Malware Speaks! Deep Learning Based Assembly Code Processing for Detecting Evasive Cryptojacking
IEEE Transactions on Dependable and Secure Computing(2023)
摘要
The increasing prevalence of blockchain-based cryptocurrencies as a payment instrument in the past decade and the rewards earned by the cryptominers has resulted in a new class of cyber attacks,
cryptojacking
, which involves unauthorized mining of cryptocurrencies on someone's system. Spotting cryptojacking is difficult in many cases, since the relevant software tries to disguise its presence to evade detection, by mimicking benign software such as compression applications by performing similar bitwise, cryptographic, and encryption operations. In this paper, we propose the processing of assembly code—a fundamental and platform-independent programming language—as a natural language using deep learning for profiling applications, which we call
De
ep
Code
Pro
filer (DeCode Pro). Our proposed solution leverages the immutable step of any cyber attack: the deployment of instructions in system memory to carry out the attack. Through extensive experimentation with different neural network architectures in the profiling stage, we show that DeCode Pro is highly effective in the detection of evasive cryptojacking attacks and achieves low false positive and false negative rates. We also show that the model achieves high classification accuracy even with limited training data, which can considerably reduce the computing resources required for training and retraining the deep learning model.
更多查看译文
关键词
Assembly code,cryptojacking,cryptomining,deep learning,LSTM,natural language processing
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要