{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T09:40:06Z","timestamp":1769938806970,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":73,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,15]],"date-time":"2023-11-15T00:00:00Z","timestamp":1700006400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Huawei Technologies Co., Ltd","award":["TC20200917004"],"award-info":[{"award-number":["TC20200917004"]}]},{"name":"Alibaba Innovative Research Program (AIR)"},{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2021YFB2701000"],"award-info":[{"award-number":["2021YFB2701000"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Beijing National Research Center for Information Science and Technology (BNRist)","award":["BNR2022RC01006"],"award-info":[{"award-number":["BNR2022RC01006"]}]},{"name":"CCF-Tencent Rhino-Bird Young Faculty Open Research Fund"},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62102218, U19B2034, 62272265, 61972224, 6230210"],"award-info":[{"award-number":["62102218, U19B2034, 62272265, 61972224, 6230210"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,15]]},"DOI":"10.1145\/3576915.3616677","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T17:35:13Z","timestamp":1700588113000},"page":"326-340","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1811-9432","authenticated-orcid":false,"given":"Zhenrui","family":"Zhang","sequence":"first","affiliation":[{"name":"Tsinghua University & QI-ANXIN Technology Research Institute, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1811-9432","authenticated-orcid":false,"given":"Geng","family":"Hong","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7388-1329","authenticated-orcid":false,"given":"Xiang","family":"Li","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6265-0151","authenticated-orcid":false,"given":"Zhuoqun","family":"Fu","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7896-3382","authenticated-orcid":false,"given":"Jia","family":"Zhang","sequence":"additional","affiliation":[{"name":"Tsinghua University & Zhongguancun Laboratory, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2163-6505","authenticated-orcid":false,"given":"Mingxuan","family":"Liu","sequence":"additional","affiliation":[{"name":"Tsinghua University & Zhongguancun Laboratory, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4715-4667","authenticated-orcid":false,"given":"Chuhan","family":"Wang","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7511-1117","authenticated-orcid":false,"given":"Jianjun","family":"Chen","sequence":"additional","affiliation":[{"name":"Tsinghua University & Zhongguancun Laboratory, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9032-8063","authenticated-orcid":false,"given":"Baojun","family":"Liu","sequence":"additional","affiliation":[{"name":"Tsinghua University & Zhongguancun Laboratory, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0083-733X","authenticated-orcid":false,"given":"Haixin","family":"Duan","sequence":"additional","affiliation":[{"name":"Tsinghua University & Quancheng Laboratory, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7894-8828","authenticated-orcid":false,"given":"Chao","family":"Zhang","sequence":"additional","affiliation":[{"name":"Tsinghua University & Zhongguancun Laboratory, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9714-5545","authenticated-orcid":false,"given":"Min","family":"Yang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2012. Netflow. https:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/ios-nx-os-software\/ios-netflow\/prod_white_paper0900aecd80406232.html."},{"key":"e_1_3_2_1_2_1","unstructured":"2016. EthereumStratum_v1.0.0. https:\/\/github.com\/sammy007\/open-ethereum-pool\/blob\/master\/docs\/STRATUM.md."},{"key":"e_1_3_2_1_3_1","unstructured":"2017. Electrum Protocol Specification. https:\/\/electrum.readthedocs.io\/en\/latest\/ protocol.html#electrum-protocol-specification."},{"key":"e_1_3_2_1_4_1","unstructured":"2018. Equihash miner. https:\/\/github.com\/nemosminer\/DSTM-equihash-miner."},{"key":"e_1_3_2_1_5_1","unstructured":"2018. Large Scale Monero Cryptocurrency Mining Operation using XM-Rig. https:\/\/unit42.paloaltonetworks.com\/unit42-large-scale-monero-cryptocurr ency-mining-operation-using-xmrig\/."},{"key":"e_1_3_2_1_6_1","unstructured":"2018. Stratum mining protocol. https:\/\/github.com\/xmrig\/xmrig-proxy\/blob\/m aster\/doc\/STRATUM.md."},{"key":"e_1_3_2_1_7_1","unstructured":"2018. Wannamine. https:\/\/www.techtarget.com\/searchsecurity\/news\/252434485\/ Cryptojacking-malware-using-EternalBlue-to-build-botnets."},{"key":"e_1_3_2_1_8_1","unstructured":"2019. Xmr-Stak. https:\/\/github.com\/fireice-uk\/xmr-stak."},{"key":"e_1_3_2_1_9_1","unstructured":"2020. Claymore. https:\/\/github.com\/Claymore-Dual\/Claymore-Dual-Miner."