针对黑魔法加密的应用不可知防御

2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2021-06-01 DOI:10.1109/DSN48987.2021.00044

Nada Lachtar, Abdulrahman Abu Elkhail, Anys Bacha, Hafiz Malik

{"title":"针对黑魔法加密的应用不可知防御","authors":"Nada Lachtar, Abdulrahman Abu Elkhail, Anys Bacha, Hafiz Malik","doi":"10.1109/DSN48987.2021.00044","DOIUrl":null,"url":null,"abstract":"The popularity of cryptocurrencies has garnered interest from cybercriminals, spurring an onslaught of cryptojacking campaigns that aim to hijack computational resources for the purpose of mining cryptocurrencies. In this paper, we present a cross-stack cryptojacking defense system that spans the hardware and OS layers. Unlike prior work that is confined to detecting cryptojacking behavior within web browsers, our solution is application agnostic. We show that tracking instructions that are frequently used in cryptographic hash functions serve as reliable signatures for fingerprinting cryptojacking activity. We demonstrate that our solution is resilient to multi-threaded and throttling evasion techniques that are commonly employed by cryptojacking malware. We characterize the robustness of our solution by extensively testing a diverse set of workloads that include real consumer applications. Finally, an evaluation of our proof-of-concept implementation shows minimal performance impact while running a mix of benchmark applications","PeriodicalId":222512,"journal":{"name":"2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"74 12","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"An Application Agnostic Defense Against the Dark Arts of Cryptojacking\",\"authors\":\"Nada Lachtar, Abdulrahman Abu Elkhail, Anys Bacha, Hafiz Malik\",\"doi\":\"10.1109/DSN48987.2021.00044\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The popularity of cryptocurrencies has garnered interest from cybercriminals, spurring an onslaught of cryptojacking campaigns that aim to hijack computational resources for the purpose of mining cryptocurrencies. In this paper, we present a cross-stack cryptojacking defense system that spans the hardware and OS layers. Unlike prior work that is confined to detecting cryptojacking behavior within web browsers, our solution is application agnostic. We show that tracking instructions that are frequently used in cryptographic hash functions serve as reliable signatures for fingerprinting cryptojacking activity. We demonstrate that our solution is resilient to multi-threaded and throttling evasion techniques that are commonly employed by cryptojacking malware. We characterize the robustness of our solution by extensively testing a diverse set of workloads that include real consumer applications. Finally, an evaluation of our proof-of-concept implementation shows minimal performance impact while running a mix of benchmark applications\",\"PeriodicalId\":222512,\"journal\":{\"name\":\"2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)\",\"volume\":\"74 12\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSN48987.2021.00044\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN48987.2021.00044","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

加密货币的流行引起了网络犯罪分子的兴趣，引发了一系列旨在劫持计算资源以挖掘加密货币的加密劫持活动。在本文中，我们提出了一种跨硬件层和操作系统层的跨堆栈加密劫持防御系统。与之前的工作不同的是，我们的解决方案仅限于检测web浏览器中的加密劫持行为，与应用程序无关。我们证明了在加密散列函数中经常使用的跟踪指令可以作为指纹加密劫持活动的可靠签名。我们证明了我们的解决方案对加密劫持恶意软件通常使用的多线程和节流逃避技术具有弹性。我们通过广泛测试各种工作负载集(包括真实的消费者应用程序)来表征解决方案的健壮性。最后，对我们的概念验证实现的评估显示，在运行混合基准测试应用程序时，性能影响最小

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Application Agnostic Defense Against the Dark Arts of Cryptojacking

The popularity of cryptocurrencies has garnered interest from cybercriminals, spurring an onslaught of cryptojacking campaigns that aim to hijack computational resources for the purpose of mining cryptocurrencies. In this paper, we present a cross-stack cryptojacking defense system that spans the hardware and OS layers. Unlike prior work that is confined to detecting cryptojacking behavior within web browsers, our solution is application agnostic. We show that tracking instructions that are frequently used in cryptographic hash functions serve as reliable signatures for fingerprinting cryptojacking activity. We demonstrate that our solution is resilient to multi-threaded and throttling evasion techniques that are commonly employed by cryptojacking malware. We characterize the robustness of our solution by extensively testing a diverse set of workloads that include real consumer applications. Finally, an evaluation of our proof-of-concept implementation shows minimal performance impact while running a mix of benchmark applications

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

自引率

0.00%

发文量