基于SDR句嵌入的挖矿恶意软件早期检测方法

doi:10.11896/jsjkx.231200041

Computer Science ›› 2024, Vol. 51 ›› Issue (12): 303-309.doi: 10.11896/jsjkx.231200041

• Information Security • Previous Articles Next Articles

Cryptomining Malware Early Detection Method Based on SDR

ZHONG Kai¹, GUO Chun¹, LI Xianchao², SHEN Guowei¹

1 State Key Laboratory of Public Big Data, College of Computer Science and Technology, Guizhou University, Guiyang 550025, China
2 Guizhou Cloud Computing and Big Data Professional Master’s Workstation, Guiyang 550014, China

Received:2023-12-06 Revised:2024-04-30 Online:2024-12-15 Published:2024-12-10
About author:ZHONG Kai,born in 1997,postgra-duate.His main research interests include computer network and information security.
GUO Chun,born in 1986,Ph.D,professor.His main research interests include malicious code detection and intrusion detection.
Supported by:
National Natural Science Foundation of China(62162009),Big Data and Network Security Innovation Team of Universities in Guizhou Province([2023]052) and Science and Technology Program of Guizhou Province(GHB[2023]001).

Abstract

Abstract: Cryptomining malware aims to steal computing resources from devices to mine cryptocurrency,seriously compromising network security while consuming a large amount of computing resources.Current dynamic detection methods for cryptomining malware mainly rely on host behavior or network traffic collected during a long sample run for detection,which does not balance the timeliness and accuracy of detection.By analyzing the DLL(dynamic link library) called and the return value of the API called by the cryptomining malware at the early stage of operation,we propose an API sentence embedding method based on DLL and API return value(SDR),and further propose a cryptomining malware early detection method based on SDR(CEDS).CEDS uses SDR to convert the API name sequences,API returns value sequences,and DLL sequences generated in the early stages of software operation into sentence vector sequences,and uses TextCNN to build a model for early detection of cryptomining malware.Experimental results show that CEDS can determine whether a software sample is cryptomining malware or benign software with an average time of 0.5106s and an accuracy of 96.75%.

Key words: Cryptomining malware, Dynamic analysis, Early detection, Sentence embedding, Deep learning

CLC Number:

TP309

ZHONG Kai, GUO Chun, LI Xianchao, SHEN Guowei. Cryptomining Malware Early Detection Method Based on SDR[J].Computer Science, 2024, 51(12): 303-309.

References

[1]TEKINER E,ACAR A,ULUAGAC A S,et al.SoK:cryptojacking malware[C]//IEEE European Symposium on Security and Privacy.2021:120-139.
[2]Malwarebytes.2022 THREAT REVIEW[EB/OL].[2023-08-18].https://www.malwarebytes.com/resources/malwarebytes-threat-review-2022/index.html.
[3]AHMAD A,SHAFIUDDIN W,KAMA M N,et al.A NewCryptojacking Malware Classifier Model Based on Dendritic Cell Algorithm[C]//International Conference on Vision,Image and Signal Processing.2019:84:1-84.
[4]MUÑOZ J Z I,SUÁREZ-VARELA J,BARLET-ROS P.Detecting cryptocurrency miners with NetFlow/IPFIX network mea-surements[C]//2019 IEEE International Symposium on Mea-surements & Networking(M&N).IEEE,2019:1-6.
[5]CAPROLU M,RAPONI S,OLIGERI G,et al.Cryptominingmakes noise:Detecting cryptojacking via Machine Learning[J].Computer Communications,2021,171:126-139.
[6]TANANA D,TANANA G.Advanced behavior-based technique for cryptojacking malware detection[C]//International Confe-rence on Signal Processing and Communication Systems.2019:84:1-84.
[7]BERECZ G J,CZIBULA I G.Hunting traits for cryptojackers[C]//Proceedings of the 16th International Joint Conference on e-Business and Telecommunications.2019:386-393.
[8]DARABIAN H,HOMAYOUNOOT S,DEHGHANTANHAA,et al.Detecting cryptomining malware:a deep learning approach for static and dynamic analysis[J].Journal of Grid Computing,2020,18(2):293-303.
[9]MANI G,PASUMARTI V,BHARGAVA B,et al.Decryptopro:deep learning based cryptomining malware detection using performance counters[C]//2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems(AC-SOS).IEEE,2020:109-118.
[10]KARN R R,KUDVA P,HUANG H,et al.Cryptomining detection in container clouds using system calls and explainable machine learning[J].IEEE Transactions on Parallel and Distributed Systems,2020,32(3):674-691.
[11]SUN P F,LYU M D,LI H,et al.An early stage convolutional feature extracting method using for mining traffic detection[J].Computer Communications,2022,193:346-354.
[12]CAO C B,GUO C,SHEN G W,et al.Cryptomining Malware Early Detection Method in Behavioral Diversity Period[J].Acta Electronica Sinica,2023,51(7):1850-1858.
[13]CAO C B,GUO C,LI X C,et al.Cryptomining Malware Early Detection Method Based on AECD Embedding[J].Journal of Frontiers of Computer Science and Technology,2024,18(4):1083-1093.
[14]Microsoft.Dynamic-Link Libraries(Dynamic-Link Libraries)[EB/OL].[2023-08-18].https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-libraries.
[15]IJAZ M,DURAD M H,ISMAIL M.Static and Dynamic Malware Analysis Using Machine Learning[C]//2019 16th International Bhurban Conference on Applied Sciences and Technology(IBCAST- 2019).2019.
[16]Microsoft.How to:Call Windows APIs(Visual Basic)[EB/OL].[2023-03-30].https://learn.microsoft.com/en-us/dotnet/visual-basic/programming-guide/com-interop/how-to-call-windows-apis.
[17]SHANNON C E.A Mathematical Theory of Communication[J].The Bell System Technical Journal,1948,27(3):379-423.
[18]Microsoft.Methods(C# Programming Guide)[EB/OL].[2023-03-30].https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/classes-and-structs/methods.
[19]MIKOLOVT,SUTSKEVER I,CHEN K,et al.Distributed representations of words and phrases and their compositionality[C]//Proceedings of the 26th International Conference on Neural Information Processing Systems. Curran Associates Inc., 2013:3111-3119.
[20]KIM Y.Convolutional neural networks for sentence classification[J].arXiv:1408.5882,2014.

