Write a Blog >>
ASE 2020
Mon 21 - Fri 25 September 2020 Melbourne, Australia
Thu 24 Sep 2020 16:20 - 16:40 at Koala - Software Security and Trust (3) Chair(s): Julia Lawall

Recent advances in web technology have made in-browser cryptomining a viable funding model. However, these services have been abused to launch large-scale cryptojacking attacks to secretly mine cryptocurrency in browsers. To detect them, various signature-based or runtime feature-based methods have been proposed. However, they can be imprecise or easily circumvented. To this end, we propose MinerRay, a generic scheme to detect malicious in-browser cryptominers. Instead of leveraging unreliable external patterns, MinerRay relies on the essence of cryptomining semantics that differentiates mining from common browsing activities. By abstracting away language or implementation details, MinerRay can handle modules written in different languages. Besides, MinerRay infers user contents to check if the mining is started secretly. MinerRay was evaluated on over 1 million websites. It detected cryptominers on 901 websites, where 885 secretly start mining without user consent. Besides, we compared MinerRay with five state-of-the-art signature-based or behavior-based cryptominer detectors (MineSweeper, CM-Tracker, Outguard, No Coin, and minerBlock). We observed that emerging miners with new signatures or new services were detected by MinerRay but missed by others. The result shows that our proposed technique is effective and robust in detecting evolving cryptominers, yielding more true positives, and fewer errors.

Thu 24 Sep
Times are displayed in time zone: (UTC) Coordinated Universal Time

16:00 - 17:00: Software Security and Trust (3)Research Papers at Koala
Chair(s): Julia LawallInria
16:00 - 16:20
Prober: Practically Defending Overflows with Page Protection
Research Papers
Hongyu LiuPurdue University, Ruiqin TianCollege of William and Mary, Bin RenCollege of William and Mary, Tongping LiuUniversity of Massachusetts Amherst
16:20 - 16:40
MinerRay: Semantics-Aware Analysis for Ever-Evolving Cryptojacking Detection
Research Papers
Alan RomanoUniversity at Buffalo, SUNY, Yunhui ZhengIBM T.J. Watson Research Center, Weihang WangUniversity at Buffalo, SUNY
16:40 - 17:00
Summary-Based Symbolic Evaluation for Smart ContractsACM Distinguished Paper
Research Papers
Yu FengUniversity of California, Santa Barbara, Emina TorlakUniversity of Washington, Rastislav BodikUniversity of Washington