{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T15:14:19Z","timestamp":1772032459265,"version":"3.50.1"},"publisher-location":"Singapore","reference-count":35,"publisher":"Springer Singapore","isbn-type":[{"value":"9789813349216","type":"print"},{"value":"9789813349223","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,1,19]],"date-time":"2021-01-19T00:00:00Z","timestamp":1611014400000},"content-version":"vor","delay-in-days":384,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Web-based cryptocurrency mining attacks, also known as cryptojacking, become increasingly popular. A large number of diverse platforms (e.g., Windows, Linux, Android, and iOS) and devices (e.g., PC, smartphones, tablets, and even critical infrastructures) are widely impacted. Although a variety of detection approaches were recently proposed, it is challenging to apply these approaches to attack prevention directly.<\/jats:p><jats:p>Instead, in this paper, we present a novel generic and accurate defense solution, called \u201cMinerGate\u201d, against cryptojacking attacks. To achieve the goal, MinerGate is designed as an extension of network gateways or proxies to protect all devices behind it. When attacks are identified, MinerGate can enforce security rules on victim devices, such as stopping the execution of related JavaScript code and alerting victims. Compared to prior approaches, MinerGate does not require any modification of browsers or apps to collect the runtime features. Instead, MinerGate focuses on the semantics of mining payloads (usually written in WebAssembly\/asm.js), and semantic-based features.<\/jats:p><jats:p>In our evaluation, we first verify the correctness of MinerGate by testing MinerGate in a real environment. Then, we check MinerGate\u2019s performance and confirm MinerGate introduces relatively low overhead. Last, we verify the accuracy of MinerGate. For this purpose, we collect the largest WebAssembly\/asm.js related code with ground truth to build our experiment dataset. By comparing prior approaches and MinerGate on the dataset, we find MinerGate achieves better accuracy and coverage (i.e., 99% accuracy and 98% recall). Our dataset will be available online, which should be helpful for more solid understanding of cryptojacking attacks.<\/jats:p>","DOI":"10.1007\/978-981-33-4922-3_5","type":"book-chapter","created":{"date-parts":[[2021,1,18]],"date-time":"2021-01-18T11:21:04Z","timestamp":1610968864000},"page":"50-70","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["MinerGate: A Novel Generic and Accurate Defense Solution Against Web Based Cryptocurrency Mining Attacks"],"prefix":"10.1007","author":[{"given":"Guorui","family":"Yu","sequence":"first","affiliation":[]},{"given":"Guangliang","family":"Yang","sequence":"additional","affiliation":[]},{"given":"Tongxin","family":"Li","sequence":"additional","affiliation":[]},{"given":"Xinhui","family":"Han","sequence":"additional","affiliation":[]},{"given":"Shijie","family":"Guan","sequence":"additional","affiliation":[]},{"given":"Jialong","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Guofei","family":"Gu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,1,19]]},"reference":[{"key":"5_CR1","unstructured":"Ana, A.: Report: Some crypto mining apps remain in Google play store despite recent ban (2018). https:\/\/cointelegraph.com\/news\/report-some-crypto-mining-apps-remain-in-google-play-store-despite-recent-ban. Accessed 21 Nov 2019"},{"key":"5_CR2","unstructured":"Andrea, M.: Firefox: implement cryptomining URL-classifier (2019). https:\/\/hg.mozilla.org\/mozilla-central\/rev\/d503dc3fd033. Accessed 01 May 2020"},{"issue":"11","key":"5_CR3","doi-asserted-by":"publisher","first-page":"3747","DOI":"10.1073\/pnas.0400087101","volume":"101","author":"A Barrat","year":"2004","unstructured":"Barrat, A., Barthelemy, M., Pastor-Satorras, R., Vespignani, A.: The architecture of complex weighted networks. Proc. Natl. Acad. Sci. 101(11), 3747\u20133752 (2004)","journal-title":"Proc. Natl. Acad. Sci."