Related Articles 15

[1]	DU Yu, YU Zishu, PENG Xiaohui, XU Zhiwei. Padding Load:Load Reducing Cluster Resource Waste and Deep Learning Training Costs [J]. Computer Science, 2024, 51(9): 71-79.
[2]	XU Jinlong, GUI Zhonghua, LI Jia'nan, LI Yingying, HAN Lin. FP8 Quantization and Inference Memory Optimization Based on MLIR [J]. Computer Science, 2024, 51(9): 112-120.
[3]	CHEN Siyu, MA Hailong, ZHANG Jianhui. Encrypted Traffic Classification of CNN and BiGRU Based on Self-attention [J]. Computer Science, 2024, 51(8): 396-402.
[4]	SUN Yumo, LI Xinhang, ZHAO Wenjie, ZHU Li, LIANG Ya’nan. Driving Towards Intelligent Future:The Application of Deep Learning in Rail Transit Innovation [J]. Computer Science, 2024, 51(8): 1-10.
[5]	KONG Lingchao, LIU Guozhu. Review of Outlier Detection Algorithms [J]. Computer Science, 2024, 51(8): 20-33.
[6]	TANG Ruiqi, XIAO Ting, CHI Ziqiu, WANG Zhe. Few-shot Image Classification Based on Pseudo-label Dependence Enhancement and NoiseInterferenceReduction [J]. Computer Science, 2024, 51(8): 152-159.
[7]	XIAO Xiao, BAI Zhengyao, LI Zekai, LIU Xuheng, DU Jiajin. Parallel Multi-scale with Attention Mechanism for Point Cloud Upsampling [J]. Computer Science, 2024, 51(8): 183-191.
[8]	ZHANG Junsan, CHENG Ming, SHEN Xiuxuan, LIU Yuxue, WANG Leiquan. Diversified Label Matrix Based Medical Image Report Generation [J]. Computer Science, 2024, 51(8): 200-208.
[9]	GUO Fangyuan, JI Genlin. Video Anomaly Detection Method Based on Dual Discriminators and Pseudo Video Generation [J]. Computer Science, 2024, 51(8): 217-223.
[10]	GAN Run, WEI Xianglin, WANG Chao, WANG Bin, WANG Min, FAN Jianhua. Backdoor Attack Method in Autoencoder End-to-End Communication System [J]. Computer Science, 2024, 51(7): 413-421.
[11]	YANG Heng, LIU Qinrang, FAN Wang, PEI Xue, WEI Shuai, WANG Xuan. Study on Deep Learning Automatic Scheduling Optimization Based on Feature Importance [J]. Computer Science, 2024, 51(7): 22-28.
[12]	LI Jiaying, LIANG Yudong, LI Shaoji, ZHANG Kunpeng, ZHANG Chao. Study on Algorithm of Depth Image Super-resolution Guided by High-frequency Information ofColor Images [J]. Computer Science, 2024, 51(7): 197-205.
[13]	SHI Dianxi, GAO Yunqi, SONG Linna, LIU Zhe, ZHOU Chenlei, CHEN Ying. Deep-Init:Non Joint Initialization Method for Visual Inertial Odometry Based on Deep Learning [J]. Computer Science, 2024, 51(7): 327-336.
[14]	FAN Yi, HU Tao, YI Peng. Host Anomaly Detection Framework Based on Multifaceted Information Fusion of SemanticFeatures for System Calls [J]. Computer Science, 2024, 51(7): 380-388.
[15]	HOU Linhao, LIU Fan. Remote Sensing Image Fusion Combining Multi-scale Convolution Blocks and Dense Convolution Blocks [J]. Computer Science, 2024, 51(6A): 230400110-6.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

Comments

Recommended 0

No Suggested Reading articles found!