CryptoCatch: Cryptomining Hidden Nowhere
Ruisheng Shi, Ziding Lin, Haoran Sun, Qin Wang, Shihan Zhang, Lina Lan, Zhiyuan Peng, Chenfeng Wang
TL;DR
CryptoCatch introduces a two-stage machine learning framework with active probing to accurately detect encrypted cryptomining traffic, significantly reducing false positives and achieving high detection accuracy.
Contribution
It presents a novel practical detection system combining machine learning and active probing for encrypted cryptomining traffic, improving accuracy and reliability.
Findings
F1-score of 0.99 in detection accuracy
99.39% accuracy in identifying specific cryptocurrencies
Effective across various mining pools
Abstract
Cryptomining poses significant security risks, yet traditional detection methods like blacklists and Deep Packet Inspection (DPI) are often ineffective against encrypted mining traffic and suffer from high false positive rates. In this paper, we propose a practical encrypted cryptomining traffic detection mechanism. It consists of a two-stage detection framework, which can effectively provide fine-grained detection results by machine learning and reduce false positives from classifiers through active probing. Our system achieves an F1-score of 0.99 and identifies specific cryptocurrencies with a 99.39\% accuracy rate. Extensive testing across various mining pools confirms the effectiveness of our approach, offering a more precise and reliable solution for identifying cryptomining activities.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting · Network Security and Intrusion Detection · Advanced Malware Detection Techniques