TY - GEN
T1 - Outguard
T2 - 2019 World Wide Web Conference, WWW 2019
AU - Kharraz, Amin
AU - Lever, Charles
AU - Borisov, Nikita
AU - Ma, Zane
AU - Mason, Joshua
AU - Antonakakis, Manos
AU - Murley, Paul
AU - Miller, Andrew
AU - Bailey, Michael
N1 - Funding Information:
This work was supported by the National Science Foundation (NSF) under grant CNS-1518741 award. We would like to thank the anonymous reviewers for their helpful comments.
Publisher Copyright:
© 2019 IW3C2 (International World Wide Web Conference Committee), published under Creative Commons CC-BY 4.0 License.
PY - 2019/5/13
Y1 - 2019/5/13
N2 - In-browser cryptojacking is a form of resource abuse that leverages end-users' machines to mine cryptocurrency without obtaining the users' consent. In this paper, we design, implement, and evaluate Outguard, an automated cryptojacking detection system. We construct a large ground-truth dataset, extract several features using an instrumented web browser, and ultimately select seven distinctive features that are used to build an SVM classification model. Outguardachieves a 97.9% TPR and 1.1% FPR and is reasonably tolerant to adversarial evasions. We utilized Outguardin the wild by deploying it across the Alexa Top 1M websites and found 6,302 cryptojacking sites, of which 3,600 are new detections that were absent from the training data. These cryptojacking sites paint a broad picture of the cryptojacking ecosystem, with particular emphasis on the prevalence of cryptojacking websites and the shared infrastructure that provides clues to the operators behind the cryptojacking phenomenon.
AB - In-browser cryptojacking is a form of resource abuse that leverages end-users' machines to mine cryptocurrency without obtaining the users' consent. In this paper, we design, implement, and evaluate Outguard, an automated cryptojacking detection system. We construct a large ground-truth dataset, extract several features using an instrumented web browser, and ultimately select seven distinctive features that are used to build an SVM classification model. Outguardachieves a 97.9% TPR and 1.1% FPR and is reasonably tolerant to adversarial evasions. We utilized Outguardin the wild by deploying it across the Alexa Top 1M websites and found 6,302 cryptojacking sites, of which 3,600 are new detections that were absent from the training data. These cryptojacking sites paint a broad picture of the cryptojacking ecosystem, with particular emphasis on the prevalence of cryptojacking websites and the shared infrastructure that provides clues to the operators behind the cryptojacking phenomenon.
KW - Browser Security
KW - Cryptojacking
KW - Web Security
UR - http://www.scopus.com/inward/record.url?scp=85066898170&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85066898170&partnerID=8YFLogxK
U2 - 10.1145/3308558.3313665
DO - 10.1145/3308558.3313665
M3 - Conference contribution
AN - SCOPUS:85066898170
T3 - The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019
SP - 840
EP - 852
BT - The Web Conference 2019 - Proceedings of the World Wide Web Conference, WWW 2019
PB - Association for Computing Machinery, Inc
Y2 - 13 May 2019 through 17 May 2019
ER -