Um Mecanismo de Aprendizado Incremental para Detecção e Bloqueio de Mineração de Criptomoedas em Redes Definidas por Software
Abstract
Covert mining of cryptocurrency implies the use of valuable computing resources and high energy consumption. In this paper, we propose MineCap, a dynamic online mechanism for detecting and blocking covert cryptocurrency mining flows, using machine learning on software-defined networking. MineCap uses a novel technique called super incremental learning, a variant of the super learner with incremental learning. Hence, we design an accurate mechanism to classify mining flows that learn with incoming data with an average of 98% accuracy, 99% accuracy, 97% sensitivity and 99.9% specificity and avoid concept drift-related issues.References
Andreoni Lopez, M., Lobato, A. G. P. e Duarte, O. C. M. B. (2016). A performance comparison of open-source stream processing platforms. Em 2016 IEEE Global Communications Conference (GLOBECOM), p. 1–6.
Andreoni Lopez, M., Mattos, D. M. F., Duarte, O. C. M. B. e Pujolle, G. (2019). Toward a monitoring and threat detection system based on stream processing as a virtual network function for big data. Concurrency and Computation: Practice and Experience, 0(0):1–17.
Bannour, F., Souihi, S. e Mellouk, A. (2018). Distributed SDN control: Survey, taxonomy, and challenges. IEEE Communications Surveys Tutorials, 20(1):333–354.
Carbone, P., Ewen, S., Haridi, S., Katsifodimos, A., Markl, V. e Tzoumas, K. (2015). Apache Flink: Unied Stream and Batch Processing in a Single Engine. Data Engine- ering, p. 28–38.
de Oliveira, M. T., Carrara, G. R., Fernandes, N. C., Albuquerque, C. V. N., Carrano,
R. C., de Medeiros, D. S. V. e Mattos, D. M. F. (2019). Towards a performance evaluation of private blockchain frameworks using a realistic workload. Em 2019 22nd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), Paris.
Fei-Fei, L., Fergus, R. e Perona, P. (2007). Learning generative visual models from few training examples: An incremental bayesian approach tested on 101 object categories. Computer Vision and Image Understanding, 106(1):59 – 70. Special issue on Generative Model Based Vision.
Gama, J., Zliobaite, I., Bifet, A., Pechenizkiy, M. e Bouchachia, A. (2014). A survey on concept drift adaptation. ACM computing surveys (CSUR), 46(4):44.
Ingols, K. (2009). Modeling modern network attacks and countermeasures using attack graphs. Computer Security Applications Conference.
Konoth, R. K., Vineti, E., Moonsamy, V., Lindorfer, M., Kruegel, C., Bos, H. e Vigna, G. (2018). Minesweeper: An in-depth look into drive-by cryptocurrency mining and its defense. Em Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, p. 1714–1730. ACM.
Luengo, J., Fernández, A., García, S. e Herrera, F. (2011). Addressing data complexity for imbalanced data sets: analysis of smote-based oversampling and evolutionary undersampling. Soft Computing, 15(10):1909–1936.
Mattos, D. M. F., Duarte, O. C. M. B. e Pujolle, G. (2016). Reverse update: A consistent policy update scheme for software-dened networking. IEEE Communications Letters, 20(5):886–889.
McAfee, A., Brynjolfsson, E., Davenport, T. H., Patil, D. e Barton, D. (2012). Big data: the management revolution. Harvard business review, 90(10):60–68.
Medeiros, D. S. V., Cunha Neto, H. N., Andreoni Lopez, M., Magalhães, L. C. S., Silva,
E. F., Vieira, A. B., Fernandes, N. C. e Mattos, D. M. F. (2019). Análise de dados em redes sem o de grande porte: Processamento em uxo em tempo real, tendências e desaos. Minicursos do Simpósio Brasileiro de Redes de Computadores-SBRC, 2019:142–195.
Meng, X., Bradley, J., Yavuz, B., Sparks, E., Venkataraman, S., Liu, D., Freeman, J., Tsai, D., Amde, M., Owen, S. et al. (2016). Mllib: Machine learning in apache spark. The Journal of Machine Learning Research, 17(1):1235–1241.
Open Networking Foundation (2012). OpenFlow Switch Specication Version 1.3.0 (Wire Protocol 0x04). The OpenFlow Consortium.
Pietraszek, T. e Tanner, A. (2005). Data mining and machine learning—towards reducing false positives in intrusion detection. Information security technical report, 10(3):169– 183.
Polikar, R., Upda, L., Upda, S. S. e Honavar, V. (2001). Learn++: an incremental learning algorithm for supervised neural networks. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 31(4):497–508.
Porras, P. A. e Valdes, A. (2001). Network surveillance. US Patent 6,321,338.
Tahir, R., Huzaifa, M., Das, A., Ahmad, M., Gunter, C., Zaffar, F., Caesar, M. e Borisov, N. (2017). Mining on someone else's dime: Mitigating covert mining operations in clouds and enterprises. Em International Symposium on Research in Attacks, Intrusi- ons, and Defenses, p. 287–310. Springer.
Van der Laan, M. J., Polley, E. C. e Hubbard, A. E. (2007). Super learner. Statistical applications in genetics and molecular biology, 6(1).
