 3. Which evasion tactics do drive-by mining services employ? 19

  13. Drive-by mining in the wild ◮ Conducted a large-scale analysis with the aim to answer the following questions: 1. How prevalent is drive-by mining in the wild? 2. How many different drive-by mining services exist currently? 3. Which evasion tactics do drive-by mining services employ? 4. What is the modus operandi of different types of campaign? 19

  14. Drive-by mining in the wild ◮ Conducted a large-scale analysis with the aim to answer the following questions: 1. How prevalent is drive-by mining in the wild? 2. How many different drive-by mining services exist currently? 3. Which evasion tactics do drive-by mining services employ? 4. What is the modus operandi of different types of campaign? 5. How much profit do these campaigns make? 19

  15. Drive-by mining in the wild ◮ Conducted a large-scale analysis with the aim to answer the following questions: 1. How prevalent is drive-by mining in the wild? 2. How many different drive-by mining services exist currently? 3. Which evasion tactics do drive-by mining services employ? 4. What is the modus operandi of different types of campaign? 5. How much profit do these campaigns make? 6. What are the common characteristics across different drive-by mining services that can be used for their detection? 19

  16. Large-scale Analysis: experiment set-up 20

  17. Data collection ◮ Over a period of one week in mid-March 2018 21

  18. Data collection ◮ Over a period of one week in mid-March 2018 ◮ Crawler ◮ Crawled landing page and 3 internal pages ◮ Stayed on each visited page for 4 seconds ◮ No simulated interacted, i.e. the crawler did not give any consent for cryptomining 21

  19. Data collection ◮ Over a period of one week in mid-March 2018 ◮ Crawler ◮ Crawled landing page and 3 internal pages ◮ Stayed on each visited page for 4 seconds ◮ No simulated interacted, i.e. the crawler did not give any consent for cryptomining ◮ Crawled 991,513 websites; 4.6 TB raw data and 550 MB data profiles 21

  20. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload 22

  21. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code 22

  22. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code ◮ Websites embed the orchestrator script in the main page 22

  23. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code ◮ Websites embed the orchestrator script in the main page ◮ Can be detected by looking for specific string patterns 22

  24. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code ◮ Websites embed the orchestrator script in the main page ◮ Can be detected by looking for specific string patterns 22

  25. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code ◮ Websites embed the orchestrator script in the main page ◮ Can be detected by looking for specific string patterns ◮ Keywords: CoinHive.Anonymous or coinhive.min.js 22

  26. Preliminary results: Cryptomining code (2/2) ◮ Identification of mining payload ◮ Dump the Wasm (WebAssembly) payload ◮ –dump-wasm- module flag in Chrome dumps the loaded Wasm modules ◮ Keyword-based search: cryptonight_hash and CryptonightWasmWrapper 23

  27. Effectiveness of fingerprint-based detection 24

  28. Effectiveness of fingerprint-based detection ◮ Detected 866 websites; 59.35% used Coinhive cryptomining services 24

  29. Effectiveness of fingerprint-based detection ◮ Detected 866 websites; 59.35% used Coinhive cryptomining services ◮ Issues with keyword-based fingerprinting: code obfuscation and manual effort of updating signatures 24

  30. Preliminary results: Mining pool communication (1/2) ◮ Miners use the Stratum protocol to communicate with the mining pool 25

  31. Preliminary results: Mining pool communication (1/2) ◮ Miners use the Stratum protocol to communicate with the mining pool ◮ Use of WebSockets to allow full-duplex, asynchronous communication between code running on a webpage and servers 25

  32. Preliminary results: Mining pool communication (1/2) ◮ Miners use the Stratum protocol to communicate with the mining pool ◮ Use of WebSockets to allow full-duplex, asynchronous communication between code running on a webpage and servers ◮ Search in WebSocket frames for keywords related to Stratum protocol 25

  33. Preliminary results: Mining pool communication (2/2) ◮ 59,319 (5.39%) websites use WebSockets ◮ 1,008 websites use Stratum protocol for communication ◮ 2,377 websites encode the data (Hex code or salted Base64) - more on this later 26

