A lightweight IoT cryptojacking detection mechanism in heterogeneous smart home networks

Abstract

Recently, cryptojacking malware has become an easy way of reaching and profiting from a large number of victims. Prior works studied the cryptojacking detection systems focusing on both in-browser and host-based cryptojacking malware. However, none of these earlier works investigated different attack configurations and network settings in this context. For example, an attacker with an aggressive profit strategy may increase computational resources to the maximum utilization to benefit more in a short time, while a stealthy attacker may want to stay undetected longer time on the victim’s device. The accuracy of the detection mechanism may differ for an aggressive and stealthy attacker. Not only profit strategies, but also the cryptojacking malware type, the victim’s device as well as various network settings where the network is fully or partially compromised may play a key role in the performance evaluation of the detection mechanisms. In addition, smart home networks with multiple IoT devices are easily exploited by the attackers, and they are equipped to mine cryptocurrency on behalf of the attacker. However, no prior works investigated the impact of cryptojacking malware on IoT devices and compromised smart home networks. In this paper, we first propose an accurate and efficient IoT cryptojacking detection mechanism based on network traffic features, which can detect both in-browser and host-based cryptojacking. Then, we focus on the cryptojacking implementation problem on new device categories (eg, IoT) and designed several novel experiment scenarios to assess our detection mechanism to cover the current attack surface of the attackers. Particularly, we tested our mechanism in various attack configurations and network settings. For this, we used a dataset of network traces consisting of 6.4 M network packets and showed that our detection algorithm can obtain accuracy as high as 99% with only one-hour of training data. To the best of our knowledge, this work is the first study focusing on IoT cryptojacking and the first study analyzing various attacker behaviors and network settings in the area of cryptojacking detection.

Publication
Proc. of the ISOC Network and Distributed System Security Symposium (NDSS)
Abbas Acar
Abbas Acar
Senior Research Scientist

I completed my PhD in the Cyber-Physical Systems Security (CSL) lab under the supervision of Professor Selcuk Uluagac in 2020 at Florida International University (FIU), USA. Before that, I received my BSc from Electrical and Electronics Engineering at Middle East Technical University, Turkey in 2015 with a minor in Mathematics. My research interests include alternative authentication methods (e.g., continuous authentication), IoT security and privacy, and privacy-preserving technologies (e.g., homomorphic encryption).