},{"key":"e_1_3_2_1_10_1","unstructured":"2020. Outlaw. https:\/\/www.oguzhantopgul.com\/2020\/06\/outlaw-botnet-xmrig-miner-and-shellbot.html."},{"key":"e_1_3_2_1_11_1","unstructured":"2020. Stratum Implementation. https:\/\/github.com\/edsonayllon\/Stratum-Impl ementation-For-Pantheon#4-stratum-implementation."},{"key":"e_1_3_2_1_12_1","unstructured":"2021. 8220 Gang. https:\/\/www.lacework.com\/blog\/8220-gangs-recent-use-of-custom-miner-and-botnet\/."},{"key":"e_1_3_2_1_13_1","unstructured":"2021. China's top regulators ban crypto trading and mining sending bitcoin tumbling. https:\/\/www.reuters.com\/world\/china\/china-central-bank-vows-crac kdown-cryptocurrency-trading-2021-09-24\/."},{"key":"e_1_3_2_1_14_1","unstructured":"2021. CPUMiner. https:\/\/github.com\/pooler\/cpuminer."},{"key":"e_1_3_2_1_15_1","unstructured":"2021. Graftor. https:\/\/en.wikipedia.org\/wiki\/Hupigon."},{"key":"e_1_3_2_1_16_1","unstructured":"2021. India to propose law banning cryptocurrency trading mining and possession. https:\/\/economictimes.indiatimes.com\/industry\/banking\/fin ance\/india-to-propose-law-banning-cryptocurrency-trading-mining-and-possession\/banning-cryptocurrencies\/slideshow\/81526975.cms."},{"key":"e_1_3_2_1_17_1","unstructured":"2021. Masscan. https:\/\/github.com\/robertdavidgraham\/masscan."},{"key":"e_1_3_2_1_18_1","unstructured":"2021. Masscan exclude IP list. https:\/\/github.com\/robertdavidgraham\/masscan\/b lob\/master\/data\/exclude.conf."},{"key":"e_1_3_2_1_19_1","unstructured":"2021. Tsunami. https:\/\/malwiki.org\/index.php?title=Tsunami."},{"key":"e_1_3_2_1_20_1","unstructured":"2022. 8220 Gang Deploys a New Campaign with Upgraded Techniques. https:\/\/blog.aquasec.com\/8220-gang-confluence-vulnerability-cve-2022-26134#Discovery."},{"key":"e_1_3_2_1_21_1","unstructured":"2022. BTC.com. https:\/\/pool.btc.com\/."},{"key":"e_1_3_2_1_22_1","unstructured":"2022. Cryptocurrency statistics. https:\/\/bitinfocharts.com\/."},{"key":"e_1_3_2_1_23_1","unstructured":"2022. Ethermine. https:\/\/etc.ethermine.org\/."},{"key":"e_1_3_2_1_24_1","unstructured":"2022. Ethminer. https:\/\/github.com\/ethereum-mining\/ethminer."},{"key":"e_1_3_2_1_25_1","unstructured":"2022. LemonDuck Cryptojacking Botnet. https:\/\/www.crowdstrike.com\/blog\/lemonduck-botnet-targets-docker-for-cryptomining-operations\/."},{"key":"e_1_3_2_1_26_1","unstructured":"2022. Minerblock. https:\/\/github.com\/xd4rker\/MinerBlock."},{"key":"e_1_3_2_1_27_1","unstructured":"2022. MiningPoolStats. https:\/\/miningpoolstats.stream\/."},{"key":"e_1_3_2_1_28_1","unstructured":"2022. Monero Network Monitoring. https:\/\/web.archive.org\/web\/ 20221209071310\/https:\/\/minexmr.com\/pools.html."},{"key":"e_1_3_2_1_29_1","unstructured":"2022. Nanopool. https:\/\/nanopool.org\/."},{"key":"e_1_3_2_1_30_1","unstructured":"2022. New York governor signs first-of-its-kind law cracking down on bitcoin mining. https:\/\/www.cnbc.com\/2022\/11\/23\/new-york-governor-signs-law-crac king-down-on-bitcoin-mining.html."},{"key":"e_1_3_2_1_31_1","unstructured":"2022. Orchard botnet. https:\/\/blog.netlab.360.com\/a-new-botnet-orchard-gene rates-dga-domains-with-bitcoin-transaction-information\/."},{"key":"e_1_3_2_1_32_1","unstructured":"2022. Stratum v1. https:\/\/www.braiins.com\/stratum-v1\/docs."},{"key":"e_1_3_2_1_33_1","unstructured":"2022. STRATUM V2. https:\/\/www.braiins.com\/stratum-v2."},{"key":"e_1_3_2_1_34_1","volume-title":"The state of cryptojacking in the first three quarters of","year":"2022","unstructured":"2022. The state of cryptojacking in the first three quarters of 2022. https: \/\/securelist.com\/cryptojacking-report-2022\/107898\/."},{"key":"e_1_3_2_1_35_1","unstructured":"2022. Virustotal API v3 Overview. https:\/\/developers.virustotal.com\/reference."},{"key":"e_1_3_2_1_36_1","unstructured":"2022. Virut. https:\/\/en.wikipedia.org\/wiki\/Virut."},{"key":"e_1_3_2_1_37_1","unstructured":"2022. XMRig. https:\/\/xmrig.com\/docs\/miner."},{"key":"e_1_3_2_1_38_1","unstructured":"2022. XMRig benchmark. https:\/\/xmrig.com\/benchmark."},{"key":"e_1_3_2_1_39_1","unstructured":"2022. XMRig proxy. https:\/\/xmrig.com\/docs\/proxy."},{"key":"e_1_3_2_1_40_1","unstructured":"2023. CrowdStrike Uncovers I2Pminer MacOS Mineware Variant. https:\/\/www. crowdstrike.com\/blog\/i2pminer-macos-mineware-analysis\/."},{"key":"e_1_3_2_1_41_1","unstructured":"2023. Maltrail cryptomining list. https:\/\/github.com\/stamparm\/maltrail\/blob\/ma ster\/trails\/static\/suspicious\/crypto_mining.txt."},{"key":"e_1_3_2_1_42_1","unstructured":"2023. Mozilla foundation's public suffix list. https:\/\/publicsuffix.org\/list\/public_s uffix_list.dat."},{"key":"e_1_3_2_1_43_1","unstructured":"2023. Selenium. https:\/\/www.selenium.dev\/."