  34. Summary of key findings ◮ Identified 1,735 websites as mining cryptocurrency, out of which 1,627 (93.78%) could be identified based on keywords in the cryptomining code 27

  35. Summary of key findings ◮ Identified 1,735 websites as mining cryptocurrency, out of which 1,627 (93.78%) could be identified based on keywords in the cryptomining code ◮ 1,008 (58.10%) use the Stratum protocol in plaintext, 174 (10.03%) obfuscate the communication protocol 27

  36. Summary of key findings ◮ Identified 1,735 websites as mining cryptocurrency, out of which 1,627 (93.78%) could be identified based on keywords in the cryptomining code ◮ 1,008 (58.10%) use the Stratum protocol in plaintext, 174 (10.03%) obfuscate the communication protocol ◮ All the websites (100.00%) use Wasm for the cryptomining payload and open a WebSocket 27

  37. Summary of key findings ◮ Identified 1,735 websites as mining cryptocurrency, out of which 1,627 (93.78%) could be identified based on keywords in the cryptomining code ◮ 1,008 (58.10%) use the Stratum protocol in plaintext, 174 (10.03%) obfuscate the communication protocol ◮ All the websites (100.00%) use Wasm for the cryptomining payload and open a WebSocket ◮ At least 197 (11.36%) websites throttle their CPU usage to less than 50%, while for only 12 (0.69%) mining websites we observed a CPU load of less than 25%. 27

  38. In-depth analysis: evasion techniques ◮ We identified three evasion techniques, which are widely used by the drive-by mining services in our dataset 1. Code obfuscation 2. Obfuscated Stratum communication 3. Anti-debugging tricks 28

  39. In-depth analysis: code obfuscation ◮ Packed code : The compressed and encoded orchestrator script is decoded using a chain of decoding functions at run time. ◮ PCharCode : The orchestrator script is converted to charCode and embedded in the webpage. At run time, it is converted back to a string and executed using JavaScript’s eval() function. ◮ Name obfuscation : Variable names and functions names are replaced with random strings. ◮ Dead code injection : Random blocks of code, which are never executed, are added to the script to make reverse engineering more difficult. ◮ Filename and URL randomization : The name of the JavaScript file is randomized or the URL it is loaded from is shortened to avoid detection based on pattern matching. 29

  40. In-depth analysis: code obfuscation ◮ Packed code : The compressed and encoded orchestrator script is decoded using a chain of decoding functions at run time. ◮ PCharCode : The orchestrator script is converted to charCode and embedded in the webpage. At run time, it is converted back to a string and executed using JavaScript’s eval() function. ◮ Name obfuscation : Variable names and functions names are replaced with random strings. ◮ Dead code injection : Random blocks of code, which are never executed, are added to the script to make reverse engineering more difficult. ◮ Filename and URL randomization : The name of the JavaScript file is randomized or the URL it is loaded from is shortened to avoid detection based on pattern matching. All of the above mainly applied to orchestrator code; the only obfuscation on mining payload is name obfuscation 29

  41. In-depth analysis: obfuscated Stratum communication ◮ Identified the Stratum protocol in plaintext for 1,008 websites 30

  42. In-depth analysis: obfuscated Stratum communication ◮ Identified the Stratum protocol in plaintext for 1,008 websites ◮ Manually analyzed the WebSocket communication for the remaining 727 websites and found the following: ◮ 174 websites obfuscate by encoding the request, either as Hex code, or with salted Base64 encoding before transmitting it through the WebSocket ◮ We could not identify any pool communication for remaining 553 websites, either due to other encodings, or due to slow server connections 30

  43. In-depth analysis: Anti-debugging tricks ◮ 139 websites used anti-debugging tricks ◮ Checked code periodically to see whether the user is analyzing the code served by the webpage using developer tools ◮ If the developer tools are open in the browser, it stops executing any further code 31

