minesweeper an in depth look into drive by mining and its
play

MineSweeper: An In-depth Look into Drive-by Mining and its Defense - PowerPoint PPT Presentation

Feb 20, 2023 •253 likes •874 views

MineSweeper: An In-depth Look into Drive-by Mining and its Defense Veelasha Moonsamy Utrecht University, The Netherlands 28 August 2018 University of Adelaide, Australia Utrecht University, The Netherlands 2 Acknowledgment Joint

  1. MineSweeper: An In-depth Look into Drive-by Mining and its Defense Veelasha Moonsamy Utrecht University, The Netherlands 28 August 2018 University of Adelaide, Australia

  2. Utrecht University, The Netherlands 2

  3. Acknowledgment ◮ Joint collaboration: ◮ Paper available at: www.veelasha.org 3

  4. Cryptocurrency: the rise of decentralized money ◮ A cryptocurrency: - is a digital asset designed to work as a medium of exchange 4

  5. Cryptocurrency: the rise of decentralized money ◮ A cryptocurrency: - is a digital asset designed to work as a medium of exchange - uses cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets 4

  6. Cryptocurrency: the rise of decentralized money ◮ A cryptocurrency: - is a digital asset designed to work as a medium of exchange - uses cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets ◮ In 2009, the first cryptocurrency, ‘Bitcoin’, was introduced 4

  7. Cryptocurrency: the rise of decentralized money ◮ A cryptocurrency: - is a digital asset designed to work as a medium of exchange - uses cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets ◮ In 2009, the first cryptocurrency, ‘Bitcoin’, was introduced ◮ Fast forward to 2018, about 1600 cryptocurrencies are in existence, out of which more than 600 still see an active trade 4

  8. Cryptocurrency: the rise of decentralized money ◮ A cryptocurrency: - is a digital asset designed to work as a medium of exchange - uses cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets ◮ In 2009, the first cryptocurrency, ‘Bitcoin’, was introduced ◮ Fast forward to 2018, about 1600 cryptocurrencies are in existence, out of which more than 600 still see an active trade ◮ An overall surge in market value across cryptocurrencies has renewed interest in cryptominers 4

  9. Cryptocurrency: the rise of decentralized money ◮ A cryptocurrency: - is a digital asset designed to work as a medium of exchange - uses cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets ◮ In 2009, the first cryptocurrency, ‘Bitcoin’, was introduced ◮ Fast forward to 2018, about 1600 cryptocurrencies are in existence, out of which more than 600 still see an active trade ◮ An overall surge in market value across cryptocurrencies has renewed interest in cryptominers ◮ ... which in turn led to the proliferation of cryptomining services, such as Coinhive - introduced in September 2017 4

  10. From September 2017 onwards ... It started with: 5

  11. From September 2017 onwards ... And things went downhill very quickly: 6

  12. Drive-by mining aka Cryptojacking ◮ Is a web-based attack ◮ An infected website secretly executes a mining script (Javascript code and/or WebAssembly module) in user’s browser to mine cryptocurrencies ◮ Is considered malicious only when user does not explicitly give their consent 7

  13. Drive-by mining aka Cryptojacking ◮ Is a web-based attack ◮ An infected website secretly executes a mining script (Javascript code and/or WebAssembly module) in user’s browser to mine cryptocurrencies ◮ Is considered malicious only when user does not explicitly give their consent ◮ In this work: we study the prevalence of drive-by mining attacks on Alexa’s Top 1 million websites 7

  14. Threat Model HTTP Request User Webserver 1 HTTP Response (Orchestrator Code) Fetch Mining Payload 2 Webserver/ External Server 3 4 Relay Mining Pool 5 Communication Communication Mining WebSocket Pool Proxy 8

  15. Current detection methods Two main approaches have been used: 1. Blacklist-based approach 9

  16. Current detection methods Two main approaches have been used: 1. Blacklist-based approach ◮ Not scalable 9

  17. Current detection methods Two main approaches have been used: 1. Blacklist-based approach ◮ Not scalable ◮ Prone to high false negatives 9

  18. Current detection methods Two main approaches have been used: 1. Blacklist-based approach ◮ Not scalable ◮ Prone to high false negatives ◮ Easily defeated by URL randomization and domain generation algorithms 9

  19. Current detection methods Two main approaches have been used: 1. Blacklist-based approach ◮ Not scalable ◮ Prone to high false negatives ◮ Easily defeated by URL randomization and domain generation algorithms 2. High CPU-based approach 9

  20. Current detection methods Two main approaches have been used: 1. Blacklist-based approach ◮ Not scalable ◮ Prone to high false negatives ◮ Easily defeated by URL randomization and domain generation algorithms 2. High CPU-based approach ◮ False positives, as there might exist other CPU-intensive use cases 9

  21. Current detection methods Two main approaches have been used: 1. Blacklist-based approach ◮ Not scalable ◮ Prone to high false negatives ◮ Easily defeated by URL randomization and domain generation algorithms 2. High CPU-based approach ◮ False positives, as there might exist other CPU-intensive use cases ◮ False negatives, as cryptominers have started to throttle their CPU usage to evade detection 9

  22. Contributions ◮ Perform first in-depth assessment of drive-by mining 10

  23. Contributions ◮ Perform first in-depth assessment of drive-by mining ◮ Discuss why current defenses based on blacklisting and CPU usage are ineffective 10

  24. Contributions ◮ Perform first in-depth assessment of drive-by mining ◮ Discuss why current defenses based on blacklisting and CPU usage are ineffective ◮ Propose MineSweeper , a novel detection approach based on the identification of the cryptographic functions (static analysis) and cache events (during run-time) 10

  25. Drive-by mining in the wild ◮ Conducted a large-scale analysis with the aim to answer the following questions: 1. How prevalent is drive-by mining in the wild? 2. How many different drive-by mining services exist currently? 3. Which evasion tactics do drive-by mining services employ? 4. What is the modus operandi of different types of campaign? 5. How much profit do these campaigns make? 6. What are the common characteristics across different drive-by mining services that can be used for their detection? 11

  26. Large-scale Analysis: experiment set-up 12

  27. Data collection ◮ Over a period of one week in mid-March 2018 13

  28. Data collection ◮ Over a period of one week in mid-March 2018 ◮ Crawler ◮ Crawled landing page and 3 internal pages ◮ Stayed on each visited page for 4 seconds ◮ No simulated interacted, i.e. the crawler did not give any consent for cryptomining 13

  29. Data collection ◮ Over a period of one week in mid-March 2018 ◮ Crawler ◮ Crawled landing page and 3 internal pages ◮ Stayed on each visited page for 4 seconds ◮ No simulated interacted, i.e. the crawler did not give any consent for cryptomining ◮ Crawled 991,513 websites; 4.6 TB raw data and 550 MB data profiles 13

  30. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload 14

  31. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code 14

  32. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code ◮ Websites embed the orchestrator script in the main page 14

  33. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code ◮ Websites embed the orchestrator script in the main page ◮ Can be detected by looking for specific string patterns 14

  34. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code ◮ Websites embed the orchestrator script in the main page ◮ Can be detected by looking for specific string patterns 14

  35. Preliminary results: Cryptomining code (1/2) ◮ Recall: cryptomining code consists of orchestrator code and mining payload ◮ Identification of orchestrator code ◮ Websites embed the orchestrator script in the main page ◮ Can be detected by looking for specific string patterns ◮ Keywords: CoinHive.Anonymous or coinhive.min.js 14

  36. Preliminary results: Cryptomining code (2/2) ◮ Identification of mining payload ◮ Dump the Wasm (WebAssembly) payload ◮ –dump-wasm- module flag in Chrome dumps the loaded Wasm modules ◮ Keyword-based search: cryptonight_hash and CryptonightWasmWrapper 15

  37. Effectiveness of fingerprint-based detection 16

  38. Effectiveness of fingerprint-based detection ◮ Detected 866 websites; 59.35% used Coinhive cryptomining services 16

  39. Effectiveness of fingerprint-based detection ◮ Detected 866 websites; 59.35% used Coinhive cryptomining services ◮ Issues: code obfuscation and manual effort of updating signatures 16

Recommend

into Drive-by Cryptocurrency Mining and Its Defense RAJSHAKHAR PAUL Outlines Introduction

into Drive-by Cryptocurrency Mining and Its Defense RAJSHAKHAR PAUL Outlines Introduction

MineSweeper: An In-depth Look into Drive-by Cryptocurrency Mining and Its Defense RAJSHAKHAR PAUL Outlines Introduction Motivation Background Threat Model Data Analysis Conclusion Outlines Introduction Motivation

717 views • 32 slides
How to solve Minesweeper In 3 minutes Steven Waterman LOOK HERE IF YOUVE PLAYED MINESWEEPER

How to solve Minesweeper In 3 minutes Steven Waterman LOOK HERE IF YOUVE PLAYED MINESWEEPER

How to solve Minesweeper In 3 minutes Steven Waterman LOOK HERE IF YOUVE PLAYED MINESWEEPER BEFORE LOOK HERE IF Basics YOU DONT KNOW WHAT MINESWEEPER IS Minesweeper Board! Rectangular! Cells! Cells can be clear or mines 1 2 1

841 views • 58 slides
TITLE: FAMILY BUSINESS IN OUR ECONOMY In Depth: Entrepreneurial Drive and Motivation of

TITLE: FAMILY BUSINESS IN OUR ECONOMY In Depth: Entrepreneurial Drive and Motivation of