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354230"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-51280-4_31"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2021"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.13"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3545948.3545973"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23511"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354203"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243840"},{"key":"e_1_3_2_1_52_1","volume-title":"Botcoin: Monetizing Stolen Cycles. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014","author":"Huang Danny Yuxing","year":"2014","unstructured":"Danny Yuxing Huang, Hitesh Dharmdasani, Sarah Meiklejohn, Vacha Dave, Chris Grier, Damon McCoy, Stefan Savage, Nicholas Weaver, Alex C. Snoeren, and Kirill Levchenko. 2014. Botcoin: Monetizing Stolen Cycles. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014. The Internet Society. https:\/\/www.ndss-symposium.org\/ ndss2014\/botcoin-monetizing-stolen-cycles"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/IWMN.2019.8804995"},{"key":"e_1_3_2_1_54_1","volume-title":"LZR: Identifying Un-expected Internet Services. In 30th USENIX Security Symposium, USENIX Security 2021","author":"Izhikevich Liz","year":"2021","unstructured":"Liz Izhikevich, Renata Teixeira, and Zakir Durumeric. 2021. LZR: Identifying Un-expected Internet Services. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 3111--3128. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/ presentation\/izhikevich"},{"key":"e_1_3_2_1_55_1","volume-title":"Joshi and Theyazn Hassn Hadi","author":"Manish","year":"2015","unstructured":"Manish R. Joshi and Theyazn Hassn Hadi. 2015. A Review of Network Traffic Anal-ysis and Prediction Techniques. CoRR abs\/1507.05722 (2015). arXiv:1507.05722 http:\/\/arxiv.org\/abs\/1507.05722"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243858"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134019"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487814"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485369"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833803"},{"key":"e_1_3_2_1_61_1","volume-title":"Discovering bitcoin's public topology and influential nodes. et al","author":"Miller Andrew","year":"2015","unstructured":"Andrew Miller, James Litton, Andrew Pachulski, Neal Gupta, Dave Levin, Neil Spring, and Bobby Bhattacharjee. 2015. Discovering bitcoin's public topology and influential nodes. et al (2015)."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355576"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1080\/14786440009463897"},{"key":"e_1_3_2_1_64_1","volume-title":"Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019","author":"Pochat Victor Le","year":"2019","unstructured":"Victor Le Pochat, Tom van Goethem, Samaneh Tajalizadehkhoob, Maciej Korczynski, and Wouter Joosen. 2019. Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019. The Internet Society. https:\/\/www.ndss-symposium.org\/ndss-paper\/tranco-a-research-oriented-top-sites-ranking-hardened-against-manipulation\/"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2017-0028"},{"key":"e_1_3_2_1_66_1","volume-title":"London: Facet, 2010. 508p. alk. paper, $90 (ISBN 9781555707156). LC2010-013746","author":"Repplinger John","year":"2011","unstructured":"John Repplinger. 2011. G.G. Chowdhury. Introduction to Modern Information Retrieval. 3rd ed. London: Facet, 2010. 508p. alk. paper, $90 (ISBN 9781555707156). LC2010-013746. Coll. Res. Libr. 72, 2 (2011), 194--195. http:\/\/crl.acrl.org\/content \/72\/2\/194.full.pdf"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1186\/s13635-021-00126-1"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278539"},{"key":"e_1_3_2_1_69_1","volume-title":"Exploring Same-Site Attacks in the Modern Web. In 30th USENIX Security Symposium, USENIX Security 2021","author":"Squarcina Marco","year":"2021","unstructured":"Marco Squarcina, Mauro Tempesta, Lorenzo Veronese, Stefano Calzavara, and Matteo Maffei. 2021. Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 2917--2934. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presen tation\/squarcina"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66332-6_13"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24208"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-98989-1_7"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485832.3485835"}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3616677","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3616677","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:49Z","timestamp":1750178209000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3616677"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":73,"alternative-id":["10.1145\/3576915.3616677","10.1145\/3576915"],"URL":"https:\/\/doi.org\/10.1145\/3576915.3616677","relation":{},"subject":[],"published":{"date-parts":[[2023,11,15]]},"assertion":[{"value":"2023-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}