  44. MineSweeper

  45. MineSweeper ◮ MineSweeper employs multiples stages in order to detect a webminer: 33

  46. CryptoNight algorithm (1/2) ◮ CryptoNight was proposed in 2013 and popularly used by Monero (XMR) 34

  47. CryptoNight algorithm (1/2) ◮ CryptoNight was proposed in 2013 and popularly used by Monero (XMR) ◮ We exploit two fundamental characteristics: 34

  48. CryptoNight algorithm (1/2) ◮ CryptoNight was proposed in 2013 and popularly used by Monero (XMR) ◮ We exploit two fundamental characteristics: ◮ It makes use of several cryptographic primitives, such as: Keccak 1600-516, Keccak-f 1600, AES, BLAKE-256, Groestl-256, and Skein-256 34

  49. CryptoNight algorithm (1/2) ◮ CryptoNight was proposed in 2013 and popularly used by Monero (XMR) ◮ We exploit two fundamental characteristics: ◮ It makes use of several cryptographic primitives, such as: Keccak 1600-516, Keccak-f 1600, AES, BLAKE-256, Groestl-256, and Skein-256 ◮ A memory hard algorithm ◮ High-performances on ordinary CPUs ◮ Inefficient on today’s special purpose devices (ASICs) ◮ Internal memory-hard loop: alternate reads and writes to the Last Level Cache (LLC) 34

  50. CryptoNight algorithm (2/2) Scratchpad Memory-hard Final result Initialization loop calculation Key expansion Keccak 1600-512 Loop preparation + 10 AES rounds Key expansion 8 rounds 524.288 Iterations + 10 AES rounds AES AES Read S S 8 rounds c XOR c XOR r Write r a Read a t 8bt_MUL Keccak-f 1600 t AES Write c c h h 8bt_ADD p p a BLAKE-Groestl-Skein Write a d hash-select XOR d ◮ CryptoNight allocates a scratchpad of 2MB in memory ◮ On modern processors ends up in the LLC 35

  51. Wasm analysis ◮ Linear assembly bytecode translation using the WebAssembly Binary Toolkit (WABT) debugger ◮ Functions identification - to create an internal representation of the code for each function ◮ Cryptographic operation count - track the control flow and crypto operands ◮ Static call graph construction, including identification of loops 36

  52. CryptoNight detection ◮ MineSweeper is given as input a CryptoNight fingerprint ◮ We created a fingerprint for each of CryptoNight’s cryptographic primitives based on operands counts and flow structure 37

  53. CryptoNight detection - an example ◮ Assume the fingerprint for BLAKE-256 has 80 XOR, 85 left shift, and 32 right shift instructions 38

  54. CryptoNight detection - an example ◮ Assume the fingerprint for BLAKE-256 has 80 XOR, 85 left shift, and 32 right shift instructions ◮ Function foo() , which is an implementation of BLAKE-256, that we want to match against this fingerprint, contains 86 XOR, 85 left shift, and 33 right shift instructions 38

  55. CryptoNight detection - an example ◮ Assume the fingerprint for BLAKE-256 has 80 XOR, 85 left shift, and 32 right shift instructions ◮ Function foo() , which is an implementation of BLAKE-256, that we want to match against this fingerprint, contains 86 XOR, 85 left shift, and 33 right shift instructions ◮ In this case, the similarity score is 3 and difference score is 2 38

  56. CryptoNight detection - an example ◮ Assume the fingerprint for BLAKE-256 has 80 XOR, 85 left shift, and 32 right shift instructions ◮ Function foo() , which is an implementation of BLAKE-256, that we want to match against this fingerprint, contains 86 XOR, 85 left shift, and 33 right shift instructions ◮ In this case, the similarity score is 3 and difference score is 2 ◮ All three types of instructions are present in foo() ; foo() contains extra XOR and an extra shift instruction 38

  57. Evaluation of cryptofunction detection ◮ Identified 40 unique samples among the 748 collected Wasm samples ◮ Applied the cryptofunction detection routine of MineSweeper on them 39

  58. CPU cache events monitoring ◮ What if an attack would sacrifice part of the profits for obfuscated Wasm? 40

  59. CPU cache events monitoring ◮ What if an attack would sacrifice part of the profits for obfuscated Wasm? ◮ Solution: CPU cache events monitoring 40

