A Holistic Intelligent Cryptojacking Malware Detection System

Hadeel A. Almurshid; Iman Almomani; M. A. Khalifa; Walid El-Shafai

doi:10.1109/ACCESS.2024.3488192

IEEE Access (Jan 2024)

A Holistic Intelligent Cryptojacking Malware Detection System

Hadeel A. Almurshid,
Iman Almomani,
M. A. Khalifa,
Walid El-Shafai

Affiliations

Hadeel A. Almurshid: Computer Science Department, Security Engineering Laboratory, Prince Sultan University, Riyadh, Saudi Arabia
Iman Almomani: ORCiD; Computer Science Department, King Abdullah II School of Information Technology, The University of Jordan, Amman, Jordan
M. A. Khalifa: ORCiD; Computer Science Department, Security Engineering Laboratory, Prince Sultan University, Riyadh, Saudi Arabia
Walid El-Shafai: ORCiD; Computer Science Department, Security Engineering Laboratory, Prince Sultan University, Riyadh, Saudi Arabia

DOI: https://doi.org/10.1109/ACCESS.2024.3488192
Journal volume & issue: Vol. 12
pp. 161417 – 161439

Abstract

Read online

Recent statistics indicate a continuous rise in cryptojacking malware. This malware covertly exploits users’ device resources to mine cryptocurrencies, such as Bitcoin, without their knowledge or consent. Cryptocurrency mining involves participants competing to generate a unique hash, with successful miners earning cryptocurrency tokens as rewards. As the difficulty of mining new cryptocurrencies increases, greater computational power and resources are required. Unfortunately, the growing popularity of cryptocurrencies has led to a significant increase in cryptojacking malware. Compounding this issue is the lack of adequate, practical solutions to combat this threat. Current shortcomings include a limited number of related studies, particularly in host-based cryptojacking, a scarcity of recent research, reliance on small or outdated datasets, and a shallow understanding of the behavior and characteristics of cryptojacking malware. This paper aims to address these gaps by introducing a holistic, intelligent cryptojacking malware detection system that: 1) provides a detailed analysis of the lifecycle of both host-based and web-based cryptojacking malware; 2) conducts a critical comparison of existing solutions, highlighting their weaknesses; 3) applies deep static analysis to identify key indicators crucial for cryptojacking analysis; 4) executes thorough dynamic analysis to demonstrate the real-world impact of cryptojacking; 5) utilizes a new, large, and robust cryptojacking dataset (CJDS) with over 100,000 samples, where the details of constructing this dataset are provided, (f) develops vision-based predictive models using 23 convolutional neural network (CNN) algorithms, extensively evaluated with comprehensive metrics; and 6) integrates the best-performing model to bulid a highly efficient cryptojacking detection system with an accuracy of 99%. This research offers valuable insights into the characteristics and consequences of cryptojacking, paving the way for further advancements in cybersecurity. It aims to protect digital environments from unauthorized resource exploitation and enhance the security of cryptocurrency-based systems.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords