Behavior-Based Detection of GPU Cryptojacking

• URL: http://arxiv.org/abs/2408.14554v1
• Date: Mon, 26 Aug 2024 18:11:53 GMT
• Title: Behavior-Based Detection of GPU Cryptojacking
• Authors: Dmitry Tanana,
• Abstract summary: This article considers question of GPU cryptojacking detection. We propose complex exposure mechanism based on GPU load by an application and graphic card RAM consumption. It was tested in a controlled virtual machine environment with 80% successful detection rate against selected set of GPU cryptojacking samples and 20% false positive rate against selected number of legitimate GPU-heavy applications.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: With the surge in blockchain-based cryptocurrencies, illegal mining for cryptocurrency has become a popular cyberthreat. Host-based cryptojacking, where malicious actors exploit victims systems to mine cryptocurrency without their knowledge, is on the rise. Regular cryptojacking is relatively well-known and well-studied threat, however, recently attackers started switching to GPU cryptojacking, which promises greater profits due to high GPU hash rates and lower detection chance. Additionally, GPU cryptojackers can easily propagate using, for example, modified graphic card drivers. This article considers question of GPU cryptojacking detection. First, we discuss brief history and definition of GPU cryptojacking as well as previous attempts to design a detection technique for such threats. We also propose complex exposure mechanism based on GPU load by an application and graphic card RAM consumption, which can be used to detect both browser-based and host-based cryptojacking samples. Then we design a prototype decision tree detection program based on our technique. It was tested in a controlled virtual machine environment with 80% successful detection rate against selected set of GPU cryptojacking samples and 20% false positive rate against selected number of legitimate GPU-heavy applications.

Related papers

• Deepfake detection in videos with multiple faces using geometric-fakeness features [79.16635054977068]
  Deepfakes of victims or public figures can be used by fraudsters for blackmailing, extorsion and financial fraud. In our research we propose to use geometric-fakeness features (GFF) that characterize a dynamic degree of a face presence in a video. We employ our approach to analyze videos with multiple faces that are simultaneously present in a video.
  arXiv  Detail & Related papers  (2024-10-10T13:10:34Z)
• The Latency Price of Threshold Cryptosystem in Blockchains [52.359230560289745]
  We study the interplay between threshold cryptography and a class of blockchains that use Byzantine-fault tolerant (BFT) consensus protocols. Existing approaches for threshold cryptosystems introduce a latency overhead of at least one message delay for running the threshold cryptographic protocol. We propose a mechanism to eliminate this overhead for blockchain-native threshold cryptosystems with tight thresholds.
  arXiv  Detail & Related papers  (2024-07-16T20:53:04Z)
• Understanding crypter-as-a-service in a popular underground marketplace [51.328567400947435]
  Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs) applications. The crypter-as-a-service model has gained popularity, in response to the increased sophistication of detection mechanisms. This paper provides the first study on an online underground market dedicated to crypter-as-a-service.
  arXiv  Detail & Related papers  (2024-05-20T08:35:39Z)
• WebGPU-SPY: Finding Fingerprints in the Sandbox through GPU Cache Attacks [0.7400926717561453]
  We present a new attack vector for microarchitectural attacks in web browsers. We develop a cache side channel attack on the compute stack of the GPU that spies on victim activities. We demonstrate that GPU-based cache attacks can achieve a precision of 90 for website fingerprinting of 100 top websites.
  arXiv  Detail & Related papers  (2024-01-09T04:21:43Z)
• The lower energy consumption in cryptocurrency mining processes by SHA-256 Quantum circuit design used in hybrid computing domains [1.000779758350696]
  It would be possible to reduce the mining energy consumption with a quantum hardware's low-energy-operation characteristics. Within this work we demonstrated the use of optimized quantum mining facilities which would replace the classical SHA-256 and high energy consuming classical hardware in near future.
  arXiv  Detail & Related papers  (2023-12-30T23:37:34Z)
• Analyzing In-browser Cryptojacking [16.599890339599586]
  We analyze the static, dynamic, and economic aspects of in-browser cryptojacking. We apply machine learning techniques to distinguish cryptojacking scripts from benign and malicious JavaScript samples. We also build an analytical model to empirically evaluate the feasibility of cryptojacking as an alternative to online advertisement.
  arXiv  Detail & Related papers  (2023-04-26T02:46:42Z)
• Crypto Pump and Dump Detection via Deep Learning Techniques [0.0]
  pump and dump schemes are some of the most common fraudulent activity regarding cryptocurrencies. We propose the novel application of two existing neural network architectures to this problem domain. We show that deep learning solutions can significantly outperform all other existing pump and dump detection methods for cryptocurrencies.
  arXiv  Detail & Related papers  (2022-05-10T03:24:32Z)
• Inspection-L: Practical GNN-Based Money Laundering Detection System for Bitcoin [0.0]
  This paper proposes Inspection-L, a graph neural network (GNN) framework based on self-supervised Deep Graph Infomax (DGI), with Random Forest (RF) to detect illicit transactions for Anti-Money laundering (AML) To the best of our knowledge, our proposal is the first of applying self-supervised GNNs to the problem of AML in Bitcoin. The proposed method has been evaluated on the Elliptic dataset and shows that our approach outperforms the state-of-the-art in terms of key classification metrics.
  arXiv  Detail & Related papers  (2022-03-20T06:19:18Z)
• The Doge of Wall Street: Analysis and Detection of Pump and Dump Cryptocurrency Manipulations [50.521292491613224]
  This paper performs an in-depth analysis of two market manipulations organized by communities over the Internet: The pump and dump and the crowd pump. The pump and dump scheme is a fraud as old as the stock market. Now, it got new vitality in the loosely regulated market of cryptocurrencies. We report on three case studies related to pump and dump groups.
  arXiv  Detail & Related papers  (2021-05-03T10:20:47Z)
• Quantum Multi-Solution Bernoulli Search with Applications to Bitcoin's Post-Quantum Security [67.06003361150228]
  A proof of work (PoW) is an important cryptographic construct enabling a party to convince others that they invested some effort in solving a computational task. In this work, we examine the hardness of finding such chain of PoWs against quantum strategies. We prove that the chain of PoWs problem reduces to a problem we call multi-solution Bernoulli search, for which we establish its quantum query complexity.
  arXiv  Detail & Related papers  (2020-12-30T18:03:56Z)
• Pump and Dumps in the Bitcoin Era: Real Time Detection of Cryptocurrency Market Manipulations [50.521292491613224]
  We perform an in-depth analysis of pump and dump schemes organized by communities over the Internet. We observe how these communities are organized and how they carry out the fraud. We introduce an approach to detect the fraud in real time that outperforms the current state of the art.
  arXiv  Detail & Related papers  (2020-05-04T21:36:18Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.