  60. CPU cache events monitoring ◮ What if an attack would sacrifice part of the profits for obfuscated Wasm? ◮ Solution: CPU cache events monitoring ◮ MineSweeper monitors the L1 and L3 for load and store events caused by the CryptoNight algorithm 40

  61. CPU cache events monitoring ◮ What if an attack would sacrifice part of the profits for obfuscated Wasm? ◮ Solution: CPU cache events monitoring ◮ MineSweeper monitors the L1 and L3 for load and store events caused by the CryptoNight algorithm ◮ Also detects a fundamental characteristic of the CryptoNight algorithm: the memory-hard loop! 40

  62. Evaluation of blacklisting approaches ◮ For comparison, we evaluate MineSweeper against Dr. Mine 41

  63. Evaluation of blacklisting approaches ◮ For comparison, we evaluate MineSweeper against Dr. Mine ◮ Dr. Mine uses CoinBlockerLists as the basis to detect mining websites 41

  64. Evaluation of blacklisting approaches ◮ For comparison, we evaluate MineSweeper against Dr. Mine ◮ Dr. Mine uses CoinBlockerLists as the basis to detect mining websites ◮ Visited the 1,735 websites that were mining during our first crawl for the large-scale analysis with both tools 41

  65. Evaluation of blacklisting approaches ◮ For comparison, we evaluate MineSweeper against Dr. Mine ◮ Dr. Mine uses CoinBlockerLists as the basis to detect mining websites ◮ Visited the 1,735 websites that were mining during our first crawl for the large-scale analysis with both tools ◮ Dr. Mine could only find 272 websites, while MineSweeper found 785 websites that were still actively mining cryptocurrency 41

  66. Evaluation of CPU cache events monitoring (1/2) ◮ We visited 7 pages for the following categories of web applications: ◮ Web miners ◮ Videoplayers ◮ Wasm-based games ◮ JavaScript (JS) games 42

  67. Evaluation of CPU cache events monitoring (2/2) Our tests confirm us the effectiveness of this detection method on CryptoNight-based algorithms Performance counter Performance counter measurements for the L1 cache for measurements for the L3 cache for different types of web applications different types of web applications (logscale) (logscale) 43

  68. Conclusion ◮ Drive-by mining is real and can be very profitable for high traffic websites ◮ Current defenses are not sufficient to stop malicious mining ◮ To severely impact their profitability, we need to aim at the core properties of the miners code: cryptographic functions and memory behaviors 44

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

QTIC - Cryptocurrency Team Content 01 The basics of cryptocurrency 02 Cryptocurrency &

QTIC - Cryptocurrency Team Content 01 The basics of cryptocurrency 02 Cryptocurrency &

QTIC - Cryptocurrency Team Content 01 The basics of cryptocurrency 02 Cryptocurrency & Tourism 03 Blockchain 04 Project deliverables The basics of cryptocurrency What is cryptocurrency? Key terms to remember: Decentralised system : not

524 views • 27 slides
CRYPTOCURRENCY C r y p t o i s m o n e y 2 . 0 , a h u g e h u g e h u g e d e a l .

CRYPTOCURRENCY C r y p t o i s m o n e y 2 . 0 , a h u g e h u g e h u g e d e a l .

CRYPTOCURRENCY C r y p t o i s m o n e y 2 . 0 , a h u g e h u g e h u g e d e a l . WHAT IS CRYPTOCURRENCY? \ A cryptocurrency (or crypto currency) is a digital asset designed to work as a medium of exchange using

454 views • 10 slides
Data Mining Based Detection Methods Data Mining in Intrusion detection Feng Pan Outline

Data Mining Based Detection Methods Data Mining in Intrusion detection Feng Pan Outline

Outline Related Data Mining Background Data Mining Based Detection Methods Data Mining in Intrusion detection Feng Pan Outline Typical Dataset in Data Mining Related Data Mining Background Dataset consists of records.

