| 000 | 00000nam c2200205 c 4500 | |
| 001 | 000046071898 | |
| 005 | 20210326141222 | |
| 007 | ta | |
| 008 | 201230s2021 ulkad bmAC 000c eng | |
| 040 | ▼a 211009 ▼c 211009 ▼d 211009 | |
| 085 | 0 | ▼a 0510 ▼2 KDCP |
| 090 | ▼a 0510 ▼b 6D36 ▼c 1121 | |
| 100 | 1 | ▼a 박성한, ▼g 朴成韓 |
| 245 | 1 0 | ▼a Circuit : ▼b a JavaScript memory heap based approach for precisely detecting cryptojacking website / ▼d Sung Han Park |
| 260 | ▼a Seoul : ▼b Graduate School, Korea University, ▼c 2021 | |
| 300 | ▼a 43장 : ▼b 삽화, 도표 ; ▼c 26 cm | |
| 500 | ▼a 지도교수: 이희조 | |
| 502 | 0 | ▼a 학위논문(석사)-- ▼b 고려대학교 대학원: ▼c 컴퓨터·전파통신공학과, ▼d 2021. 2 |
| 504 | ▼a 참고문헌: 장 39-43 | |
| 530 | ▼a PDF 파일로도 이용가능; ▼c Requires PDF file reader(application/pdf) | |
| 653 | ▼a Web Security ▼a JavaScript ▼a Memory Heap ▼a Crypto-jacking | |
| 776 | 0 | ▼t Circuit: A JavaScript Memory Heap Based Approach for Precisely Detecting Cryptojacking Website ▼w (DCOLL211009)000000235778 |
| 900 | 1 0 | ▼a 이희조, ▼g 李喜造, ▼e 지도교수 |
| 900 | 1 0 | ▼a Park, Sung Han, ▼e 저 |
| 945 | ▼a KLPA |
전자정보
소장정보
| No. | 소장처 | 청구기호 | 등록번호 | 도서상태 | 반납예정일 | 예약 | 서비스 |
|---|---|---|---|---|---|---|---|
| No. 1 | 소장처 과학도서관/학위논문서고/ | 청구기호 0510 6D36 1121 | 등록번호 123066020 | 도서상태 대출가능 | 반납예정일 | 예약 | 서비스 |
| No. 2 | 소장처 과학도서관/학위논문서고/ | 청구기호 0510 6D36 1121 | 등록번호 123066021 | 도서상태 대출가능 | 반납예정일 | 예약 | 서비스 |
컨텐츠정보
초록
Notwithstanding the anticipated positive effects of the browser-based cryptomining , such as the alternative to online advertisements, it is often utilized for attackers to gain profits by exploiting users’ resources without their consent, called cryptojacking . Previous approaches attempted to protect user’s resources by filtering out cryptojacking websites have limitations. Some of them are easily bypassed by evasion techniques (e.g., script code obfuscation), and the others report numerous false alarms, because they only focused on a few characteristics of cryptojacking , e.g., high computational resource usage, which is common in modern websites. In this paper, we propose Circuit , a precise approach for detecting cryptojacking websites. We mainly focus on the JavaScript memory heap, which is not only resilient from the script code obfuscation, but also provides the declared objects information in the script code and their reference relationships. Using the pieces of information provided by the JavaScript memory heap, we generate a reference flow, which can represent the script code behavior of the website. Hence, Circuit determines that a website is running cryptojacking if the website contains a reference flow of cryptojacking . When we applied Circuit on 300K real-word websites including the Alexa top 100K and Majestic top 200K websites, we found 13 real-world cryptojacking websites. even though most of them were applying evasion techniques to avoid cryptojacking detection. By modeling the identified evasion techniques and providing the fact that what was known to be characteristic of cryptojacking websites now frequently appear on normal websites, we deliver new insights into cryptojacking .
목차
Introduction 1 2 Background and Related Work 5 2.1 Background knowledge 5 2.1.1 Cryptomining 5 2.1.2 Cryptojacking 6 2.1.3 Web worker 7 2.2 Related work 9 3 Circuit : Design and Implementation 12 3.1 Overview 12 3.2 Generating heap graph 15 3.2.1 Reference in JavaScript 15 3.2.2 Prototype in JavaScript 16 3.2.3 Heap graph construction 17 3.3 Extracting reference flows 19 3.4 Detecting cryptojacking 21 4 Evaluation and Findings 23 4.1 Detection of cryptojacking in the real-world websites 25 4.2 Evasion techniques 28 4.3 Distribution of websites with web workers 30 4.4 Websites with multi-services 31 5 Discussion and Future work 34 5.1 Detection based on the memory heap 34 5.2 Limitations 35 5.3 Future work 36 6 Conclusion 37 Bibliography 38