Demystifying Cryptocurrency Mining Attacks: A Semi-supervised Learning Approach Based on Digital Forensics and Dynamic Network Characteristics. (arXiv:2102.10634v1 [cs.CR])

Cryptocurrencies have emerged as a new form of digital money that has not
escaped the eyes of cyber-attackers. Traditionally, they have been maliciously
used as a medium of exchange for proceeds of crime in the cyber dark-market by
cyber-criminals. However, cyber-criminals have devised an exploitative
technique of directly acquiring cryptocurrencies from benign users’ CPUs
without their knowledge through a process called crypto mining. The presence of
crypto mining activities in a network is often an indicator of compromise of
illegal usage of network resources for crypto mining purposes. Crypto mining
has had a financial toll on victims such as corporate networks and individual
home users. This paper addresses the detection of crypto mining attacks in a
generic network environment using dynamic network characteristics. It tackles
an in-depth overview of crypto mining operational details and proposes a
semi-supervised machine learning approach to detection using various crypto
mining features derived from complex network characteristics. The results
demonstrate that the integration of semi-supervised learning with complex
network theory modeling is effective at detecting crypto mining activities in a
network environment. Such an approach is helpful during security mitigation by
network security administrators and law enforcement agencies.