Please use this identifier to cite or link to this item:
https://hdl.handle.net/20.500.11851/8349
Full metadata record
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Tekiner, Ege | - |
dc.contributor.author | Acar, A. | - |
dc.contributor.author | Uluagac, A. Selçuk | - |
dc.contributor.author | Kırda, E. | - |
dc.contributor.author | Selçuk, Ali Aydın | - |
dc.date.accessioned | 2022-01-15T13:02:36Z | - |
dc.date.available | 2022-01-15T13:02:36Z | - |
dc.date.issued | 2021 | - |
dc.identifier.isbn | 9781665414913 | - |
dc.identifier.uri | https://doi.org/10.1109/EuroSP51992.2021.00019 | - |
dc.identifier.uri | https://hdl.handle.net/20.500.11851/8349 | - |
dc.description | 6th IEEE European Symposium on Security and Privacy, Euro S and P 2021 -- 6 September 2021 through 10 September 2021 -- 173512 | en_US |
dc.description.abstract | Emerging blockchain and cryptocurrency-based technologies are redefining the way we conduct business in cyberspace. Today, a myriad of blockchain and cryp-tocurrency systems, applications, and technologies are widely available to companies, end-users, and even malicious actors who want to exploit the computational resources of regular users through cryptojacking malware. Especially with ready-to-use mining scripts easily provided by service providers (e.g., Coinhive) and untraceable cryptocurrencies (e.g., Monero), cryptojacking malware has become an indispensable tool for attackers. Indeed, the banking industry, major commercial websites, government and military servers (e.g., US Dept. of Defense), online video sharing platforms (e.g., Youtube), gaming platforms (e.g., Nintendo), critical infrastructure resources (e.g., routers), and even recently widely popular remote video conferencing/meeting programs (e.g., Zoom during the Covid-19 pandemic) have all been the victims of powerful cryptojacking malware campaigns. Nonetheless, existing detection methods such as browser extensions that protect users with blacklist methods or antivirus programs with different analysis methods can only provide a partial panacea to this emerging crypto-jacking issue as the attackers can easily bypass them by using obfuscation techniques or changing their domains or scripts frequently. Therefore, many studies in the literature proposed cryptojacking malware detection methods using various dynamic/behavioral features. However, the literature lacks a systemic study with a deep understanding of the emerging cryptojacking malware and a comprehensive review of studies in the literature. To fill this gap in the literature, in this SoK paper, we present a systematic overview of cryptojacking malware based on the information obtained from the combination of academic research papers, two large cryptojacking datasets of samples, and 45 major attack instances. Finally, we also present lessons learned and new research directions to help the research community in this emerging area. © 2021 IEEE. | en_US |
dc.description.sponsorship | National Science Foundation, NSF: NSF-1663051, NSF-CAREER CNS-1453647, NSF-CNS-1703454, NSF-CNS-1718116; Office of Naval Research, ONR | en_US |
dc.description.sponsorship | The rapid rise of cryptocurrencies incentivized the attackers to the lucrative blockchain and the Bitcoin ecosystem. With ready-to-use mining scripts offered easily by service providers (e.g., Coinhive [8], and CryptoLoot [4]) and untraceable cryptocurrencies (e.g., Monero), crypto-jacking malware has become an essential tool for hackers. The lack of mitigation techniques in the market led to many cryptojacking malware detection studies proposed in the literature. In this paper, we first explained the cryptojacking malware types and how they work in a systematic fashion. Then, we presented the techniques used by cryptojacking malware based on the previous research papers, cryptojacking samples, and major attack instances. In