minesweeper an in depth look into drive by mining and its
play

MineSweeper: An In-depth Look into Drive-by Mining and its Defense - PowerPoint PPT Presentation

Feb 20, 2023 •253 likes •874 views

MineSweeper: An In-depth Look into Drive-by Mining and its Defense Veelasha Moonsamy Utrecht University, The Netherlands 28 August 2018 University of Adelaide, Australia Utrecht University, The Netherlands 2 Acknowledgment Joint

  1. MineSweeper: An In-depth Look into Drive-by Mining and its Defense Veelasha Moonsamy Utrecht University, The Netherlands 28 August 2018 University of Adelaide, Australia

  2. Utrecht University, The Netherlands 2

  3. Acknowledgment ◮ Joint collaboration: ◮ Paper available at: www.veelasha.org 3

  4. Cryptocurrency: the rise of decentralized money ◮ A cryptocurrency: - is a digital asset designed to work as a medium of exchange 4

  5. Cryptocurrency: the rise of decentralized money ◮ A cryptocurrency: - is a digital asset designed to work as a medium of exchange - uses cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets 4

  6. Cryptocurrency: the rise of decentralized money ◮ A cryptocurrency: - is a digital asset designed to work as a medium of exchange - uses cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets ◮ In 2009, the first cryptocurrency, ‘Bitcoin’, was introduced 4

  7. Cryptocurrency: the rise of decentralized money ◮ A cryptocurrency: - is a digital asset designed to work as a medium of exchange - uses cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets ◮ In 2009, the first cryptocurrency, ‘Bitcoin’, was introduced ◮ Fast forward to 2018, about 1600 cryptocurrencies are in existence, out of which more than 600 still see an active trade 4

  8. Cryptocurrency: the rise of decentralized money ◮ A cryptocurrency: - is a digital asset designed to work as a medium of exchange - uses cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets ◮ In 2009, the first cryptocurrency, ‘Bitcoin’, was introduced ◮ Fast forward to 2018, about 1600 cryptocurrencies are in existence, out of which more than 600 still see an active trade ◮ An overall surge in market value across cryptocurrencies has renewed interest in cryptominers 4

  9. Cryptocurrency: the rise of decentralized money ◮ A cryptocurrency: - is a digital asset designed to work as a medium of exchange - uses cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets ◮ In 2009, the first cryptocurrency, ‘Bitcoin’, was introduced ◮ Fast forward to 2018, about 1600 cryptocurrencies are in existence, out of which more than 600 still see an active trade ◮ An overall surge in market value across cryptocurrencies has renewed interest in cryptominers ◮ ... which in turn led to the proliferation of cryptomining services, such as Coinhive - introduced in September 2017 4

  10. From September 2017 onwards ... It started with: 5

  11. From September 2017 onwards ... And things went downhill very quickly: 6

  12. Drive-by mining aka Cryptojacking ◮ Is a web-based attack ◮ An infected website secretly executes a mining script (Javascript code and/or WebAssembly module) in user’s browser to mine cryptocurrencies ◮ Is considered malicious only when user does not explicitly give their consent 7

  13. Drive-by mining aka Cryptojacking ◮ Is a web-based attack ◮ An infected website secretly executes a mining script (Javascript code and/or WebAssembly module) in user’s browser to mine cryptocurrencies ◮ Is considered malicious only when user does not explicitly give their consent ◮ In this work: we study the prevalence of drive-by mining attacks on Alexa’s Top 1 million websites 7

  14. Threat Model HTTP Request User Webserver 1 HTTP Response (Orchestrator Code) Fetch Mining Payload 2 Webserver/ External Server 3 4 Relay Mining Pool 5 Communication Communication Mining WebSocket Pool Proxy 8

  15. Current detection methods Two main approaches have been used: 1. Blacklist-based approach 9

  16. Current detection methods Two main approaches have been used: 1. Blacklist-based approach ◮ Not scalable 9

  17. Current detection methods Two main approaches have been used: 1. Blacklist-based approach ◮ Not scalable ◮ Prone to high false negatives 9

  18. Current detection methods Two main approaches have been used: 1. Blacklist-based approach ◮ Not scalable ◮ Prone to high false negatives ◮ Easily defeated by URL randomization and domain generation algorithms 9

  19. Current detection methods Two main approaches have been used: 1. Blacklist-based approach ◮ Not scalable ◮ Prone to high false negatives ◮ Easily defeated by URL randomization and domain generation algorithms 2. High CPU-based approach 9

  20. Current detection methods Two main approaches have been used: 1. Blacklist-based approach ◮ Not scalable ◮ Prone to high false negatives ◮ Easily defeated by URL randomization and domain generation algorithms 2. High CPU-based approach ◮ False positives, as there might exist other CPU-intensive use cases 9

  21. Current detection methods Two main approaches have been used: 1. Blacklist-based approach ◮ Not scalable ◮ Prone to high false negatives ◮ Easily defeated by URL randomization and domain generation algorithms 2. High CPU-based approach ◮ False positives, as there might exist other CPU-intensive use cases ◮ False negatives, as cryptominers have started to throttle their CPU usage to evade detection 9

  22. Contributions ◮ Perform first in-depth assessment of drive-by mining 10

  23. Contributions ◮ Perform first in-depth assessment of drive-by mining ◮ Discuss why current defenses based on blacklisting and CPU usage are ineffective 10

  24. Contributions ◮ Perform first in-depth assessment of drive-by mining ◮ Discuss why current defenses based on blacklisting and CPU usage are ineffective ◮ Propose MineSweeper , a novel detection approach based on the identification of the cryptographic functions (static analysis) and cache events (during run-time) 10

  25. Drive-by mining in the wild ◮ Conducted a large-scale analysis with the aim to answer the following questions: 1. How prevalent is drive-by mining in the wild? 2. How many different drive-by mining services exist currently? 3. Which evasion tactics do drive-by mining services employ? 4. What is the modus operandi of different types of campaign? 5. How much profit do these campaigns make? 6. What are the common characteristics across different drive-by mining services that can be used for their detection? 11

  26. Large-scale Analysis: experiment set-up 12

  27. Data collection ◮ Over a period of one week in mid-March 2018 13

  28. Data collection ◮ Over a period of one week in mid-March 2018 ◮ Crawler ◮ Crawled landing page and 3 internal pages ◮ Stayed on each visited page for 4 seconds ◮ No simulated interacted, i.e. the crawler did not give any consent for cryptomining 13

  29. Data collection ◮ Over a period of one week in mid-March 2018 ◮ Crawler ◮ Crawled landing page and 3 internal pages ◮ Stayed on each visited page for 4 seconds ◮ No simulated interacted, i.e. the crawler did not give any consent for cryptomining ◮ Crawled 991,513 websites; 4.6 TB raw data and 550 MB data profiles 13

  30. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload 14

  31. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code 14

  32. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code ◮ Websites embed the orchestrator script in the main page 14

  33. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code ◮ Websites embed the orchestrator script in the main page ◮ Can be detected by looking for specific string patterns 14

  34. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code ◮ Websites embed the orchestrator script in the main page ◮ Can be detected by looking for specific string patterns 14

  35. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code ◮ Websites embed the orchestrator script in the main page ◮ Can be detected by looking for specific string patterns ◮ Keywords: CoinHive.Anonymous or coinhive.min.js 14

  36. Preliminary results: Cryptomining code (2/2) ◮ Identification of mining payload ◮ Dump the Wasm (WebAssembly) payload ◮ –dump-wasm- module flag in Chrome dumps the loaded Wasm modules ◮ Keyword-based search: cryptonight_hash and CryptonightWasmWrapper 15

  37. Effectiveness of fingerprint-based detection 16

  38. Effectiveness of fingerprint-based detection ◮ Detected 866 websites; 59.35% used Coinhive cryptomining services 16

  39. Effectiveness of fingerprint-based detection ◮ Detected 866 websites; 59.35% used Coinhive cryptomining services ◮ Issues: code obfuscation and manual effort of updating signatures 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

into Drive-by Cryptocurrency Mining and Its Defense RAJSHAKHAR PAUL Outlines Introduction

into Drive-by Cryptocurrency Mining and Its Defense RAJSHAKHAR PAUL Outlines Introduction

MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense RAJSHAKHAR PAUL Outlines Introduction Motivation Background Threat Model Data Analysis Conclusion Outlines Introduction Motivation

717 views • 32 slides
How to solve Minesweeper In 3 minutes Steven Waterman LOOK HERE IF YOUVE PLAYED MINESWEEPER

How to solve Minesweeper In 3 minutes Steven Waterman LOOK HERE IF YOUVE PLAYED MINESWEEPER

How to solve Minesweeper In 3 minutes Steven Waterman LOOK HERE IF YOUVE PLAYED MINESWEEPER BEFORE LOOK HERE IF Basics YOU DONT KNOW WHAT MINESWEEPER IS Minesweeper Board! Rectangular! Cells! Cells can be clear or mines 1 2 1

841 views • 58 slides
TITLE: FAMILY BUSINESS IN OUR ECONOMY In Depth: Entrepreneurial Drive and Motivation of

TITLE: FAMILY BUSINESS IN OUR ECONOMY In Depth: Entrepreneurial Drive and Motivation of

