Analysis of the Propagation of Miner Botnet

Abstract

Miner Botnet, a new type of botnet that perform digital cryptocurrency mining by invading and implanting malware programs in normal noncooperative user terminals, and occupy their computational resource, has been widely propagated with the soaring price of crypto currencies and become one of the major threats to the security of today’s cyber-space. Since the rapid spread of miner botnet mainly relies on the vulnerabilities in the computer system, the security of the computer system will be greatly improved if the vulnerability exploitation tactics of miner botnet can be predicted. In this paper, we study the exploitation history of the vulnerabilities exploited by miner botnets, build a new set of attributes on the basis of CVSS3.0 and use the knowledge graph as the framework to model the relationship between miner botnet, vulnerabilities and vulnerability attributes, and propose a method, combined with Apriori, Fast-Unfolding and a reasoning algorithm based on the knowledge structure, to predict the vulnerability exploitation tactics of miner botnet. Thereby we can prejudge the exploitation of miner botnets with historical data of vulnerability exploitation. The experimental results also show that the algorithm has a certain predictive effect on the vulnerability exploitation tactics of miner botnets. The algorithm can help security personnel respond to the attacker's behavior in advance and reduce the loss .