Demystifying Cryptocurrency Mining Attacks: A Semi-supervised Learning Approach Based on Digital Forensics and Dynamic Network Characteristics

Cryptocurrencies have emerged as a new form of digital money that has not escaped the eyes of cyber-attackers. Traditionally, they have been maliciously used as a medium of exchange for proceeds of crime in the cyber dark-market by cyber-criminals. However, cyber-criminals have devised an exploitative technique of directly acquiring cryptocurrencies from benign users' CPUs without their knowledge through a process called crypto mining. The presence of crypto mining activities in a network is often an indicator of compromise of illegal usage of network resources for crypto mining purposes. Crypto mining has had a financial toll on victims such as corporate networks and individual home users. This paper addresses the detection of crypto mining attacks in a generic network environment using dynamic network characteristics. It tackles an in-depth overview of crypto mining operational details and proposes a semi-supervised machine learning approach to detection using various crypto mining features derived from complex network characteristics. The results demonstrate that the integration of semi-supervised learning with complex network theory modeling is effective at detecting crypto mining activities in a network environment. Such an approach is helpful during security mitigation by network security administrators and law enforcement agencies.