In this paper, we propose a method that detects cryptojacking activities by analyzing content-agnostic network traffic flows. Our method first distinguishes crypto-mining activities by profiling the traffic with fast Fourier transform at each time window. It then generates the variation vectors between adjacent time windows and leverages a recurrent neural network to identify the cryptojacking patterns. Compared with the existing approaches, this method is privacy-preserving and can identify both browser-based and malware-based cryptojacking activities. Additionally, this method is easy to deploy. It can monitor all the devices within a network by accessing packet headers from the gateway router.
This paper is the poster version of Bridging Missing Gaps in Evaluating DDoS Research (CSET 2020). This poster paper introduced the world to our Sandbox.
In this work, we introduce the Catch-22 attack, a distributed denial-of-service (DDoS) link-flooding attack that exploits real-world limitations of DDoS defense. An attacker in the Catch-22 attack leverages virtual private server (VPS) providers and residential proxy services as vehicles for assembling a botnet, and employs moving target attack techniques to not only maximize the amount of strain on DDoS defense, but also maximize the amount of collateral damage incurred by attacked networks, thereby wreaking havoc on wide swaths of the Internet. In fact, according to our preliminary evaluation, the Catch-22 attack can cause significant collateral damage to over thousands of websites from a major VPS provider. To the best of our knowledge, no existing work has yet to present a solution for such an attack, let alone study it.
This paper is the poster version of FR-WARD: Fast Retransmit as a Wary but Ample Response to Distributed Denial-of-Service Attacks from the Internet of Things (ICCCN 2018). This poster paper introduced the world to FR-WARD.