Header

UZH-Logo

Maintenance Infos

Early Detection of Cryptojacker Malicious Behaviors on IoT Crowdsensing Devices


Celdrán, Alberto Huertas; von der Assen, Jan; Moser, Konstantin; Sánchez Sánchez, Pedro M; Bovet, Gérôme; Martínez Pérez, Gregorio; Stiller, Burkhard (2023). Early Detection of Cryptojacker Malicious Behaviors on IoT Crowdsensing Devices. In: NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, Miami, FL, USA, 8 May 2023 - 12 May 2023. Institute of Electrical and Electronics Engineers, 10154392.

Abstract

Traditionally, IoT crowdsensing devices have been outside the cryptomining domain due to their limitations in terms of computational power. In 2014, Monero (XNR) changed this situation forever. Monero is an open-source digital payment token that can be mined in resource-constrained devices like IoT and single-board computers. Despite the Monero advantages, it opened the door for cryptojackers illicitly mining cryptocurrencies by exploiting well-known vulnerabilities of IoT devices. Existing detection solutions provide good performance while detecting the mining phase of cryptojackers, but early detection is desired to avoid malware spreading and resource misuse. Thus, this work proposes a framework that combines device behavioral fingerprinting and machine learning to detect and classify preparatory phases of cryptojackers. The framework has been deployed in a crowdsensing IoT spectrum sensor, Raspberry Pi, infected by a recent cryptojacker called Linux.MulDrop.14. Promising detection results demonstrate the framework’s suitability while detecting early phases of cryptojackers.

Abstract

Traditionally, IoT crowdsensing devices have been outside the cryptomining domain due to their limitations in terms of computational power. In 2014, Monero (XNR) changed this situation forever. Monero is an open-source digital payment token that can be mined in resource-constrained devices like IoT and single-board computers. Despite the Monero advantages, it opened the door for cryptojackers illicitly mining cryptocurrencies by exploiting well-known vulnerabilities of IoT devices. Existing detection solutions provide good performance while detecting the mining phase of cryptojackers, but early detection is desired to avoid malware spreading and resource misuse. Thus, this work proposes a framework that combines device behavioral fingerprinting and machine learning to detect and classify preparatory phases of cryptojackers. The framework has been deployed in a crowdsensing IoT spectrum sensor, Raspberry Pi, infected by a recent cryptojacker called Linux.MulDrop.14. Promising detection results demonstrate the framework’s suitability while detecting early phases of cryptojackers.

Statistics

Citations

Dimensions.ai Metrics

Altmetrics

Downloads

0 downloads since deposited on 15 Feb 2024
0 downloads since 12 months

Additional indexing

Item Type:Conference or Workshop Item (Paper), refereed, original work
Communities & Collections:03 Faculty of Economics > Department of Informatics
Dewey Decimal Classification:000 Computer science, knowledge & systems
Scopus Subject Areas:Physical Sciences > Software
Physical Sciences > Artificial Intelligence
Physical Sciences > Computer Networks and Communications
Social Sciences & Humanities > Information Systems and Management
Physical Sciences > Safety, Risk, Reliability and Quality
Physical Sciences > Modeling and Simulation
Language:English
Event End Date:12 May 2023
Deposited On:15 Feb 2024 13:37
Last Modified:28 Feb 2024 12:19
Publisher:Institute of Electrical and Electronics Engineers
Series Name:IEEE/IFIP Network Operations and Management Symposium (NOMS)
ISSN:1542-1201
ISBN:978-1-6654-7716-1
OA Status:Closed
Publisher DOI:https://doi.org/10.1109/noms56928.2023.10154392