Real-Time Detection of Cryptocurrency Mining Behavior

With the rapid development of blockchain, cryptocurrency gains more attention due to its anonymity and decentralization. However, illegal cryptocurrency mining problems, e.g., unauthorized control of victims' devices or appropriate public resources, become more and more serious. Existing mining detection methods need to be deployed locally and require authorization from administrators, which hardly supervise an entire network segment, as it brings high installation and maintenance costs. To solve this problem, in this paper, we propose a lightweight mining behavior detection method based on traffic analysis, which leverages communication packets in the first n seconds of a flow to achieve a real-time response. The experiment results with real-world datasets prove that the proposed method can achieve 94.04% F1 score using only the first 40 s packets, 98.22% F1 score using the first 120 s packets. Moreover, it can realize unknown cryptomining service discovery for about 96.37% F1 score. Instead of installing antivirus software on the host, the proposed method based on traffic analysis can be deployed at the gateways, which brings convenience for network management.