particular, we presented sources of cryp-tojacking malware, infection methods, victim platform types, target cryptocurrencies, evasion, and obfuscation techniques used by cryptojacking malware. Moreover, we gave a detailed review of the existing detection and prevention studies as well as the cryptojacking analysis studies in the literature. Finally, we presented lessons learned, and we noted several promising new research directions. In doing so, this SoK study will facilitate not only a deep understanding of the emerging cryptojacking malware and the pertinent detection and prevention mechanisms but also a substantial additional research work needed to provide adequate mitigations in the community. Acknowledgment We would like to thank VirusTotal for sharing the samples. We also would like to thank the anonymous reviewers, and our shepherd Dr. Christian Rossow for their feedback and time. This work was partially supported by the U.S. National Science Foundation (NSF) (Awards: NSF-CAREER CNS-1453647, NSF-1663051, NSF-CNS-1718116, NSF-CNS-1703454), and ONR under the ”In Situ Malware” project, and CyberFlorida Capacity Building Program. The views expressed are those of the authors only. | en_US |
dc.language.iso | en | en_US |
dc.publisher | Institute of Electrical and Electronics Engineers Inc. | en_US |
dc.relation.ispartof | Proceedings - 2021 IEEE European Symposium on Security and Privacy, Euro S and P 2021 | en_US |
dc.rights | info:eu-repo/semantics/openAccess | en_US |
dc.subject | Bitcoin | en_US |
dc.subject | Blockchain | en_US |
dc.subject | Cryptojacking | en_US |
dc.subject | Cryptomining | en_US |
dc.subject | Detection | en_US |
dc.subject | Host-based | en_US |
dc.subject | In-browser | en_US |
dc.subject | Malware | en_US |
dc.subject | Bitcoin | en_US |
dc.subject | Large dataset | en_US |
dc.subject | Malware | en_US |
dc.subject | Video conferencing | en_US |
dc.subject | Block-chain | en_US |
dc.subject | Cryptojacking | en_US |
dc.subject | Cryptomining | en_US |
dc.subject | Cyberspaces | en_US |
dc.subject | Detection | en_US |
dc.subject | Detection methods | en_US |
dc.subject | End-users | en_US |
dc.subject | Host-based | en_US |
dc.subject | In browsers | en_US |
dc.subject | System applications | en_US |
dc.subject | Blockchain | en_US |
dc.title | SoK: Cryptojacking malware | en_US |
dc.type | Conference Object | en_US |
dc.department | Faculties, Faculty of Engineering, Department of Computer Engineering | en_US |
dc.department | Fakülteler, Mühendislik Fakültesi, Bilgisayar Mühendisliği Bölümü | tr_TR |
dc.identifier.startpage | 120 | en_US |
dc.identifier.endpage | 139 | en_US |
dc.identifier.wos | WOS:000783804100008 | en_US |
dc.identifier.scopus | 2-s2.0-85119272386 | en_US |
dc.institutionauthor | Selçuk, Ali Aydın | - |
dc.identifier.doi | 10.1109/EuroSP51992.2021.00019 | - |
dc.authorscopusid | 57219158999 | - |
dc.authorscopusid | 57201944908 | - |
dc.authorscopusid | 22735196300 | - |
dc.authorscopusid | 6602533668 | - |
dc.authorscopusid | 7004457288 | - |
dc.relation.publicationcategory | Konferans Öğesi - Uluslararası - Kurum Öğretim Elemanı | en_US |
item.openairetype | Conference Object | - |
item.languageiso639-1 | en | - |
item.grantfulltext | none | - |
item.fulltext | No Fulltext | - |
item.openairecristype | http://purl.org/coar/resource_type/c_18cf | - |
item.cerifentitytype | Publications | - |
crisitem.author.dept | 06.01. Department of Architecture | - |
crisitem.author.dept | 02.3. Department of Computer Engineering | - |
Appears in Collections: | Bilgisayar Mühendisliği Bölümü / Department of Computer Engineering Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection |
CORE Recommender
WEB OF SCIENCETM
Citations
28
checked on Dec 21, 2024
Page view(s)
306
checked on Dec 23, 2024
Google ScholarTM
Check
Altmetric
Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.