Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.11851/8349
Full metadata record
DC FieldValueLanguage
dc.contributor.authorTekiner, Ege-
dc.contributor.authorAcar, A.-
dc.contributor.authorUluagac, A. Selçuk-
dc.contributor.authorKırda, E.-
dc.contributor.authorSelçuk, Ali Aydın-
dc.date.accessioned2022-01-15T13:02:36Z-
dc.date.available2022-01-15T13:02:36Z-
dc.date.issued2021-
dc.identifier.isbn9781665414913-
dc.identifier.urihttps://doi.org/10.1109/EuroSP51992.2021.00019-
dc.identifier.urihttps://hdl.handle.net/20.500.11851/8349-
dc.description6th IEEE European Symposium on Security and Privacy, Euro S and P 2021 -- 6 September 2021 through 10 September 2021 -- 173512en_US
dc.description.abstractEmerging blockchain and cryptocurrency-based technologies are redefining the way we conduct business in cyberspace. Today, a myriad of blockchain and cryp-tocurrency systems, applications, and technologies are widely available to companies, end-users, and even malicious actors who want to exploit the computational resources of regular users through cryptojacking malware. Especially with ready-to-use mining scripts easily provided by service providers (e.g., Coinhive) and untraceable cryptocurrencies (e.g., Monero), cryptojacking malware has become an indispensable tool for attackers. Indeed, the banking industry, major commercial websites, government and military servers (e.g., US Dept. of Defense), online video sharing platforms (e.g., Youtube), gaming platforms (e.g., Nintendo), critical infrastructure resources (e.g., routers), and even recently widely popular remote video conferencing/meeting programs (e.g., Zoom during the Covid-19 pandemic) have all been the victims of powerful cryptojacking malware campaigns. Nonetheless, existing detection methods such as browser extensions that protect users with blacklist methods or antivirus programs with different analysis methods can only provide a partial panacea to this emerging crypto-jacking issue as the attackers can easily bypass them by using obfuscation techniques or changing their domains or scripts frequently. Therefore, many studies in the literature proposed cryptojacking malware detection methods using various dynamic/behavioral features. However, the literature lacks a systemic study with a deep understanding of the emerging cryptojacking malware and a comprehensive review of studies in the literature. To fill this gap in the literature, in this SoK paper, we present a systematic overview of cryptojacking malware based on the information obtained from the combination of academic research papers, two large cryptojacking datasets of samples, and 45 major attack instances. Finally, we also present lessons learned and new research directions to help the research community in this emerging area. © 2021 IEEE.en_US
dc.description.sponsorshipNational Science Foundation, NSF: NSF-1663051, NSF-CAREER CNS-1453647, NSF-CNS-1703454, NSF-CNS-1718116; Office of Naval Research, ONRen_US
dc.description.sponsorshipThe rapid rise of cryptocurrencies incentivized the attackers to the lucrative blockchain and the Bitcoin ecosystem. With ready-to-use mining scripts offered easily by service providers (e.g., Coinhive [8], and CryptoLoot [4]) and untraceable cryptocurrencies (e.g., Monero), crypto-jacking malware has become an essential tool for hackers. The lack of mitigation techniques in the market led to many cryptojacking malware detection studies proposed in the literature. In this paper, we first explained the cryptojacking malware types and how they work in a systematic fashion. Then, we presented the techniques used by cryptojacking malware based on the previous research papers, cryptojacking samples, and major attack instances. In particular, we presented sources of cryp-tojacking malware, infection methods, victim platform types, target cryptocurrencies, evasion, and obfuscation techniques used by cryptojacking malware. Moreover, we gave a detailed review of the existing detection and prevention studies as well as the cryptojacking analysis studies in the literature. Finally, we presented lessons learned, and we noted several promising new research directions. In doing so, this SoK study will facilitate not only a deep understanding of the emerging cryptojacking malware and the pertinent detection and prevention mechanisms but also a substantial additional research work needed to provide adequate mitigations in the community. Acknowledgment We would like to thank VirusTotal for sharing the samples. We also would like to thank the anonymous reviewers, and our shepherd Dr. Christian Rossow for their feedback and time. This work was partially supported by the U.S. National Science Foundation (NSF) (Awards: NSF-CAREER CNS-1453647, NSF-1663051, NSF-CNS-1718116, NSF-CNS-1703454), and ONR under the ”In Situ Malware” project, and CyberFlorida Capacity Building Program. The views expressed are those of the authors only.en_US
dc.language.isoenen_US
dc.publisherInstitute of Electrical and Electronics Engineers Inc.en_US
dc.relation.ispartofProceedings - 2021 IEEE European Symposium on Security and Privacy, Euro S and P 2021en_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectBitcoinen_US
dc.subjectBlockchainen_US
dc.subjectCryptojackingen_US
dc.subjectCryptominingen_US
dc.subjectDetectionen_US
dc.subjectHost-baseden_US
dc.subjectIn-browseren_US
dc.subjectMalwareen_US
dc.subjectBitcoinen_US
dc.subjectLarge dataseten_US
dc.subjectMalwareen_US
dc.subjectVideo conferencingen_US
dc.subjectBlock-chainen_US
dc.subjectCryptojackingen_US
dc.subjectCryptominingen_US
dc.subjectCyberspacesen_US
dc.subjectDetectionen_US
dc.subjectDetection methodsen_US
dc.subjectEnd-usersen_US
dc.subjectHost-baseden_US
dc.subjectIn browsersen_US
dc.subjectSystem applicationsen_US
dc.subjectBlockchainen_US
dc.titleSoK: Cryptojacking malwareen_US
dc.typeConference Objecten_US
dc.departmentFaculties, Faculty of Engineering, Department of Computer Engineeringen_US
dc.departmentFakülteler, Mühendislik Fakültesi, Bilgisayar Mühendisliği Bölümütr_TR
dc.identifier.startpage120en_US
dc.identifier.endpage139en_US
dc.identifier.wosWOS:000783804100008en_US
dc.identifier.scopus2-s2.0-85119272386en_US
dc.institutionauthorSelçuk, Ali Aydın-
dc.identifier.doi10.1109/EuroSP51992.2021.00019-
dc.authorscopusid57219158999-
dc.authorscopusid57201944908-
dc.authorscopusid22735196300-
dc.authorscopusid6602533668-
dc.authorscopusid7004457288-
dc.relation.publicationcategoryKonferans Öğesi - Uluslararası - Kurum Öğretim Elemanıen_US
item.openairetypeConference Object-
item.languageiso639-1en-
item.grantfulltextnone-
item.fulltextNo Fulltext-
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.cerifentitytypePublications-
crisitem.author.dept06.01. Department of Architecture-
crisitem.author.dept02.3. Department of Computer Engineering-
Appears in Collections:Bilgisayar Mühendisliği Bölümü / Department of Computer Engineering
Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection
WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection
Show simple item record



CORE Recommender

WEB OF SCIENCETM
Citations

28
checked on Dec 21, 2024

Page view(s)

306
checked on Dec 16, 2024

Google ScholarTM

Check




Altmetric


Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.