Publication result detail

How to detect cryptocurrency miners? By traffic forensics!

VESELÝ, V.; ŽÁDNÍK, M.

Original Title

How to detect cryptocurrency miners? By traffic forensics!

English Title

How to detect cryptocurrency miners? By traffic forensics!

Type

WoS Article

Original Abstract

Cryptocurrencies set a new trend for a financial interaction between people. In order to successfully meet this use-case, cryptocurrencies combine various advanced information technologies (e.g., blockchain as a replicated database, asymmetrical ciphers and hashes guaranteeing integrity properties, peer-to-peer networking providing fault-tolerant service). Mining process not only introduces new cryptocurrency units, but it has become a business how to generate revenue in real life. This paper aims at different approaches how to detect cryptocurrency mining within corporate networks (where it should not be present). Mining activity is often a sign of malware presence or unauthorized exploitation of company resources. The article provides an in-depth overview of pooled mining process including deployment and operational details. Two detection methods and their implementations are available for network administrators, law enforcement agents and the general public interested in cryptocurrency mining forensics.

English abstract

Cryptocurrencies set a new trend for a financial interaction between people. In order to successfully meet this use-case, cryptocurrencies combine various advanced information technologies (e.g., blockchain as a replicated database, asymmetrical ciphers and hashes guaranteeing integrity properties, peer-to-peer networking providing fault-tolerant service). Mining process not only introduces new cryptocurrency units, but it has become a business how to generate revenue in real life. This paper aims at different approaches how to detect cryptocurrency mining within corporate networks (where it should not be present). Mining activity is often a sign of malware presence or unauthorized exploitation of company resources. The article provides an in-depth overview of pooled mining process including deployment and operational details. Two detection methods and their implementations are available for network administrators, law enforcement agents and the general public interested in cryptocurrency mining forensics.

Keywords

Bitcoin, Cryptocurrency, Mining pool, Mining server, Stratum protocol, GetBlockTemplate protocol, GetWork protocol

Key words in English

Bitcoin, Cryptocurrency, Mining pool, Mining server, Stratum protocol, GetBlockTemplate protocol, GetWork protocol

Authors

VESELÝ, V.; ŽÁDNÍK, M.

RIV year

2020

Released

19.12.2019

Book

Digital Investigation

ISBN

1742-2876

Periodical

Digital Investigation

Volume

31

Number

31

State

Kingdom of the Netherlands

Pages from

1

Pages to

14

Pages count

25

URL

https://doi.org/10.1016/j.diin.2019.08.002

BibTex

@article{BUT159983,
  author="Vladimír {Veselý} and Martin {Žádník}",
  title="How to detect cryptocurrency miners? By traffic forensics!",
  journal="Digital Investigation",
  year="2019",
  volume="31",
  number="31",
  pages="1--14",
  doi="10.1016/j.diin.2019.08.002",
  issn="1742-2876",
  url="https://doi.org/10.1016/j.diin.2019.08.002"
}

Documents

article_v3