- Internal Code :
- Subject Code : CSI3207
- University : Edith Cowan University
- Subject Name : Engineering
Software Reverse Engineering
Executive Summary of Website Cryptojacking Detection
Cyber threats have been increasing in number due to the increased usage of digital devices such as computers and mobile phones for various purposes. This has led to an increase in malicious attempts to breach the information stored in these devices for various benefits including ransoms. Attackers make use of different types of attack methods to cause disruption in these devices. Some of the most commonly found cyber threats includes malwares, DoS attacks, SQL injections, phishing attacks, etc. One such method of attack is through the usage of cryptojacking. Cryptojacking is used to refer to the process in which an attacker makes use of the digital devices used by other people such as mobile phones and computer systems to mine cryptocurrencies. This report discussed the working methodology of cryptojacking and its types. The two commonly found types of cryptojacking include in browser cryptojacking which is aimed at injecting websites with crypto mining codes and every time these websites are visited, these crypto mining codes are executed and malware based cryptojacking in which these crypto mining codes are embedded into the computer system of the victim and run as background codes without being noticed by the victim. Due to the rapid increase in these attacks, many techniques to determine and mitigate the chances and effects of these attacks have also been created. This report also discussed some of the commonly used detection techniques for in browser and malware based cryptojacking attacks. These detection techniques include the use of machine learning algorithms which can detect for any abnormalities in system behaviour such as tracking the amount of RAM and other parameters being utilised through different processes. Another detection technique can be through the usage of website extensions which can detect abnormalities in websites such as usage of proxies and unique domain names.
Table of Contents
Executive Summary..
Cryptojacking..
Classification of Cryptojacking..
Criminal Business Model for Cryptojacking..
Detection Techniques.
References.
Cryptojacking
Cryptojacking refers to a type of cyberattack which is used to make use of machines and digital systems to produce digital money known as cryptocurrencies. Cryptocurrencies are used to describe a form of digital money which can only exists in the digital world and does not have any physical form. These currencies are used by the digital population through their online wallets which are secured through encryption methods with the help of private keys. Cryptojacking refers to the process of making use of the digital systems used by people such as phones, computers and servers to secretly mine these cryptocurrencies without the owners or users of these devices. Attackers make use of different methods to get control over these digital devices and one of the most common way is through a malware. Attackers can attack digital systems and get control over the devices in a network through different ways to plan a malware and malicious links to websites is one of the leading ways to plant a malware. Once attackers acquire control over these devices, they can hide their software in the system which can be used to mine cryptocurrencies (Saad, Khormali and Mohaisen 2018). This technique is aimed at outsourcing hash calculations for POW based cryptocurrencies.
Classification of Cryptojacking
Cryptojacking can be carried out in two broad ways. The first is through websites which is known as browser based cryptojacking and the second is by making use of phishing attacks in which users are forced into thinking that the content being accessed by them is original but might hold codes of crypto mining algorithms. Out of these two methods, browser based cryptojacking has been a leading method of conducting a cryptojacking attacks. In such cases, the mining of cryptocurrencies is carried out in the web browser of a victim when a particular website is visited. Certain cryptocurrencies have the ability to be generated online through web browsers. One of the most commonly known web browser mined cryptocurrency is the bitcoin. Web based cryptocurrency mining can be carried out in the form of online advertisements and in certain cases browser based mining codes can also lead to the elimination of CAPTCHAs which are used to rate limitations by requesting for proof of work. These kinds of attacks depend on the infrastructure of the digital system for mining the cryptocurrency. Attackers can make use of programming languages to generate crypto mining scripts and embed these into different websites. This method of attack is beneficial over other methods as in this case if the attacker is able to successfully embed these scripts into famous websites, these scripts can then be executed for many hours in a day following the huge traffic held by popular websites (Musch, Johns, Wressengger and Rieck 2019). Browser based cryptocurrency mining is based on the utilisation of computational power offered by websites to increase speed and efficiency of cryptocurrency mining. Attackers try and implant their codes in websites such that every time a person visits a particular website, the miner can make use of the CPU resources to produce cryptocurrencies. This method leads to reduced energy costs and the investments related to hardware used for cryptocurrency mining. The second type of cryptojacking is carried out by injecting the pieces of code which can help mine cryptocurrencies into the system of a victim such that every time the victim makes use of the computer, these pieces of code are executed simultaneous to other codes and mines cryptocurrencies for as long as the system is up and running.
