HOME > Detail View

Detail View

Circuit : a JavaScript memory heap based approach for precisely detecting cryptojacking website

Circuit : a JavaScript memory heap based approach for precisely detecting cryptojacking website

Material type
학위논문
Personal Author
박성한, 朴成韓
Title Statement
Circuit : a JavaScript memory heap based approach for precisely detecting cryptojacking website / Sung Han Park
Publication, Distribution, etc
Seoul :   Graduate School, Korea University,   2021  
Physical Medium
43장 : 삽화, 도표 ; 26 cm
기타형태 저록
Circuit: A JavaScript Memory Heap Based Approach for Precisely Detecting Cryptojacking Website   (DCOLL211009)000000235778  
학위논문주기
학위논문(석사)-- 고려대학교 대학원: 컴퓨터·전파통신공학과, 2021. 2
학과코드
0510   6D36   1121  
General Note
지도교수: 이희조  
Bibliography, Etc. Note
참고문헌: 장 39-43
이용가능한 다른형태자료
PDF 파일로도 이용가능;   Requires PDF file reader(application/pdf)  
비통제주제어
Web Security , JavaScript , Memory Heap , Crypto-jacking,,
000 00000nam c2200205 c 4500
001 000046071898
005 20210326141222
007 ta
008 201230s2021 ulkad bmAC 000c eng
040 ▼a 211009 ▼c 211009 ▼d 211009
085 0 ▼a 0510 ▼2 KDCP
090 ▼a 0510 ▼b 6D36 ▼c 1121
100 1 ▼a 박성한, ▼g 朴成韓
245 1 0 ▼a Circuit : ▼b a JavaScript memory heap based approach for precisely detecting cryptojacking website / ▼d Sung Han Park
260 ▼a Seoul : ▼b Graduate School, Korea University, ▼c 2021
300 ▼a 43장 : ▼b 삽화, 도표 ; ▼c 26 cm
500 ▼a 지도교수: 이희조
502 0 ▼a 학위논문(석사)-- ▼b 고려대학교 대학원: ▼c 컴퓨터·전파통신공학과, ▼d 2021. 2
504 ▼a 참고문헌: 장 39-43
530 ▼a PDF 파일로도 이용가능; ▼c Requires PDF file reader(application/pdf)
653 ▼a Web Security ▼a JavaScript ▼a Memory Heap ▼a Crypto-jacking
776 0 ▼t Circuit: A JavaScript Memory Heap Based Approach for Precisely Detecting Cryptojacking Website ▼w (DCOLL211009)000000235778
900 1 0 ▼a 이희조, ▼g 李喜造, ▼e 지도교수
900 1 0 ▼a Park, Sung Han, ▼e
945 ▼a KLPA

Electronic Information

No. Title Service
1
Circuit : a JavaScript memory heap based approach for precisely detecting cryptojacking website (8회 열람)
View PDF Abstract Table of Contents

Holdings Information

No. Location Call Number Accession No. Availability Due Date Make a Reservation Service
No. 1 Location Science & Engineering Library/Stacks(Thesis)/ Call Number 0510 6D36 1121 Accession No. 123066020 Availability Available Due Date Make a Reservation Service B M
No. 2 Location Science & Engineering Library/Stacks(Thesis)/ Call Number 0510 6D36 1121 Accession No. 123066021 Availability Available Due Date Make a Reservation Service B M

Contents information

Abstract

Notwithstanding the anticipated positive effects of the browser-based cryptomining , such as the alternative to online advertisements, it is often utilized for attackers to gain profits by exploiting users’ resources without their consent, called cryptojacking . Previous approaches attempted to protect user’s resources by filtering out cryptojacking websites have limitations. Some of them are easily bypassed by evasion techniques (e.g., script code obfuscation), and the others report numerous false alarms, because they only focused on a few characteristics of cryptojacking , e.g., high computational resource usage, which is common in modern websites. In this paper, we propose Circuit , a precise approach for detecting cryptojacking websites. We mainly focus on the JavaScript memory heap, which is not only resilient from the script code obfuscation, but also provides the declared objects information in the script code and their reference relationships. Using the pieces of information provided by the JavaScript memory heap, we generate a reference flow, which can represent the script code behavior of the website. Hence, Circuit determines that a website is running cryptojacking if the website contains a reference flow of cryptojacking . When we applied Circuit on 300K real-word websites including the Alexa top 100K and Majestic top 200K websites, we found 13 real-world cryptojacking websites. even though most of them were applying evasion techniques to avoid cryptojacking detection. By modeling the identified evasion techniques and providing the fact that what was known to be characteristic of cryptojacking websites now frequently appear on normal websites, we deliver new insights into cryptojacking .

Table of Contents

Introduction 1
2 Background and Related Work 5
2.1 Background knowledge 5
2.1.1 Cryptomining 5
2.1.2 Cryptojacking 6
2.1.3 Web worker 7
2.2 Related work 9
3 Circuit : Design and Implementation 12
3.1 Overview 12
3.2 Generating heap graph 15
3.2.1 Reference in JavaScript 15
3.2.2 Prototype in JavaScript 16
3.2.3 Heap graph construction 17
3.3 Extracting reference flows 19
3.4 Detecting cryptojacking 21
4 Evaluation and Findings 23
4.1 Detection of cryptojacking in the real-world websites 25
4.2 Evasion techniques 28
4.3 Distribution of websites with web workers 30
4.4 Websites with multi-services 31
5 Discussion and Future work 34
5.1 Detection based on the memory heap 34
5.2 Limitations 35
5.3 Future work 36
6 Conclusion 37
Bibliography 38