},{"key":"5_CR4","unstructured":"Catalin, C.: New browser attack lets hackers run bad code even after users leave a web page (2019). https:\/\/www.zdnet.com\/article\/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page\/. Accessed 01 May 2020"},{"key":"5_CR5","unstructured":"Daniel, P.: 8 illicit crypto-mining windows apps removed from microsoft store (2019). https:\/\/www.coindesk.com\/8-illicit-crypto-mining-windows-apps-removed-from-microsoft-store. Accessed 01 May 2020"},{"key":"5_CR6","unstructured":"David, H., Luke, W., Alon, Z.: asm.js working draft (2018). http:\/\/asmjs.org\/spec\/latest\/"},{"issue":"7","key":"5_CR7","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1145\/3212998","volume":"61","author":"I Eyal","year":"2018","unstructured":"Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable. Commun. ACM 61(7), 95\u2013102 (2018)","journal-title":"Commun. ACM"},{"key":"5_CR8","doi-asserted-by":"publisher","unstructured":"Pearson, K.: X. on the criterion that a given system of deviations from the probable in the case of a correlated system of variables is such that it can be reasonably supposed to have arisen from random sampling. London Edinburgh Dublin Philos. Mag. J. Sci. 50(302), 157\u2013175 (1900). https:\/\/doi.org\/10.1080\/14786440009463897","DOI":"10.1080\/14786440009463897"},{"key":"5_CR9","unstructured":"Group, W.C.: Webassembly specification (2018). https:\/\/webassembly.github.io\/spec\/core\/_download\/WebAssembly.pdf. Accessed 01 May 2020"},{"key":"5_CR10","doi-asserted-by":"publisher","unstructured":"Hong, G., et al.: How you get shot in the back: a systematical study about cryptojacking in the real world. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 1701\u20131713. ACM, New York (2018). https:\/\/doi.org\/10.1145\/3243734.3243840. http:\/\/doi.acm.org\/10.1145\/3243734.3243840","DOI":"10.1145\/3243734.3243840"},{"key":"5_CR11","unstructured":"npm Inc.: npm \u2014 the heart of the modern development community (2018). https:\/\/www.npmjs.com\/. Accessed 01 May 2020"},{"key":"5_CR12","doi-asserted-by":"crossref","unstructured":"Kharraz, A., et al.: Outguard: detecting in-browser covert cryptocurrency mining in the wild (2019)","DOI":"10.1145\/3308558.3313665"},{"key":"5_CR13","doi-asserted-by":"crossref","unstructured":"Konoth, R.K., et al.: Minesweeper: an in-depth look into drive-by cryptocurrency mining and its defense. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1714\u20131730. ACM (2018)","DOI":"10.1145\/3243734.3243858"},{"key":"5_CR14","unstructured":"Kunegis, J.: KONECT \u2013 the Koblenz network collection. In: Proceedings of International Conference on World Wide Web Companion, pp. 1343\u20131350 (2013). http:\/\/dl.acm.org\/citation.cfm?id=2488173"},{"key":"5_CR15","unstructured":"Newman, L.H.: Hack brief: hackers enlisted Tesla\u2019s public cloud to mine cryptocurrencies (2018). https:\/\/www.wired.com\/story\/cryptojacking-tesla-amazon-cloud\/. Accessed 01 May 2020"},{"key":"5_CR16","unstructured":"Lindsey, O.: Cryptojacking attack found on los angeles times website (2018). https:\/\/threatpost.com\/cryptojacking-attack-found-on-los-angeles-times-website\/130041\/. Accessed 01 May 2020"},{"key":"5_CR17","doi-asserted-by":"publisher","unstructured":"Liu, J., Zhao, Z., Cui, X., Wang, Z., Liu, Q.: A novel approach for detecting browser-based silent miner. In: Proceedings - 2018 IEEE 3rd International Conference on Data Science in Cyberspace, DSC 2018, Guangzhou, China, pp. 490\u2013497. IEEE, June 2018. https:\/\/doi.org\/10.1109\/DSC.2018.00079. https:\/\/ieeexplore.ieee.org\/document\/8411900\/","DOI":"10.1109\/DSC.2018.00079"},{"key":"5_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/978-3-642-27937-9_17","volume-title":"Information Security Technology for Applications","author":"J Magazinius","year":"2012","unstructured":"Magazinius, J., Phung, P.H., Sands, D.: Safe wrappers and sane policies for self protecting JavaScript. In: Aura, T., J\u00e4rvinen, K., Nyberg, K. (eds.) NordSec 2010. LNCS, vol. 7127, pp. 239\u2013255. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-27937-9_17"},{"key":"5_CR19","unstructured":"Neil, B.: Kaspersky reports 13 million cryptojacking attempts this year, January 2018. https:\/\/www.cryptolinenews.com\/2018\/12\/13-million-cryptojacking-says-kaspersky\/. Accessed 01 May 2020"},{"key":"5_CR20","unstructured":"Newman, L.H.: Now cryptojacking threatens critical infrastructure too (2018). https:\/\/www.wired.com\/story\/cryptojacking-critical-infrastructure\/. Accessed 01 May 2020"},{"key":"5_CR21","unstructured":"Nicolas, F., Joan, C., Cedric, L.: Jeb decompiler (2018). https:\/\/www.pnfsoftware.com\/jeb\/. Accessed 01 May 2020"},{"key":"5_CR22","unstructured":"Opera: Cryptojacking test (2018). https:\/\/cryptojackingtest.com\/. Accessed 01 May 2020"},{"key":"5_CR23","unstructured":"Prakash: Drmine (2018). https:\/\/github.com\/1lastBr3ath\/drmine\/. Accessed 01 May 2020"},{"key":"5_CR24","unstructured":"Rafael, K.: Nocoin (2018). https:\/\/github.com\/keraf\/NoCoin\/. Accessed 01 May 2020"},{"key":"5_CR25","unstructured":"Raymond, H.: ublock (2018). https:\/\/github.com\/gorhill\/uBlock\/. Accessed 01 May 2020"},{"key":"5_CR26","doi-asserted-by":"publisher","unstructured":"Rossberg, A., et al.: Bringing the web up to speed with webassembly. Commun. ACM 61(12), 107\u2013115 (2018). https:\/\/doi.org\/10.1145\/3282510","DOI":"10.1145\/3282510"},{"key":"5_CR27","unstructured":"Seigen, Max, J., Tuomo, N., Neocortex, Antonio, M.J.: Cryptonight hash function (2013). https:\/\/cryptonote.org\/cns\/cns008.txt. Accessed 01 May 2020"},{"key":"5_CR28","unstructured":"Simoudis, E., Han, J., Fayyad, U.M. (eds.): Proceedings of the Second International Conference on Knowledge Discovery and Data Mining (KDD 1996), Portland, Oregon, USA. AAAI Press (1996). http:\/\/www.aaai.org\/Library\/KDD\/kdd96contents.php"},{"key":"5_CR29","unstructured":"VirusTotal: Virustotal (2018). https:\/\/www.virustotal.com\/. Accessed 01 May 2020"},{"key":"5_CR30","unstructured":"W3C: Web workers (2015). https:\/\/www.w3.org\/TR\/workers\/. Accessed 01 May 2020"},{"key":"5_CR31","unstructured":"W3C: The websocket api. https:\/\/www.w3.org\/TR\/websockets\/. Accessed 01 May 2020"},{"key":"5_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"122","DOI":"10.1007\/978-3-319-98989-1_7","volume-title":"Computer Security","author":"W Wang","year":"2018","unstructured":"Wang, W., Ferrell, B., Xu, X., Hamlen, K.W., Hao, S.: SEISMIC: SEcure in-lined script monitors for interrupting cryptojacks. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11099, pp. 122\u2013142. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-98989-1_7"},{"key":"5_CR33","doi-asserted-by":"crossref","unstructured":"Watts, D.J., Strogatz, S.H.: Collective dynamics of \u2018small-world\u2019 networks. Nature 393(6684), 440 (1998)","DOI":"10.1038\/30918"},{"key":"5_CR34","unstructured":"Wikipedia: Cryptocurrency (2018). https:\/\/en.wikipedia.org\/wiki\/Cryptocurrency. Accessed 01 May 2020"},{"key":"5_CR35","unstructured":"ZeroDot1: Coinblockerlists (2018). https:\/\/zerodot1.gitlab.io\/CoinBlockerListsWeb\/index.htm. Accessed 01 May 2020"}],"container-title":["Communications in Computer and Information Science","Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-33-4922-3_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,1,18]],"date-time":"2021-01-18T11:27:47Z","timestamp":1610969267000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-981-33-4922-3_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9789813349216","9789813349223"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-981-33-4922-3_5","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"19 January 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CNCERT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China Cyber Security Annual Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Beijing","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 August 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 August 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cncert2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/conf.cert.org.cn","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}