Malware Speaks! Deep Learning Based Assembly Code Processing for Detecting Evasive Cryptojacking

The increasing prevalence of blockchain-based cryptocurrencies as a payment instrument in the past decade and the rewards earned by the cryptominers has resulted in a new class of cyber attacks, cryptojacking , which involves unauthorized mining of cryptocurrencies on someone's system. Spotting cryptojacking is difficult in many cases, since the relevant software tries to disguise its presence to evade detection, by mimicking benign software such as compression applications by performing similar bitwise, cryptographic, and encryption operations. In this paper, we propose the processing of assembly code—a fundamental and platform-independent programming language—as a natural language using deep learning for profiling applications, which we call De ep Code Pro filer (DeCode Pro). Our proposed solution leverages the immutable step of any cyber attack: the deployment of instructions in system memory to carry out the attack. Through extensive experimentation with different neural network architectures in the profiling stage, we show that DeCode Pro is highly effective in the detection of evasive cryptojacking attacks and achieves low false positive and false negative rates. We also show that the model achieves high classification accuracy even with limited training data, which can considerably reduce the computing resources required for training and retraining the deep learning model.