Advertisement

CMBlock: In-Browser Detection and Prevention Cryptojacking Tool Using Blacklist and Behavior-Based Detection Method

  • Muhammad Amirrudin Razali
  • Shafiza Mohd ShariffEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11870)

Abstract

As cryptocurrency fast becoming a popular digital currency, implementation of mining script in browser-based JavaScript has become a worthwhile alternative to the traditional way of mining cryptocurrency. Based on this implementation, a new form of threat, widely called cryptojacking, has become popular on the web. A website that has been affected by cryptojacking abuses its visitor’s computing resources to mine cryptocurrency without the machine owner’s consent. This paper introduces CMBlock, a web extension for browser we have developed that can detect mining script that runs in the website. This application will be using two different kinds of approach: mining behaviour and blacklist detection technique to mitigate the cryptojacking attack. By implementing the mining behaviour detection, the application is capable of detecting unknown domain that not been listed in the blacklist. This application would be an enhancement of current countermeasure in mitigating the cryptojacking attack.

Keywords

Cryptojacking detection Blacklist Mining behaviour 

References

  1. Ahamad, S., Nair, M., Varghese, B.: A survey on crypto currencies. In: 4th International Conference on Advances in Computer Science, AETACS, pp. 42–48. Citeseer (2013)Google Scholar
  2. Dev, J.A.: Bitcoin mining acceleration and performance quantification. In: 2014 IEEE 27th Canadian Conference on Electrical and Computer Engineering (CCECE), pp. 1–6. IEEE (2014)Google Scholar
  3. Hari, K., Sai, S., Venkata, T.V.: Cryptocurrency mining – transition to cloud. Int. J. Adv. Comput. Sci. Appl. 6(9) (2015).  https://doi.org/10.14569/IJACSA.2015.060915
  4. Hong, G., et al.: How you get shot in the back: a systematical study about cryptojacking in the real world. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1701–1713. ACM (2018)Google Scholar
  5. Houben, R., Snyers, A.: Cryptocurrencies and blockchain: legal context and implications for financial crime, money laundering and tax evasion. Europe Parliament (2018). http://www.europarl.europa.eu/cmsdata/150761/TAX3%20Study%20on%20cryptocurrencies%20and%20blockchain.pdf
  6. Liu, J., Zhao, Z., Cui, X., Wang, Z., Liu, Q.: A novel approach for detecting browser-based silent miner. In: 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), pp. 490–497. IEEE (2018)Google Scholar
  7. Mukhopadhyay, U., Skjellum, A., Hambolu, O., Oakley, J., Yu, L., Brooks, R.: A brief survey of cryptocurrency systems. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), pp. 745–752. IEEE (2016)Google Scholar
  8. Paquet-Clouston, M., Haslhofer, B., Dupont, B.: Ransomware payments in the bitcoin ecosystem. Journal of Cybersecurity 5(1), tyz003 (2019)CrossRefGoogle Scholar
  9. Randi, E., Kimberly, G., Bryon, W., Jeremy, K.: How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners, 18 July 2018. (2018). https://www.fireeye.com/blog/threat-research/2018/07/cryptocurrencies-cyber-crime-growth-of-miners.html
  10. Saad, M., Khormali, A., Mohaisen, A.: End-to-end analysis of in-browser cryptojacking. arXiv preprint arXiv:1809.02152. (2018)
  11. Wang, P., Wang, Y.-S.: Malware behavioural detection and vaccine development by using a support vector model classifier. J. Comput. Syst. Sci. 81(6), 1012–1026 (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Muhammad Amirrudin Razali
    • 1
  • Shafiza Mohd Shariff
    • 1
    Email author
  1. 1.Malaysian Institute of Information TechnologyUniversiti Kuala LumpurKuala LumpurMalaysia

Personalised recommendations