Minesweeper - An In-Depth Look into Drive-By Cryptocurrency Mining and Its Defense

Explore the emerging cyberthreat of cryptojacking in this 25-minute conference talk from the Association for Computing Machinery (ACM). Delve into the world of drive-by cryptocurrency mining, examining its catalysts, prevalence, and evasion techniques. Gain insights into the threat model, large-scale analysis methodologies, and profit estimation of this cybercriminal activity. Learn about the MineSweeper defense system, including its detection techniques for mining payloads and Stratum communication. Understand the commonalities among drive-by mining services, the CryptoNight algorithm, and the evaluation of detection methods. Discover the implications of this cybersecurity challenge and potential defensive strategies in the evolving landscape of cryptocurrency mining.

Intro
2017: The year of cryptocurrencies
Brought a new cyberthreat: Cryptojacking
Motivation
Existing defenses
Contributions
Catalysts of drive-by mining
Lead to proliferation of in-browser mining services
Threat model: Drive-by mining
Part 1: In-depth analysis
Data collection
Large-scale Analysis: Experiment Set-Up
Detecting Mining Payload (WASM)
Detecting Stratum communication
Prevalence of drive-by mining
Evasion techniques
Profit Estimation
4. Identifying Campaigns
Drive-by mining services commonalities
CryptoNight Algorithm
Analyzing WASM
Evaluation of CryptoNight detection
Mine Sweeper stage 2
Evaluation of CPU Cache Events Monitoring
Conclusion