MineCap: Cryptocurrency Mining Detection on Corporate Networks with Machine Learning and Abuse Prevention with Software Defined Networks
Abstract
Covert mining of cryptocurrency implies the use of valuable computing resources and high energy consumption. In this work, we propose MineCap, a dynamic online mechanism for detecting and blocking covert cryptocurrency mining flows, using machine learning on software-defined networks. MineCap uses a novel technique called super incremental learning, a variant of the super learner with incremental learning. Hence, we design an accurate mechanism to classify mining flows that learn with incoming data with an average of 98% accuracy, 99% precision, 97% sensitivity and 99.9% specificity and avoid concept drift-related issues. The results of this work were submitted and accepted at one international congress, one national congress, one short course, one journal, and an under review paper in a journal.
Keywords:
Cryptocurrency mining, machine learning, incremental learning
References
Andreoni Lopez, M., Sanz, I., Menezes, D., Duarte, O. e Pujolle, G. (2017). Catraca: uma ferramenta para classificação e análise tráfego escalável baseada em processamento por fluxo. Salão de Ferramentas do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais-SBSeg.
Konoth, R. K., Vineti, E., Moonsamy, V., Lindorfer, M., Kruegel, C., Bos, H. e Vigna,G. (2018). Minesweeper: An in-depth look into drive-by cryptocurrency mining and its defense. EmProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, páginas1714-1730. ACM.
Liu,J., Zhao, Z., Cui, X., Wang, Z. e Liu, Q. (2018). A novel approach for detecting browser-based silent miner. Em 2018 IEEE Third International Conference on Data Science in Cyberspace(DSC), páginas 490-497.
Luengo, J., Fernández, A., García, S. e Herrera, F. (2011). Addressing data complexity for imbalanced data sets: analysis of smote-based oversampling and evolutionary undersampling. Soft Computing, 15(10):1909-1936.
Medeiros, D. S. V., Cunha Neto, H. N., Andreoni Lopez, M., Magalhães, L. C. S.,Silva, E. F. Vieira, A. B., Fernandes, N. C. e Mattos, D. M. F. (2019). Análise de dados em redes sem fio de grande porte: Processamento em fluxo em tempo real, tendências e desafios. Minicursos doSimpósio Brasileiro de Redes de Computadores-SBRC, 2019:142-195.
Meng, X., Bradley, J., Yavuz, B., Sparks, E., Venkataraman, S., Liu, D., Freeman, J., Tsai, D., Amde, M., Owen, S. etal. (2016). Mllib: Machine learning in apache spark. The Journal of Machine Learning Research, 17(1):1235-1241.
Neto, H. N. C., Fernandes, N. C. e Mattos, D. M. F. (2019a). Minecap: Online detection and blocking of cryptocurrency mining on software-defined networking. Em 1st Blockchain, Robotics and AI for Networking Security Conference. DNAC.
Neto, H. N.C., Lopez, M. A., Fernandes, N. C. e Mattos, D. M. F. Minecap: super incremental learning for detecting and blocking cryptocurrency mining on software-defined networking. Annals of Telecommunications, páginas I-11.
Neto, H.N.C., Lopez, M. A., Fernandes, N. C. e Mattos, D. M. F. (2019b). Um mecanismo de aprendizado incremental para detecção e bloqueio de mineração de criptomoedas em redes definidas por software. XIX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais-SBSeg.
Rodriguez, J. D. P. e Posegga, J. (2018). Rapid: Resource and api-based detection against in-browser miners. Em Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC "18, páginas 313-326, New York, NY, USA. ACM.
Tahir, R., Huzaifa, M., Das, A., Ahmad, M., Gunter, C., Zaffar, F., Caesar, M. e Borisov, N. (2017). Mining on someone else's dime: Mitigating covert mining operations in clouds and enterprises. Em International Symposium on Research in Attacks, Intrusions, and Defenses, páginas 287-310. Springer.
The OpenFlow Consortium (2012). OpenFlow Switch Specification Version 1.3.0 (Wire Protocol 0x04). The OpenFlow Consortium.
Van der Laan, M.J., Polley, E. C. e Hubbard, A. E. (2007). Super learner. Statistical applications in genetics and molecular biology, 6(1).
