Not logged in.
Quick Search - Contribution
|Title||Intelligent and Behavioral-based Detection of Cryptominers in Resource-constrained Spectrum Sensors|
|Institution||University of Zurich|
|Faculty||Faculty of Business, Economics and Informatics|
|Abstract Text||With the rising popularity of cryptocurrencies and IoT devices, the number of cryptomining attacks on such devices is intensifying as they are often poorly secured. The reason cybercriminals are increasingly interested in cryptominers is that they offer fast and anonymous way of making money while taking low risks. A modern approach for detecting cyber attacks is to combine behavioural fingerprinting analysis with machine learning models. While recent works provide numerous state-of-the-art approaches for general computers, literature shows little research on detecting malicious cryptomining on IoT devices. Therefore, the underlying thesis proposes different supervised and unsupervised models that aim at detecting cryptojacking on IoT devices from the devices' perspective. One of the requirements to train machine learning models effectively are data sets containing clean, as well as infected device behaviour. Therefore, behavioural monitoring is predominantly performed on a Raspberry Pi using a monitoring script that periodically measures the number of performance events. The test device is part of a real world IoT crowdsensing platform called ElectroSense, whose sensor will be infected with a cryptojacker as part of this thesis. The framework creation process involves collecting and preprocessing data and the training of different ML-based algorithms. The performance of the models is evaluated using various statistical methods. The model based on the Isolation Forest algorithm, which takes an unsupervised approach, achieves the best overall weighted accuracy of 93.9%. The unsupervised Local Outlier Factor model performs best with 97.7% if the accuracy is not weighted. Regarding the supervised models, the Decision Tree classifier achieves the best F1-Score macro average of 76%, which transforms to 100% if the F1-Scores are weighted per class. Because supervised and unsupervised approaches work fundamentally different, the percentages should not be compared directly due to varying evaluation metrics and individual strengths and weaknesses. Nonetheless, it becomes clear that all the trained detection modules are able to detect the vast majority of attack samples during the evaluation. This proves, that using machine learning models combined with behaviour fingerprinting is a viable option to detect cryptojackers in IoT devices.|