Detection of cryptocurrency mining malware from network measurements

thumbnail

Tutor / Supervisor

Student

Beramendi Higueras, Arnau

Document type

Bachelor thesis

Date

2020

rights

Open AccessOpen Access

Publisher

Universitat Politécnica de Catalunya



Abstract

Currently cryptocurrencies play an important role in our society. Their popularity has increased hugely in recent years and, consequently, they have attracted the attention of an important segment of the population, which frequently finds in the mining of these cryptographic currencies a new opportunity to earn money. However, this has brought a new scenario where some people use hijacked resources to mine for their own profit. In this context, it is crucial to detect when a host is infected by malware that mines cryptocurrency without permission. Nowadays, there are some approaches to solve this problem: checking the content of each packet (DPI), blocking connections to known pools, analysing the memory consumption or installing anti malware software. Nevertheless, these previous solutions may be quite expensive in terms of resources and money. Additionally, they may require a significant modification of the network or they may be inaccurate in several cases. For this reason, in this project I suggest a system based on three different machine learning algorithms, where each one explores a specific feature of this kind of malware in order to detect it. The first one uses Netflow measurements, the second one uses the DNS queries to detect connections to pools, and the last one uses again the DNS queries but in order to detect connections to malicious domains that may
user

Participating teacher

Files