Criminal Business Model for Cryptojacking
Criminal business models can be described to be the strategies used by attackers to lead to mining of cryptocurrencies through cryptojacking attacks. These strategies can be different for the different types of methodologies used to setup such an attack. In browser cryptojacking attacks can be caused through various strategies. Attackers can make use of different strategies to implant their codes into the scripts of websites. One way to implant cryptojacking codes in websites is through third party services. Many websites make use of active third-party java scripts for various purposes such as ads, analytics, payment gateways, etc. Another way is through browser extensions. Many web browsers make use of extensions to enhance user experiences and perform various other functions such as customisation etc. Cryptojacking scripts can also be embedded in the codes of these extensions. A cryptojacking code can also be webmaster initiated where website administrators can implant cryptojacking codes into the website (Eskandari, Leoutsarakos, Mursch and Clark 2018). Similarly, phishing attacks can also lead to device based cryptojacking in which user on the internet can be presented with infected content which when downloaded can embed cryptojacking codes into the system memory. So, every time user runs the computer, it executes these cryptojacking scripts too without being aware of its presence in the background.
Detection Techniques
These attacks have been growing in number and are being carried out by more sophisticated methods than ever before. Hence, it becomes important to determine the techniques which can be used to detect such attacks and mitigate their chances and effects. One such method to detect cryptojacking is through machine learning. Cryptojacking makes use of pieces of code to mine cryptocurrencies which run in the background of computer systems and can be tough to identify. Machine learning algorithms can be used to determine the variations in performance of computer systems to detect for any deviation from desired behaviour. These ML algorithms can be used to monitor the cache activity of computer systems as cryptojacking codes make use of device memory for executing the functions required to construct computational puzzles for cryptocurrency mining (Nukala 2020). Behaviour based detection techniques can also be used to determine cryptojacking malwares. This method takes into consideration the three vital parameters related to a computer system including CPU utilisation, average quadratic deviation and amount of RAM consumed. A method proposed by Tanana (2020), based on these parameters notifies users about cryptojacking algorithms running on their system if their system parameters deviate from their normal values. The threshold values selected in this process were CPU utilization 30%, average quadratic deviation 3 and values of RAM consumption between 75 MB and 400 MB. Web extensions can also be used as monitoring tools for the detection of in browser cryptojacking. Some of the existing cryptojacking detection web extensions are based on the logging of previously encountered infected websites which notifies users if a website has been infected by cryptojacking or not. But these methods turn be ineffective against in browser cryptojacking attacks as the attacker can always generate newer URLs and continue the attack. To overcome this problem, cryptojacking detection websites can be created so as to notify users every time the extension detects an infected website. These extensions can detect infected websites through various attributes such as mining scripts making use of proxies or having a unique domain name (Razali and Shariff 2019). Content agnostic network traffic flows can also be used to detect patterns of cryptojacking. A Fourier transform can be established at regular time frames to monitor the traffic and lead to the generation of variation vectors between the adjacent time windows and leverage a recurrent neural network so as to detect cryptojacking patterns (Feng, Sisodia and Li 2020).
References for Website Cryptojacking Detection
Saad, M., Khormali, A. and Mohaisen, A. 2018. End-to-end analysis of in-browser cryptojacking. DOI: arXiv:1809.02152
Eskandari, S., Leoutsarakos, A., Mursch, T. and Clark, J. 2018. A first look at browser-based cryptojacking. 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). pp. 58-66.
Nukala, V.S.K.A. 2020. Website Cryptojacking Detection Using Machine Learning: IEEE CNS 20 Poster. 2020 IEEE Conference on Communications and Network Security (CNS). pp. 1-2. IEEE.
Razali, M.A. and Shariff, S.M. 2019. CMBlock: In-Browser Detection and Prevention Cryptojacking Tool Using Blacklist and Behavior-Based Detection Method. International Visual Informatics Conference. pp. 404-414.
Feng, Y., Sisodia, D. and Li, J. 2020. POSTER: Content-Agnostic Identification of Cryptojacking in Network Traffic. Proceedings of the 15th ACM Asia Conference on Computer and Communications Security. pp. 907-909.
Musch, M., Wressnegger, C., Johns, M. and Rieck, K. 2019. Thieves in the Browser: Web-based Cryptojacking in the Wild. Proceedings of the 14th International Conference on Availability, Reliability and Security. pp. 1-10.
Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Engineering Assignment Help