MinerRay: Semantics-Aware Analysis for Ever-Evolving Cryptojacking Detection
Recent advances in web technology have made in-browser cryptomining a viable funding model. However, these services have been abused to launch large-scale cryptojacking attacks to secretly mine cryptocurrency in browsers. To detect them, various signature-based or runtime feature-based methods have been proposed. However, they can be imprecise or easily circumvented. To this end, we propose MinerRay, a generic scheme to detect malicious in-browser cryptominers. Instead of leveraging unreliable external patterns, MinerRay relies on the essence of cryptomining semantics that differentiates mining from common browsing activities. By abstracting away language or implementation details, MinerRay can handle modules written in different languages. Besides, MinerRay infers user contents to check if the mining is started secretly. MinerRay was evaluated on over 1 million websites. It detected cryptominers on 901 websites, where 885 secretly start mining without user consent. Besides, we compared MinerRay with five state-of-the-art signature-based or behavior-based cryptominer detectors (MineSweeper, CM-Tracker, Outguard, No Coin, and minerBlock). We observed that emerging miners with new signatures or new services were detected by MinerRay but missed by others. The result shows that our proposed technique is effective and robust in detecting evolving cryptominers, yielding more true positives, and fewer errors.
Thu 24 Sep Times are displayed in time zone: (UTC) Coordinated Universal Time
16:00 - 16:20 Talk | Prober: Practically Defending Overflows with Page Protection Research Papers Hongyu LiuPurdue University, Ruiqin TianCollege of William and Mary, Bin RenCollege of William and Mary, Tongping LiuUniversity of Massachusetts Amherst | ||
16:20 - 16:40 Talk | MinerRay: Semantics-Aware Analysis for Ever-Evolving Cryptojacking Detection Research Papers Alan RomanoUniversity at Buffalo, SUNY, Yunhui ZhengIBM T.J. Watson Research Center, Weihang WangUniversity at Buffalo, SUNY | ||
16:40 - 17:00 Talk | Summary-Based Symbolic Evaluation for Smart Contracts![]() Research Papers Yu FengUniversity of California, Santa Barbara, Emina TorlakUniversity of Washington, Rastislav BodikUniversity of Washington |