DeCrypto: Finding Cryptocurrency Miners on ISP networks

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21240%2F22%3A00361522" target="_blank" >RIV/68407700:21240/22:00361522 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1007/978-3-031-22295-5_8" target="_blank" >https://doi.org/10.1007/978-3-031-22295-5_8</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-031-22295-5_8" target="_blank" >10.1007/978-3-031-22295-5_8</a>

Jazyk výsledku

angličtina

Název v původním jazyce

DeCrypto: Finding Cryptocurrency Miners on ISP networks

Popis výsledku v původním jazyce

With the rising popularity of cryptocurrencies and the increasing value of the whole industry, people are incentivized to join and earn revenues by cryptomining — using computational resources for cryptocurrency transaction verification. Nevertheless, there is an increasing number of abusive cryptomining cases, and it is reported that “coin miner malware” grew by more than 4000% in 2018. In this work, we analyzed the cryptominer network communication and proposed the DeCrypto system that can detect and report mining on high-speed 100 Gbps backbone Internet lines with millions of users. The detector uses the concept of heterogeneous weak-indication detectors (Machine-Learning-based, domain-based, and payload-based) that work together and create a robust and accurate detector with an extremely low false-positive rate. The detector was implemented and evaluated on a real nationwide high-speed network and proved efficient in a real-world deployment.

Název v anglickém jazyce

DeCrypto: Finding Cryptocurrency Miners on ISP networks

Popis výsledku anglicky

With the rising popularity of cryptocurrencies and the increasing value of the whole industry, people are incentivized to join and earn revenues by cryptomining — using computational resources for cryptocurrency transaction verification. Nevertheless, there is an increasing number of abusive cryptomining cases, and it is reported that “coin miner malware” grew by more than 4000% in 2018. In this work, we analyzed the cryptominer network communication and proposed the DeCrypto system that can detect and report mining on high-speed 100 Gbps backbone Internet lines with millions of users. The detector uses the concept of heterogeneous weak-indication detectors (Machine-Learning-based, domain-based, and payload-based) that work together and create a robust and accurate detector with an extremely low false-positive rate. The detector was implemented and evaluated on a real nationwide high-speed network and proved efficient in a real-world deployment.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20202 - Communication engineering and systems

Projekt

<a href="/cs/project/VJ02010024" target="_blank" >VJ02010024: Analýza šifrovaného provozu pomocí síťových toků</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Secure IT Systems

ISBN

978-3-031-22294-8

ISSN

0302-9743

e-ISSN

—

Počet stran výsledku

20

Strana od-do

139-158

Název nakladatele

Springer

Místo vydání

Cham

Místo konání akce

Reykjavic

Datum konání akce

30. 11. 2022

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000921332500008