TITLE: FAMILY BUSINESS IN OUR ECONOMY In Depth: Entrepreneurial Drive and Motivation of Consolidation (IP) Authors/Presenters: Mona Haug, Executive Coach Liv Hk , Liv Hk Psykoterapi , James Grady (not presenter), Consultant, PivotPoint

355 views • 17 slides
Mining Algorithms for New Applications: the case of Depth-First Search Sanjoy Dasgupta Russell

Mining Algorithms for New Applications: the case of Depth-First Search Sanjoy Dasgupta Russell

Mining Algorithms for New Applications: the case of Depth-First Search Sanjoy Dasgupta Russell Impagliazzo Ragesh Jaiswal Credit: Some of todays slides are due to Miles Jones CSE 101, Spring 2020, Week 2 Algorithm Mining Algorithms

866 views • 73 slides
Creating a solid mining company in the Americas CORPORATE PRESENTATION JANUARY 2018 FORWARD

Creating a solid mining company in the Americas CORPORATE PRESENTATION JANUARY 2018 FORWARD

REPORT INSIDE In-depth industry coverage including exclusive interviews, independent analysis, expert opinion articles and economic data. Distributed to key mining players and fjnanciers in Peru and internationally. Creating a solid mining

401 views • 23 slides
Threads More algorithm efficiency analysis, Big-Oh Work on Minesweeper See the nine

Threads More algorithm efficiency analysis, Big-Oh Work on Minesweeper See the nine

Threads More algorithm efficiency analysis, Big-Oh Work on Minesweeper See the nine announcements in the email message that I sent you yesterday afternoon. By now, everyone should know how to submit how to submit files in AFS and to SVN

590 views • 33 slides
Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques

What is Web Mining? Wh t i W b Mi i What is Web Mining? Wh t i W b Mi i ? ? Web Mining Web Mining Web Mining Web Mining Web mining is the use of data mining techniques to automat cally d scover and extract nformat on automatically

774 views • 20 slides
Project Minesweeper Andreas, Evy, Martin, Rebekka & Siripong Basic idea Possibility to

Project Minesweeper Andreas, Evy, Martin, Rebekka & Siripong Basic idea Possibility to

Project Minesweeper Andreas, Evy, Martin, Rebekka & Siripong Basic idea Possibility to reserve a group room From this Anarchy To this Democracy Transcending the traditional role of the library User-centered design Observations

485 views • 17 slides
Web Mining Web Mining Web mining is the use of data mining techniques to automatically

Web Mining Web Mining Web mining is the use of data mining techniques to automatically

What is Web Mining? What is Web Mining? Web Mining Web Mining Web mining is the use of data mining techniques to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) Web mining aims to

566 views • 22 slides
Data Structure Definition Array implementation Begin Data Structures Grand Tour Minesweeper

Data Structure Definition Array implementation Begin Data Structures Grand Tour Minesweeper

Data Structure Definition Array implementation Begin Data Structures Grand Tour Minesweeper team/team members peer Minesweeper team/team members peer review review survey (on ANGEL) survey (on ANGEL) due by 5 PM Today. Home || Course

327 views • 17 slides
Generic types Measuring Efficiency Minesweeper start-up Grader comments for JUnit and

Generic types Measuring Efficiency Minesweeper start-up Grader comments for JUnit and

Generic types Measuring Efficiency Minesweeper start-up Grader comments for JUnit and BigRational assignments should be in your repository. There seems to be a problem there with JUnit. Should be resolved this afternoon Details about

230 views • 10 slides
Using multimodal mining to drive clinical guidelines development Emilie Pasche 1 , Julien Gobeill

Using multimodal mining to drive clinical guidelines development Emilie Pasche 1 , Julien Gobeill

Using multimodal mining to drive clinical guidelines development Emilie Pasche 1 , Julien Gobeill 2 , Douglas Teodoro 1 , Dina Vishnyakova 1 , Arnaud Gaudinat 2 , Patrick Ruch 2 and Christian Lovis 1 1 SIMED, University of Geneva and University

736 views • 16 slides
SmartMiner: A Depth First Algorithm Guided by Tail Information for Mining Maximal Frequent

SmartMiner: A Depth First Algorithm Guided by Tail Information for Mining Maximal Frequent

SmartMiner: A Depth First Algorithm Guided by Tail Information for Mining Maximal Frequent Itemsets Qinghua Zou Wesley W. Chu Baojing Lu Computer Science Department Computer Science Department Computer Science Department University of

305 views • 8 slides
Tsinghua University Monocular Depth-Pose Prediction [R, t] Depth and Pose RGB PoseNet

Tsinghua University Monocular Depth-Pose Prediction [R, t] Depth and Pose RGB PoseNet