433 views • 8 slides
Automatic Defect Detection Andrzej Wasylkowski Overview Automatic Defect Detection

Automatic Defect Detection Andrzej Wasylkowski Overview Automatic Defect Detection

Automatic Defect Detection Andrzej Wasylkowski Overview Automatic Defect Detection Horizontal Techniques Specification-checking Techniques Mining-based Techniques Mining Repositories Mining Traces Mining Source Code Mining

683 views • 44 slides
A LEADER IN CRYPTOCURRENCY MINING Corporate Presentation Q4 2018 2 FORWARD LOOKING STATEMENTS

A LEADER IN CRYPTOCURRENCY MINING Corporate Presentation Q4 2018 2 FORWARD LOOKING STATEMENTS

A LEADER IN CRYPTOCURRENCY MINING Corporate Presentation Q4 2018 2 FORWARD LOOKING STATEMENTS This document and the material contained herein are confidential and are not to be disclosed to the public. This is for information purposes only

282 views • 17 slides
CSE 190 Lecture 6 Data Mining and Predictive Analytics Community Detection Community

CSE 190 Lecture 6 Data Mining and Predictive Analytics Community Detection Community

CSE 190 Lecture 6 Data Mining and Predictive Analytics Community Detection Community detection versus clustering So far we have seen methods to reduce the dimension of points based on their features Principal Component Analysis (Tuesday)

555 views • 37 slides
Does mining fuel bubbles? An experimental study on cryptocurrency markets Marco Lambrecht 1 Andis

Does mining fuel bubbles? An experimental study on cryptocurrency markets Marco Lambrecht 1 Andis

Does mining fuel bubbles? An experimental study on cryptocurrency markets Marco Lambrecht 1 Andis Sofianos 2 Yilong Xu 3 2nd Crypto Asset Lab Conference Oct 27th, 2020 1University of Heidelberg & Hanken School of Economics 2University of

735 views • 20 slides
into Drive-by Cryptocurrency Mining and Its Defense RAJSHAKHAR PAUL Outlines Introduction

into Drive-by Cryptocurrency Mining and Its Defense RAJSHAKHAR PAUL Outlines Introduction

MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense RAJSHAKHAR PAUL Outlines Introduction Motivation Background Threat Model Data Analysis Conclusion Outlines Introduction Motivation

717 views • 32 slides
Detecting the ghost in the browser: Real time detection of drive-by infections Thijs Kinkhorst

Detecting the ghost in the browser: Real time detection of drive-by infections Thijs Kinkhorst

Introduction Lab setup and dataset composition Analysis of patterns Detection method Validation Conclusion Detecting the ghost in the browser: Real time detection of drive-by infections Thijs Kinkhorst Michael van Kleij 1 July 2009 T.

318 views • 20 slides
Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption &

Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption &

Cryptocurrency Technologies Bitcoin Mining Bitcoin Mining The Task of Bitcoin Miners Mining Hardware Energy Consumption & Ecology Mining Pools Mining Incentives and Strategies Recap: Bitcoin Miners Bitcoin depends on

821 views • 35 slides
Deanonymization and linkability of transactions based on network analysis cryptocurrency

Deanonymization and linkability of transactions based on network analysis cryptocurrency

Deanonymization and linkability of cryptocurrency Deanonymization and linkability of transactions based on network analysis cryptocurrency transactions based on Biryukov, Tikhomirov network analysis Introduction Tx clustering Parallel

735 views • 39 slides
Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse)

Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse)

Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse) Detection Intrusion Detection Host-based Network-based Boriana Ditcheva and Lisa Fowler Active/Passive University of North Carolina at

401 views • 12 slides
XD XDAG: PoW + DA DAG frozen@xdag.io XDAG: A new DAG-based cryptocurrency The first mineable

XD XDAG: PoW + DA DAG frozen@xdag.io XDAG: A new DAG-based cryptocurrency The first mineable

XD XDAG: PoW + DA DAG frozen@xdag.io XDAG: A new DAG-based cryptocurrency The first mineable DAG No Pre-mine No ICO Community driven State-of-The-Art Bitcoin Ethereum EOS ??? Features: PoW High TPS Decentralized Block =

464 views • 24 slides
Should cryptocurrency replace American dollars? By Isaiah Hanson What is Cryptocurrency?