Wang, W., Ferrell, B., Xu, X., Hamlen, K. W. e Hao, S. (2018). Seismic: Secure in-lined script monitors for interrupting cryptojacks. Em European Symposium on Research in Computer Security, páginas 122-142. Springer.
Konoth, R. K., Vineti, E., Moonsamy, V., Lindorfer, M., Kruegel, C., Bos, H. e Vigna,G. (2018). Minesweeper: An in-depth look into drive-by cryptocurrency mining and its defense. EmProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, páginas1714-1730. ACM.
Liu,J., Zhao, Z., Cui, X., Wang, Z. e Liu, Q. (2018). A novel approach for detecting browser-based silent miner. Em 2018 IEEE Third International Conference on Data Science in Cyberspace(DSC), páginas 490-497.
Luengo, J., Fernández, A., García, S. e Herrera, F. (2011). Addressing data complexity for imbalanced data sets: analysis of smote-based oversampling and evolutionary undersampling. Soft Computing, 15(10):1909-1936.
Medeiros, D. S. V., Cunha Neto, H. N., Andreoni Lopez, M., Magalhães, L. C. S.,Silva, E. F. Vieira, A. B., Fernandes, N. C. e Mattos, D. M. F. (2019). Análise de dados em redes sem fio de grande porte: Processamento em fluxo em tempo real, tendências e desafios. Minicursos doSimpósio Brasileiro de Redes de Computadores-SBRC, 2019:142-195.
Meng, X., Bradley, J., Yavuz, B., Sparks, E., Venkataraman, S., Liu, D., Freeman, J., Tsai, D., Amde, M., Owen, S. etal. (2016). Mllib: Machine learning in apache spark. The Journal of Machine Learning Research, 17(1):1235-1241.
Neto, H. N. C., Fernandes, N. C. e Mattos, D. M. F. (2019a). Minecap: Online detection and blocking of cryptocurrency mining on software-defined networking. Em 1st Blockchain, Robotics and AI for Networking Security Conference. DNAC.
Neto, H. N.C., Lopez, M. A., Fernandes, N. C. e Mattos, D. M. F. Minecap: super incremental learning for detecting and blocking cryptocurrency mining on software-defined networking. Annals of Telecommunications, páginas I-11.
Neto, H.N.C., Lopez, M. A., Fernandes, N. C. e Mattos, D. M. F. (2019b). Um mecanismo de aprendizado incremental para detecção e bloqueio de mineração de criptomoedas em redes definidas por software. XIX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais-SBSeg.
Rodriguez, J. D. P. e Posegga, J. (2018). Rapid: Resource and api-based detection against in-browser miners. Em Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC "18, páginas 313-326, New York, NY, USA. ACM.
Tahir, R., Huzaifa, M., Das, A., Ahmad, M., Gunter, C., Zaffar, F., Caesar, M. e Borisov, N. (2017). Mining on someone else's dime: Mitigating covert mining operations in clouds and enterprises. Em International Symposium on Research in Attacks, Intrusions, and Defenses, páginas 287-310. Springer.
The OpenFlow Consortium (2012). OpenFlow Switch Specification Version 1.3.0 (Wire Protocol 0x04). The OpenFlow Consortium.
Van der Laan, M.J., Polley, E. C. e Hubbard, A. E. (2007). Super learner. Statistical applications in genetics and molecular biology, 6(1).
Wang, W., Ferrell, B., Xu, X., Hamlen, K. W. e Hao, S. (2018). Seismic: Secure in-lined script monitors for interrupting cryptojacks. Em European Symposium on Research in Computer Security, páginas 122-142. Springer.
Published
2020-12-07
How to Cite
NASCIMENTO CUNHA NETO, Hélio; FERNANDES, Natalia Castro ; MATTOS, Diogo Menezes Ferrazani.
MineCap: Cryptocurrency Mining Detection on Corporate Networks with Machine Learning and Abuse Prevention with Software Defined Networks. In: DISSERTATION DIGEST - BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 38. , 2020, Rio de Janeiro.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 105-112.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc_estendido.2020.12408.