Wang, S., Minku, L. L., Ghezzi, D., Caltabiano, D., Tino, P. e Yao, X. (2013). Concept drift detection for online class imbalance learning. Em The 2013 Int. Joint Conference on Neural Networks (IJCNN), p. 1–10.
Andreoni Lopez, M., Mattos, D. M. F., Duarte, O. C. M. B. e Pujolle, G. (2019). Toward a monitoring and threat detection system based on stream processing as a virtual network function for big data. Concurrency and Computation: Practice and Experience, 0(0):1–17.
Bannour, F., Souihi, S. e Mellouk, A. (2018). Distributed SDN control: Survey, taxonomy, and challenges. IEEE Communications Surveys Tutorials, 20(1):333–354.
Carbone, P., Ewen, S., Haridi, S., Katsifodimos, A., Markl, V. e Tzoumas, K. (2015). Apache Flink: Unied Stream and Batch Processing in a Single Engine. Data Engine- ering, p. 28–38.
de Oliveira, M. T., Carrara, G. R., Fernandes, N. C., Albuquerque, C. V. N., Carrano,
R. C., de Medeiros, D. S. V. e Mattos, D. M. F. (2019). Towards a performance evaluation of private blockchain frameworks using a realistic workload. Em 2019 22nd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), Paris.
Fei-Fei, L., Fergus, R. e Perona, P. (2007). Learning generative visual models from few training examples: An incremental bayesian approach tested on 101 object categories. Computer Vision and Image Understanding, 106(1):59 – 70. Special issue on Generative Model Based Vision.
Gama, J., Zliobaite, I., Bifet, A., Pechenizkiy, M. e Bouchachia, A. (2014). A survey on concept drift adaptation. ACM computing surveys (CSUR), 46(4):44.
Ingols, K. (2009). Modeling modern network attacks and countermeasures using attack graphs. Computer Security Applications Conference.
Konoth, R. K., Vineti, E., Moonsamy, V., Lindorfer, M., Kruegel, C., Bos, H. e Vigna, G. (2018). Minesweeper: An in-depth look into drive-by cryptocurrency mining and its defense. Em Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, p. 1714–1730. ACM.
Luengo, J., Fernández, A., García, S. e Herrera, F. (2011). Addressing data complexity for imbalanced data sets: analysis of smote-based oversampling and evolutionary undersampling. Soft Computing, 15(10):1909–1936.
Mattos, D. M. F., Duarte, O. C. M. B. e Pujolle, G. (2016). Reverse update: A consistent policy update scheme for software-dened networking. IEEE Communications Letters, 20(5):886–889.
McAfee, A., Brynjolfsson, E., Davenport, T. H., Patil, D. e Barton, D. (2012). Big data: the management revolution. Harvard business review, 90(10):60–68.
Medeiros, D. S. V., Cunha Neto, H. N., Andreoni Lopez, M., Magalhães, L. C. S., Silva,
E. F., Vieira, A. B., Fernandes, N. C. e Mattos, D. M. F. (2019). Análise de dados em redes sem o de grande porte: Processamento em uxo em tempo real, tendências e desaos. Minicursos do Simpósio Brasileiro de Redes de Computadores-SBRC, 2019:142–195.
Meng, X., Bradley, J., Yavuz, B., Sparks, E., Venkataraman, S., Liu, D., Freeman, J., Tsai, D., Amde, M., Owen, S. et al. (2016). Mllib: Machine learning in apache spark. The Journal of Machine Learning Research, 17(1):1235–1241.
Open Networking Foundation (2012). OpenFlow Switch Specication Version 1.3.0 (Wire Protocol 0x04). The OpenFlow Consortium.
Pietraszek, T. e Tanner, A. (2005). Data mining and machine learning—towards reducing false positives in intrusion detection. Information security technical report, 10(3):169– 183.
Polikar, R., Upda, L., Upda, S. S. e Honavar, V. (2001). Learn++: an incremental learning algorithm for supervised neural networks. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 31(4):497–508.
Porras, P. A. e Valdes, A. (2001). Network surveillance. US Patent 6,321,338.
Tahir, R., Huzaifa, M., Das, A., Ahmad, M., Gunter, C., Zaffar, F., Caesar, M. e Borisov, N. (2017). Mining on someone else's dime: Mitigating covert mining operations in clouds and enterprises. Em International Symposium on Research in Attacks, Intrusi- ons, and Defenses, p. 287–310. Springer.
Van der Laan, M. J., Polley, E. C. e Hubbard, A. E. (2007). Super learner. Statistical applications in genetics and molecular biology, 6(1).
Wang, S., Minku, L. L., Ghezzi, D., Caltabiano, D., Tino, P. e Yao, X. (2013). Concept drift detection for online class imbalance learning. Em The 2013 Int. Joint Conference on Neural Networks (IJCNN), p. 1–10.
Published
2019-09-02
How to Cite
C. NETO, Helio; LOPEZ, Martin; FERNANDES, Natalia; MATTOS, Diogo.
Um Mecanismo de Aprendizado Incremental para Detecção e Bloqueio de Mineração de Criptomoedas em Redes Definidas por Software. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 365-378.
DOI: https://doi.org/10.5753/sbseg.2019.13984.
