polito.it
Politecnico di Torino (logo)

“Design and Implementation of Machine Learning Algorithms for Web Cryptomining Detection”

Eugenio Emmolo

“Design and Implementation of Machine Learning Algorithms for Web Cryptomining Detection”.

Rel. Marco Mellia, Stefano Traverso. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2019

Abstract:

“Design and Implementation of Machine Learning Algorithms for Web Cryptomining Detection” In the last years, cryptocurrencies like Bitcoin, Monero and Ethereum have gained popularity since they provide a valid alternative to the centralized banking system and an advantageous context for financial speculation. A core part in the cryptocurrency structure is the mining process, in which a computationally heavy cryptographic problem has to be solved in order to validate a group of online transactions and generate new currency. As this mechanism establishes a reward for each problem correctly solved, some ill-intentioned users, in place of using their own machines, started to make website visitors silently running some cryptomining code on their devices, creating as a matter of fact a new source of profit. This process, meant to exploit third-party device resources, has been called 'cryptojacking' or 'drive-by mining': it consists in a new web threat that aims at covertly highjacking users computational power to mine cryptocurrency while they are browsing an infected website; as reported by the majority security providers in the time period (2017-2018), crypto-highjacking attacks became highly widespread and frequent, striking vulnerable websites and causing annoying problems to users surfing the Internet. At first, web-based mining was intended to be used by websites as a new monetizing model in substitution to advertisements, but it quickly turned out to be highly exploited by hackers to create botnets of devices which actively mine to make profits for the master. Cyber-criminals manage to infect websites by injecting some malicious JavaScript code into their source page: by means of newly developed code libraries, mainly hosted by third-party domains, such websites trigger a surreptitious mining process each time a user lands on the corrupted web page. Furthermore, to make such mechanism faster and more efficient, technologies like WebWorkers and WebAssembly are widely employed although they were created for other purposes. Nowadays, the majority of websites and web applications rely on JavaScript scripts in order to work properly and so it becomes extremely important to be able to single out dangerous scripts and block them. It has to be highlighted that, although nowadays the cryptojacking threat is widely known by most of the companies that promotes IT security, it is still not trivial to design and implement an autonomous detection system, which could protect the users effectively. The purpose of this thesis has been to study in depth the cryptojacking threat and the develop of a methodology to automatically detect malicious scripts in cryptojacking websites, providing the users a better and safer surfing experience. The designed script detection algorithm is based on a dynamic analysis of the JavaScript APIs which are executed at runtime; the set of called functions and the relative occurrences are given to a classifier as features to make a prediction and label the script as cryptojacker or not. A dynamic approach presents many advantages as the capability to work even if the malicious script is obfuscated, but of course it has also many limitations as the lack of possibility to perform an offline analysis. The methodology has shown great results, revealing the dynamic approach to be efficient in the task of recognizing cryptojacker activities in the web.

Relatori: Marco Mellia, Stefano Traverso
Anno accademico: 2019/20
Tipo di pubblicazione: Elettronica
Numero di pagine: 83
Informazioni aggiuntive: Tesi secretata. Fulltext non presente
Soggetti:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA
Aziende collaboratrici: ERMES CYBER SECURITY S.R.L.
URI: http://webthesis.biblio.polito.it/id/eprint/12412
Modifica (riservato agli operatori) Modifica (riservato agli operatori)