Related papers: Dynamic Graph-based Fingerprinting of In-browser Cryptomining

Dynamic Graph-based Fingerprinting of In-browser Cryptomining

URL: http://arxiv.org/abs/2505.02493v1
Date: Mon, 05 May 2025 09:21:58 GMT
Title: Dynamic Graph-based Fingerprinting of In-browser Cryptomining
Authors: Tanapoom Sermchaiwong, Jiasi Shen,
Abstract summary: cryptojacking is an attack that uses stolen computing resources to mine cryptocurrencies without consent for profit.<n>In-browser cryptojacking malware exploits web technologies like WebAssembly to mine cryptocurrencies directly within the browser.<n>We propose using instruction-level data-flow graphs to detect cryptomining behavior.
Score: 0.5261718469769449
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: The decentralized and unregulated nature of cryptocurrencies, combined with their monetary value, has made them a vehicle for various illicit activities. One such activity is cryptojacking, an attack that uses stolen computing resources to mine cryptocurrencies without consent for profit. In-browser cryptojacking malware exploits high-performance web technologies like WebAssembly to mine cryptocurrencies directly within the browser without file downloads. Although existing methods for cryptomining detection report high accuracy and low overhead, they are often susceptible to various forms of obfuscation, and due to the limited variety of cryptomining scripts in the wild, standard code obfuscation methods present a natural and appealing solution to avoid detection. To address these limitations, we propose using instruction-level data-flow graphs to detect cryptomining behavior. Data-flow graphs offer detailed structural insights into a program's computations, making them suitable for characterizing proof-of-work algorithms, but they can be difficult to analyze due to their large size and susceptibility to noise and fragmentation under obfuscation. We present two techniques to simplify and compare data-flow graphs: (1) a graph simplification algorithm to reduce the computational burden of processing large and granular data-flow graphs while preserving local substructures; and (2) a subgraph similarity measure, the n-fragment inclusion score, based on fragment inclusion that is robust against noise and obfuscation. Using data-flow graphs as computation fingerprints, our detection framework PoT (Proof-of-Theft) was able to achieve high detection accuracy against standard obfuscations, outperforming existing detection methods. Moreover, PoT uses generic data-flow properties that can be applied to other platforms more susceptible to cryptojacking such as servers and data centers.

Related papers

Pay Less Attention to Deceptive Artifacts: Robust Detection of Compressed Deepfakes on Online Social Networks [81.21729774122554]
Existing deepfake detection methods overlook the block effects" introduced by compression in Online Social Networks (OSNs)<n>We propose PLADA, a novel framework designed to tackle the lack of paired data and the ineffective use of compressed images.<n>PLADA consists of two core modules: Block Effect Eraser (B2E), which uses a dual-stage attention mechanism to handle block effects, and Open Data Aggregation (ODA), which processes both paired and unpaired data to improve detection.
arXiv Detail & Related papers (2025-06-25T15:46:41Z)
Cryptoscope: Analyzing cryptographic usages in modern software [0.5139430317578633]
The advent of quantum computing poses a significant challenge as it has the potential to break certain cryptographic algorithms.<n>It is crucial not only to identify quantum vulnerable algorithms but also to detect vulnerabilities and incorrect crypto usages.<n>A U.S. government memorandum require agencies to begin their transition to PQC (Post Quantum Cryptograpy) by conducting a prioritized inventory of cryptographic systems.
arXiv Detail & Related papers (2025-03-25T10:39:50Z)
Learning to Localize Leakage of Cryptographic Sensitive Variables [13.98875599619791]
We develop a principled deep learning framework for determining the relative leakage due to measurements recorded at different points in time.<n>This information is invaluable to cryptographic hardware designers for understanding *why* their hardware leaks.
arXiv Detail & Related papers (2025-03-10T15:42:30Z)
Cryptanalysis via Machine Learning Based Information Theoretic Metrics [58.96805474751668]
We propose two novel applications of machine learning (ML) algorithms to perform cryptanalysis on any cryptosystem.<n>These algorithms can be readily applied in an audit setting to evaluate the robustness of a cryptosystem.<n>We show that our classification model correctly identifies the encryption schemes that are not IND-CPA secure, such as DES, RSA, and AES ECB, with high accuracy.
arXiv Detail & Related papers (2025-01-25T04:53:36Z)
Effective Illicit Account Detection on Large Cryptocurrency MultiGraphs [16.25273745598176]
Rise in cryptocurrency-related illicit activities has led to significant losses for users. Current detection methods mainly depend on feature engineering or are inadequate to leverage the complex information within cryptocurrency transaction networks. We present DIAM, an effective method for detecting illicit accounts in cryptocurrency transaction networks modeled by directed multi-graphs with attributed edges.
arXiv Detail & Related papers (2023-09-04T09:01:56Z)
An Unforgeable Publicly Verifiable Watermark for Large Language Models [84.2805275589553]
Current watermark detection algorithms require the secret key used in the watermark generation process, making them susceptible to security breaches and counterfeiting during public detection. We propose an unforgeable publicly verifiable watermark algorithm named UPV that uses two different neural networks for watermark generation and detection, instead of using the same key at both stages.
arXiv Detail & Related papers (2023-07-30T13:43:27Z)
Transaction Fraud Detection via an Adaptive Graph Neural Network [64.9428588496749]
We propose an Adaptive Sampling and Aggregation-based Graph Neural Network (ASA-GNN) that learns discriminative representations to improve the performance of transaction fraud detection. A neighbor sampling strategy is performed to filter noisy nodes and supplement information for fraudulent nodes. Experiments on three real financial datasets demonstrate that the proposed method ASA-GNN outperforms state-of-the-art ones.
arXiv Detail & Related papers (2023-07-11T07:48:39Z)
Deep Fraud Detection on Non-attributed Graph [61.636677596161235]
Graph Neural Networks (GNNs) have shown solid performance on fraud detection. labeled data is scarce in large-scale industrial problems, especially for fraud detection. We propose a novel graph pre-training strategy to leverage more unlabeled data.
arXiv Detail & Related papers (2021-10-04T03:42:09Z)
Software Vulnerability Detection via Deep Learning over Disaggregated Code Graph Representation [57.92972327649165]
This work explores a deep learning approach to automatically learn the insecure patterns from code corpora. Because code naturally admits graph structures with parsing, we develop a novel graph neural network (GNN) to exploit both the semantic context and structural regularity of a program.
arXiv Detail & Related papers (2021-09-07T21:24:36Z)
Blockchain Phishing Scam Detection via Multi-channel Graph Classification [1.6980621769406918]
Phishing scam detection methods will protect possible victims and build a healthier blockchain ecosystem. We defined the transaction pattern graphs for users and transformed the phishing scam detection into a graph classification task. The proposed multi-channel graph classification model (MCGC) is more able to detect potential phishing by extracting the transaction pattern features of the target users.
arXiv Detail & Related papers (2021-08-19T02:59:55Z)
Malware Traffic Classification: Evaluation of Algorithms and an Automated Ground-truth Generation Pipeline [8.779666771357029]
We propose an automated packet data-labeling pipeline to generate ground-truth data. We explore and test different kind of clustering approaches which make use of unique and diverse set of features extracted from this observable meta-data.
arXiv Detail & Related papers (2020-10-22T11:48:51Z)

This list is automatically generated from the titles and abstracts of the papers in this site.