{"title":"Smart Analysis and Detection System for New Host-Based Cryptojacking Malware Dataset","authors":"Hadeel Almurshid","doi":"10.5455/jeas.2023050105","DOIUrl":null,"url":null,"abstract":"Cryptocurrency is a quickly growing technology in the finance industry, with the first cryptocurrency, Bitcoin, being created in 2009. Each cryptocurrency has its own unique hash value, and cryptocurrency mining involves participating in a guessing competition to release a unique hash into circulation, with the winner receiving a modest bonus in the form of bitcoin. However, as more bitcoins are discovered, it becomes increasingly difficult to obtain more, resulting in a need for extra computer resources and power. Consequently, the increasing popularity of cryptocurrency has led to a rise in cryptojacking malware, which secretly uses victims' computing resources to mine cryptocurrency. This malware can be either web-based or host-based, with similar execution and goals but differing in implementation and injection. Cryptojacking has affected numerous devices worldwide, but few studies have been carried out to detect it, especially the host-based type. Furthermore, the current studies on cryptojacking have limited datasets, which are often outdated or small, and the prediction models developed from these datasets may not be accurate. To address this gap, we conducted a thorough analysis of cryptojacking's behavior, lifecycle, impact, implementations, and possible detection methods. Additionally, we created an up-to-date dataset consisting of 114,985 samples, with 57,948 categorized as benign and 57,037 as cryptojacking. The dataset was used to build a smart cryptojacking detection system, with 5 different convolutional neural network models trained and evaluated against a subset of the dataset. The best performing model achieved an accuracy of 98.4%, an F1-Score of 98.3%, a precision of 98.4%, and a recall of 98.4%. Our proposed method, which involves running Windows executables in an isolated environment and closely monitoring their CPU usage, provides a thorough understanding of cryptojacking malware behavior and enables detection of the malware. The comprehensive dataset collected facilitates efficient detection model development. Additionally, evaluating the dataset with 5 different CNN algorithms and assessing their performance using established evaluation metrics ensures the effectiveness of our proposed method and dataset.","PeriodicalId":15681,"journal":{"name":"Journal of Engineering and Applied Sciences","volume":"13 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Engineering and Applied Sciences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5455/jeas.2023050105","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Cryptocurrency is a quickly growing technology in the finance industry, with the first cryptocurrency, Bitcoin, being created in 2009. Each cryptocurrency has its own unique hash value, and cryptocurrency mining involves participating in a guessing competition to release a unique hash into circulation, with the winner receiving a modest bonus in the form of bitcoin. However, as more bitcoins are discovered, it becomes increasingly difficult to obtain more, resulting in a need for extra computer resources and power. Consequently, the increasing popularity of cryptocurrency has led to a rise in cryptojacking malware, which secretly uses victims' computing resources to mine cryptocurrency. This malware can be either web-based or host-based, with similar execution and goals but differing in implementation and injection. Cryptojacking has affected numerous devices worldwide, but few studies have been carried out to detect it, especially the host-based type. Furthermore, the current studies on cryptojacking have limited datasets, which are often outdated or small, and the prediction models developed from these datasets may not be accurate. To address this gap, we conducted a thorough analysis of cryptojacking's behavior, lifecycle, impact, implementations, and possible detection methods. Additionally, we created an up-to-date dataset consisting of 114,985 samples, with 57,948 categorized as benign and 57,037 as cryptojacking. The dataset was used to build a smart cryptojacking detection system, with 5 different convolutional neural network models trained and evaluated against a subset of the dataset. The best performing model achieved an accuracy of 98.4%, an F1-Score of 98.3%, a precision of 98.4%, and a recall of 98.4%. Our proposed method, which involves running Windows executables in an isolated environment and closely monitoring their CPU usage, provides a thorough understanding of cryptojacking malware behavior and enables detection of the malware. The comprehensive dataset collected facilitates efficient detection model development. Additionally, evaluating the dataset with 5 different CNN algorithms and assessing their performance using established evaluation metrics ensures the effectiveness of our proposed method and dataset.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