TITLE: FAMILY BUSINESS IN OUR ECONOMY In Depth: Entrepreneurial Drive and Motivation of Consolidation (IP) Authors/Presenters: Mona Haug, Executive Coach Liv Hk , Liv Hk Psykoterapi , James Grady (not presenter), Consultant, PivotPoint

355 views • 17 slides
Mining Algorithms for New Applications: the case of Depth-First Search Sanjoy Dasgupta Russell

Mining Algorithms for New Applications: the case of Depth-First Search Sanjoy Dasgupta Russell

Mining Algorithms for New Applications: the case of Depth-First Search Sanjoy Dasgupta Russell Impagliazzo Ragesh Jaiswal Credit: Some of todays slides are due to Miles Jones CSE 101, Spring 2020, Week 2 Algorithm Mining Algorithms

866 views • 73 slides
Creating a solid mining company in the Americas CORPORATE PRESENTATION JANUARY 2018 FORWARD

Creating a solid mining company in the Americas CORPORATE PRESENTATION JANUARY 2018 FORWARD

REPORT INSIDE In-depth industry coverage including exclusive interviews, independent analysis, expert opinion articles and economic data. Distributed to key mining players and fjnanciers in Peru and internationally. Creating a solid mining

401 views • 23 slides
Threads More algorithm efficiency analysis, Big-Oh Work on Minesweeper See the nine

Threads More algorithm efficiency analysis, Big-Oh Work on Minesweeper See the nine

Threads More algorithm efficiency analysis, Big-Oh Work on Minesweeper See the nine announcements in the email message that I sent you yesterday afternoon. By now, everyone should know how to submit how to submit files in AFS and to SVN

590 views • 33 slides
Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

What is Web Mining? Wh t i W b Mi i What is Web Mining? Wh t i W b Mi i ? ? Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques to automat cally d scover and extract nformat on automatically

774 views • 20 slides
Project Minesweeper Andreas, Evy, Martin, Rebekka & Siripong Basic idea Possibility to

Project Minesweeper Andreas, Evy, Martin, Rebekka & Siripong Basic idea Possibility to

Project Minesweeper Andreas, Evy, Martin, Rebekka & Siripong Basic idea Possibility to reserve a group room From this Anarchy To this Democracy Transcending the traditional role of the library User-centered design Observations

485 views • 17 slides
Web Mining Web Mining Web mining is the use of data mining techniques to automatically

Web Mining Web Mining Web mining is the use of data mining techniques to automatically

What is Web Mining? What is Web Mining? Web Mining Web Mining Web mining is the use of data mining techniques to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) Web mining aims to

566 views • 22 slides
Data Structure Definition Array implementation Begin Data Structures Grand Tour Minesweeper

Data Structure Definition Array implementation Begin Data Structures Grand Tour Minesweeper

Data Structure Definition Array implementation Begin Data Structures Grand Tour Minesweeper team/team members peer Minesweeper team/team members peer review review survey (on ANGEL) survey (on ANGEL) due by 5 PM Today. Home || Course

327 views • 17 slides
Generic types Measuring Efficiency Minesweeper start-up Grader comments for JUnit and

Generic types Measuring Efficiency Minesweeper start-up Grader comments for JUnit and

Generic types Measuring Efficiency Minesweeper start-up Grader comments for JUnit and BigRational assignments should be in your repository. There seems to be a problem there with JUnit. Should be resolved this afternoon Details about

230 views • 10 slides
Using multimodal mining to drive clinical guidelines development Emilie Pasche 1 , Julien Gobeill

Using multimodal mining to drive clinical guidelines development Emilie Pasche 1 , Julien Gobeill

Using multimodal mining to drive clinical guidelines development Emilie Pasche 1 , Julien Gobeill 2 , Douglas Teodoro 1 , Dina Vishnyakova 1 , Arnaud Gaudinat 2 , Patrick Ruch 2 and Christian Lovis 1 1 SIMED, University of Geneva and University

736 views • 16 slides
SmartMiner: A Depth First Algorithm Guided by Tail Information for Mining Maximal Frequent

SmartMiner: A Depth First Algorithm Guided by Tail Information for Mining Maximal Frequent

SmartMiner: A Depth First Algorithm Guided by Tail Information for Mining Maximal Frequent Itemsets Qinghua Zou Wesley W. Chu Baojing Lu Computer Science Department Computer Science Department Computer Science Department University of

305 views • 8 slides
Tsinghua University Monocular Depth-Pose Prediction [R, t] Depth and Pose RGB PoseNet

Tsinghua University Monocular Depth-Pose Prediction [R, t] Depth and Pose RGB PoseNet

Wang Zhao, Shaohui Liu, Yezhi Shu, Yong-Jin Liu Tsinghua University Monocular Depth-Pose Prediction [R, t] Depth and Pose RGB PoseNet Fails to Generalize! All Drift ! Depth estimation in Indoor environments with Visual Odometry with