Wang Zhao, Shaohui Liu, Yezhi Shu, Yong-Jin Liu Tsinghua University Monocular Depth-Pose Prediction [R, t] Depth and Pose RGB PoseNet Fails to Generalize! All Drift ! Depth estimation in Indoor environments with Visual Odometry with

610 views • 15 slides
Depth-First Non-Derivable Itemset Mining Toon Calders Bart Goethals University of Antwerp,

Depth-First Non-Derivable Itemset Mining Toon Calders Bart Goethals University of Antwerp,

Depth-First Non-Derivable Itemset Mining Toon Calders Bart Goethals University of Antwerp, Belgium HIIT-BRU, University of Helsinki, Finland toon.calders@ua.ac.be bart.goethals@cs.helsinki.fi Abstract support of an itemset X in D is the

254 views • 12 slides
Web Mining Web Mining to automatically discover and extract information from Web

Web Mining Web Mining to automatically discover and extract information from Web

What is Web Mining? What is Web Mining? Web mining is the use of data mining techniques Web Mining Web Mining to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) (another definition:

287 views • 15 slides
RGBD Tutorial 14210240041 Gu Pan Image RGB YUV Lab Depth Image RGB image Depth image Each pixel in

RGBD Tutorial 14210240041 Gu Pan Image RGB YUV Lab Depth Image RGB image Depth image Each pixel in

RGBD Tutorial 14210240041 Gu Pan Image RGB YUV Lab Depth Image RGB image Depth image Each pixel in depth image shows the distance to camera Device Kinect Kinect2 (we use) SoftKinetic Leapmotion Kinect Depth camera developed by

480 views • 29 slides
Depth from HDR: Depth Induction or Increased Realism? P. Vangorp 1 R. K. Mantiuk 2 B. Bazyluk 3

Depth from HDR: Depth Induction or Increased Realism? P. Vangorp 1 R. K. Mantiuk 2 B. Bazyluk 3

Depth from HDR: Depth Induction or Increased Realism? P. Vangorp 1 R. K. Mantiuk 2 B. Bazyluk 3 K. Myszkowski 1 R. Mantiuk 3 S. J. Watt 2 H.-P. Seidel 1 1 MPI Informatik 2 Bangor University 3 West Pomeranian 3 University of Technology Depth from

466 views • 34 slides
Web Mining Web Mining to automatically discover and extract information from Web

Web Mining Web Mining to automatically discover and extract information from Web

What is Web Mining? What is Web Mining? Web mining is the use of data mining techniques Web Mining Web Mining to automatically discover and extract information from Web documents/services (Etzioni, 1996, CACM 39(11)) 1 2 The Web The Web

468 views • 23 slides
Google Drive: Share V0 18 Apr 2020 V0 1 V0 2 2020 Google Drive: Share 2020 Google Drive:

Google Drive: Share V0 18 Apr 2020 V0 1 V0 2 2020 Google Drive: Share 2020 Google Drive:

Google Drive: Share V0 18 Apr 2020 V0 1 V0 2 2020 Google Drive: Share 2020 Google Drive: Share Windows Explorer: Google Drive: Share Open MyDrive . Milo Schield Editor of www.StatLit.org Fellow, American Statistical Association

256 views • 7 slides
Depth & Complexity Framework - Understanding the pieces ELP Depth and Complexity Resource

Depth & Complexity Framework - Understanding the pieces ELP Depth and Complexity Resource

Depth & Complexity Framework - Understanding the pieces ELP Depth and Complexity Resource Page: https://www.jtayloreducation.com/tagtelp/ J Taylor Education, 2016 Depth & Complexity Framework Understanding the parts Think Like A

254 views • 22 slides
Remember When: Westmoreland Countys Drive -In Theaters Pennsylvanias Place in Drive -In

Remember When: Westmoreland Countys Drive -In Theaters Pennsylvanias Place in Drive -In

Remember When: Westmoreland Countys Drive -In Theaters Pennsylvanias Place in Drive -In History April 15, 1934: Shankweilers Auto Park in Orefield, Pennsylvania opened as the second drive-in theater in the United States.

566 views • 20 slides
Introduction to Web Mining What is Web Mining? Discovering useful information from the

Introduction to Web Mining What is Web Mining? Discovering useful information from the

CS 345A Data Mining Lecture 1 Introduction to Web Mining What is Web Mining? Discovering useful information from the World-Wide Web and its usage patterns Web Mining v. Data Mining Structure (or lack of it) Textual information and

744 views • 31 slides
Tillage Depth Control (TDC) Benefits of Tillage Depth Control Is the definition of precision

Tillage Depth Control (TDC) Benefits of Tillage Depth Control Is the definition of precision

Tillage Depth Control (TDC) Benefits of Tillage Depth Control Is the definition of precision agriculture! Increased efficiency Automating time consuming tasks Enables less skilled workers to perform the task better Accurate

353 views • 11 slides

More recommend