Cryptomining Traffic Detection Based on BiGRU and Attention Mechanism

2023 7th International Conference on Cryptography, Security and Privacy (CSP) Pub Date : 2023-04-01 DOI:10.1109/CSP58884.2023.00013

Yijie Huang, Wei Ding, Yuxi Cheng

{"title":"Cryptomining Traffic Detection Based on BiGRU and Attention Mechanism","authors":"Yijie Huang, Wei Ding, Yuxi Cheng","doi":"10.1109/CSP58884.2023.00013","DOIUrl":null,"url":null,"abstract":"The increasing popularity of cryptocurrencies has led to a rise in cryptomining attacks, where attackers unauthorizedly use the victim's computer resources to mine digital currency. This brings significant financial losses and security risks to both personal and professional life. Therefore, the detection of cryptomining attacks is of paramount importance. The conventional packet inspection technique is no longer effective due to the use of encryption. Moreover, the prevalent machine learning methods rely heavily on features extracted by professional experience, which is time-consuming. In this paper, we analyze the features of real-world campus cryptomining traffic and propose an end-to-end deep learning model for malicious mining detection. Our model, based on Bidirectional Gate Recurrent Unit (BiGRU) with an attention mechanism, extracts representative features from the raw flow. The results indicate that our approach outperforms benchmark models and previous methods on the large-scale imbalanced dataset, achieving a G-mean value of 0.99 with only 8 packets of a flow.","PeriodicalId":255083,"journal":{"name":"2023 7th International Conference on Cryptography, Security and Privacy (CSP)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 7th International Conference on Cryptography, Security and Privacy (CSP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSP58884.2023.00013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The increasing popularity of cryptocurrencies has led to a rise in cryptomining attacks, where attackers unauthorizedly use the victim's computer resources to mine digital currency. This brings significant financial losses and security risks to both personal and professional life. Therefore, the detection of cryptomining attacks is of paramount importance. The conventional packet inspection technique is no longer effective due to the use of encryption. Moreover, the prevalent machine learning methods rely heavily on features extracted by professional experience, which is time-consuming. In this paper, we analyze the features of real-world campus cryptomining traffic and propose an end-to-end deep learning model for malicious mining detection. Our model, based on Bidirectional Gate Recurrent Unit (BiGRU) with an attention mechanism, extracts representative features from the raw flow. The results indicate that our approach outperforms benchmark models and previous methods on the large-scale imbalanced dataset, achieving a G-mean value of 0.99 with only 8 packets of a flow.

查看原文本刊更多论文

基于BiGRU和注意机制的挖矿流量检测

加密货币的日益普及导致了加密挖矿攻击的增加，攻击者未经授权使用受害者的计算机资源来挖掘数字货币。这给个人和职业生活带来了巨大的经济损失和安全风险。因此，检测加密攻击是至关重要的。由于加密的使用，传统的包检测技术不再有效。此外，普遍的机器学习方法严重依赖于专业经验提取的特征，这是耗时的。在本文中，我们分析了真实校园加密挖掘流量的特征，并提出了一种端到端深度学习模型用于恶意挖掘检测。我们的模型，基于双向门循环单元(BiGRU)和注意机制，从原始流中提取代表性特征。结果表明，我们的方法在大规模不平衡数据集上优于基准模型和以前的方法，在仅8个数据包的流量下实现了0.99的g均值。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 7th International Conference on Cryptography, Security and Privacy (CSP)

自引率

0.00%

发文量