610 views • 15 slides
Depth-First Non-Derivable Itemset Mining Toon Calders Bart Goethals University of Antwerp,

Depth-First Non-Derivable Itemset Mining Toon Calders Bart Goethals University of Antwerp,

Depth-First Non-Derivable Itemset Mining Toon Calders Bart Goethals University of Antwerp, Belgium HIIT-BRU, University of Helsinki, Finland toon.calders@ua.ac.be bart.goethals@cs.helsinki.fi Abstract support of an itemset X in D is the

254 views • 12 slides
Web Mining Web Mining to automatically discover and extract information from Web

Web Mining Web Mining to automatically discover and extract information from Web

What is Web Mining? What is Web Mining? Web mining is the use of data mining techniques Web Mining Web Mining to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) (another definition:

287 views • 15 slides
threads 1 1 which scheduler should I choose? I care about CPU throughput: fjrst-come

threads 1 1 which scheduler should I choose? I care about CPU throughput: fjrst-come

threads 1 1 which scheduler should I choose? I care about CPU throughput: fjrst-come fjrst-serve average response time: SRTF approximation I/O throughput: SRTF approximation fairness medium-term CPU usage: something like Linux CFS

1.28k views • 102 slides
Introduction to Artificial Intelligence CS171, Winter Quarter, 2020 Introduction to Artificial

Introduction to Artificial Intelligence CS171, Winter Quarter, 2020 Introduction to Artificial

Introduction to Artificial Intelligence CS171, Winter Quarter, 2020 Introduction to Artificial Intelligence Prof. Richard Lathrop Read Beforehand: All assigned reading so far Midterm Review Agents: R&N Chap 2.1-2.3 State Space

1.67k views • 122 slides
Liquid Argon Near Detector Simulation Liquid Argon Near Detector Simulation Jonathan Asaadi 1

Liquid Argon Near Detector Simulation Liquid Argon Near Detector Simulation Jonathan Asaadi 1

Liquid Argon Near Detector Simulation Liquid Argon Near Detector Simulation Jonathan Asaadi 1 University of Texas at Arlington The Strategy The Strategy Near term strategy (Near Detector Task Force) Use the current tools and best

319 views • 17 slides
Fixed income Schedule of change in capitalization ($ millions) Change in debt (long-term plus

Fixed income Schedule of change in capitalization ($ millions) Change in debt (long-term plus

Fixed income Schedule of change in capitalization ($ millions) Change in debt (long-term plus securities due in one year) Balance as of December 31, 2018 $38,841 Issuances: DEI 2019 Series A 4.60% Senior Notes due 2049 400 DEI 2019 Series B

174 views • 4 slides
Market Management for P2P A Token-based Accounting System Nicolas Liebau, Prof. Dr.-Ing. Ralf

Market Management for P2P A Token-based Accounting System Nicolas Liebau, Prof. Dr.-Ing. Ralf

www.kom.e-technik.tu-darmstadt.de www.httc.de Market Management for P2P A Token-based Accounting System Nicolas Liebau, Prof. Dr.-Ing. Ralf Steinmetz TU Darmstadt - Darmstadt University of Technology, Dept. of Electrical Engineering and

239 views • 10 slides
1 & 2 Samuel Series Lesson #102 August 1, 2017 Dean Bible Ministries

1 & 2 Samuel Series Lesson #102 August 1, 2017 Dean Bible Ministries

1 & 2 Samuel Series Lesson #102 August 1, 2017 Dean Bible Ministries www.deanbibleministries.org Dr. Robert L. Dean, Jr. T HE N ECROMANCER OF E N -D OR ; S AUL S F INAL P UNISHMENT A NNOUNCED 1 S AMUEL 28:625 1 Sam. 28:3, Now Samuel

526 views • 33 slides
mediums and messages Allison Parrish "what is happening that I can't perceive?"

mediums and messages Allison Parrish "what is happening that I can't perceive?"

mediums and messages Allison Parrish "what is happening that I can't perceive?" distant event perception and report of event telesthesia I nteractive T elesthesia P rogram extrasensory perception the medium something distant

594 views • 22 slides
Optimal Algorithm for Online Multiple Knapsack Marcin Bie nkowski Krzysztof Piecuch Maciej

Optimal Algorithm for Online Multiple Knapsack Marcin Bie nkowski Krzysztof Piecuch Maciej

Optimal Algorithm for Online Multiple Knapsack Marcin Bie nkowski Krzysztof Piecuch Maciej Pacut (speaker) Knapsack Knapsack Knapsack Knapsack Knapsack Knapsack Multiple Knapsack Textbook Knapsack (offline) Given one knapsack of

1.39k views • 122 slides

More recommend