A Deep-Learning Based Robust Framework Against Adversarial P.E. and Cryptojacking Malware

This graduate thesis introduces novel, deep-learning based frameworks that are resilient to adversarial P.E. and cryptojacking malware. We propose a method that uses a convolutional neural network (CNN) to classify image representations of malware, that provides robustness against numerous adversarial attacks. Our evaluation concludes that the image-based malware classifier is significantly more robust to adversarial attacks than a state-of-the-art ML-based malware classifier, and remarkably drops the evasion rate of adversarial samples to 0% in certain attacks. Further, we develop MINOS, a novel, lightweight cryptojacking detection system that accurately detects the presence of unwarranted mining activity in real-time. MINOS can detect mining activity with a low TNR and FPR, in an average of 25.9 milliseconds while using a maximum of 4% of CPU and 6.5% of RAM. Therefore, it can be concluded that the frameworks presented in this thesis attain high accuracy, are computationally inexpensive, and are resistant to adversarial perturbations

A Deep-dive into Cryptojacking Malware: From an Empirical Analysis to a Detection Method for Computationally Weak Devices

Cryptojacking is an act of using a victim\u27s computation power without his/her consent. Unauthorized mining costs extra electricity consumption and decreases the victim host\u27s computational efficiency dramatically. In this thesis, we perform an extensive research on cryptojacking malware from every aspects. First, we present a systematic overview of cryptojacking malware based on the information obtained from the combination of academic research papers, two large cryptojacking datasets of samples, and numerous major attack instances. Second, we created a dataset of 6269 websites containing cryptomining scripts in their source codes to characterize the in-browser cryptomining ecosystem by differentiating permissioned and permissionless cryptomining samples. Third, we introduce an accurate and efficient IoT cryptojacking detection mechanism based on network traffic features that achieves an accuracy of 99%. Finally, we believe this thesis will greatly expand the scope of research and facilitate other novel solutions in the cryptojacking domain

Honeypot-based Security Enhancements for Information Systems

The purpose of this thesis is to explore honeypot-based security enhancements for information systems. First, we provide a comprehensive survey of the research that has been carried out on honeypots and honeynets for Internet of Things (IoT), Industrial Internet of Things (IIoT), and Cyber-physical Systems (CPS). We provide a taxonomy and extensive analysis of the existing honeypots and honeynets, state key design factors for the state-of-the-art honeypot/honeynet research and outline open issues. Second, we propose S-Pot, a smart honeypot framework based on open-source resources. S-Pot uses enterprise and IoT honeypots to attract attackers, learns from attacks via ML classifiers, and dynamically configures the rules of SDN. Our performance evaluation of S-Pot in detecting attacks using various ML classifiers shows that it can detect attacks with 97% accuracy using J48 algorithm. Third, for securing host-based Docker containers from cryptojacking, using honeypots, we perform a forensic analysis to identify indicators for the detection of unauthorized cryptomining, present measures for securing them, and propose an approach for monitoring host-based Docker containers for cryptojacking detection. Our results reveal that host temperature, combined with container resource usage, Stratum protocol, keywords in DNS requests, and the use of the container’s ephemeral ports are notable indicators of possible unauthorized cryptomining

Securing Critical Infrastructures

1noL'abstract è presente nell'allegato / the abstract is in the attachmentopen677. INGEGNERIA INFORMATInoopenCarelli, Albert

Detecting covert cryptomining using HPC

Cybercriminals have been exploiting cryptocurrencies to commit various unique financial frauds. Covert cryptomining - which is defined as an unauthorized harnessing of victims\u2019 computational resources to mine cryptocurrencies - is one of the prevalent ways nowadays used by cybercriminals to earn financial benefits. Such exploitation of resources causes financial losses to the victims. In this paper, we present our efficient approach to detect covert cryptomining on users\u2019 machine. Our solution is a generic solution that, unlike currently available solutions to detect covert cryptomining, is not tailored to a specific cryptocurrency or a particular form of cryptomining. In particular, we focus on the core mining algorithms and utilize Hardware Performance Counters (HPC) to create clean signatures that grasp the execution pattern of these algorithms on a processor. We built a complete implementation of our solution employing advanced machine learning techniques. We evaluated our methodology on two different processors through an exhaustive set of experiments. In our experiments, we considered all the cryptocurrencies mined by the top-10 mining pools, which collectively represent the largest share of the cryptomining market. Our results show that our classifier can achieve a near-perfect classification with samples of length as low as five seconds. Due to its robust and practical design, our solution can even adapt to zero-day cryptocurrencies. Finally, we believe our solution is scalable and can be deployed to tackle the uprising problem of covert cryptomining