Should cryptocurrency replace American dollars? By Isaiah Hanson What is Cryptocurrency?

Should cryptocurrency replace American dollars? By Isaiah Hanson What is Cryptocurrency? Digital money held in a digital wallet Started by Satoshi Nakamoto in 2008 with Bitcoin Decentralized currency Holds value

360 views • 14 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

984 views • 72 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Location tracking Location tracking Engineering & Public Policy Lorrie Faith Cranor

Location tracking Location tracking Engineering & Public Policy Lorrie Faith Cranor

CyLab Location tracking Location tracking Engineering & Public Policy Lorrie Faith Cranor October 14, 2014 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 / 95-818: b r a a

893 views • 44 slides
GPU on OpenStack Masafumi Ohta @masafumiohta Who am I > Working for System Integrator as

GPU on OpenStack Masafumi Ohta @masafumiohta Who am I > Working for System Integrator as

GPU on OpenStack Masafumi Ohta @masafumiohta Who am I > Working for System Integrator as Pre-Sales Engineer. Working on some OpenStack PoC projects. Proposing OpenStack system to a manufacturer Investigating OpenStack issues reading some

580 views • 32 slides
CAIS Sensor: Distributed Sensors Network in Brazilian NREN LACSEC LACNIC27 Regarding RNP

CAIS Sensor: Distributed Sensors Network in Brazilian NREN LACSEC LACNIC27 Regarding RNP

CAIS Sensor: Distributed Sensors Network in Brazilian NREN LACSEC LACNIC27 Regarding RNP Brazilian National Research and Education Network (RNP). Created in 1989. Implementing the first Latin American fiber network in 2005.

470 views • 22 slides
Fuzzing Filesystems on NetBSD via AFL+KCOV Maciej Grochowski Maciej.Grochowski[at]protonmail.com

Fuzzing Filesystems on NetBSD via AFL+KCOV Maciej Grochowski Maciej.Grochowski[at]protonmail.com

Fuzzing Filesystems on NetBSD via AFL+KCOV Maciej Grochowski Maciej.Grochowski[at]protonmail.com EuroBSDcon 2019 Lillehammer, Norway Lillehammer September 19-22, 2019 Outline NetBSD-qa What the fuzzing is? Porting AFL to fuzz

429 views • 20 slides
Pattern Selection using CEGAR Alexander Rovner University of Basel July 31, 2018 Background

Pattern Selection using CEGAR Alexander Rovner University of Basel July 31, 2018 Background

Background Pattern Selection Merge Avoidance Evaluation Conclusion Pattern Selection using CEGAR Alexander Rovner University of Basel July 31, 2018 Background Pattern Selection Merge Avoidance Evaluation Conclusion Planning Tasks

811 views • 54 slides
Characteriza*on of Blacklists and Tainted Network Traffic Jing Zhang

Characteriza*on of Blacklists and Tainted Network Traffic Jing Zhang

Characteriza*on of Blacklists and Tainted Network Traffic Jing Zhang 1 , Ari Chivukula 1 , Michael Bailey 1 , Manish Karir 2 , and Mingyan Liu 1 1 University of Michigan 2 Cyber Security Division, Department of

497 views • 24 slides
Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent the access to a computer system to it's legitimate users. DDoS: DoS attack on the network using a lot of different source IP Why:

327 views • 16 slides
5. From "Jazz Age" to Depression: The Tragedy of the 1920's 5.1. "The Age of

5. From "Jazz Age" to Depression: The Tragedy of the 1920's 5.1. "The Age of

5. From "Jazz Age" to Depression: The Tragedy of the 1920's 5.1. "The Age of Wonderful Nonsense" 5.2. "Brother Can You Spare a Dime?" 5.1. "The Age of Wonderful Nonsense" 5.1.1 "The Business of

899 views • 88 slides

More recommend