{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T04:29:40Z","timestamp":1772166580224,"version":"3.50.1"},"reference-count":116,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2021,12,4]],"date-time":"2021-12-04T00:00:00Z","timestamp":1638576000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,12,4]],"date-time":"2021-12-04T00:00:00Z","timestamp":1638576000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["EURASIP J. on Info. Security"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>\n                    Illicit cryptocurrency mining has become one of the prevalent methods for monetization of computer security incidents. In this attack, victims\u2019 computing resources are abused to mine cryptocurrency for the benefit of attackers. The most popular illicitly mined digital coin is Monero as it provides strong anonymity and is efficiently mined on CPUs.Illicit mining crucially relies on communication between compromised systems and remote mining pools using the\n                    <jats:italic>de facto standard<\/jats:italic>\n                    protocol Stratum. While prior research primarily focused on endpoint-based detection of in-browser mining, in this paper, we address network-based detection of cryptomining malware in general. We propose XMR-Ray, a machine learning detector using novel features based on reconstructing the Stratum protocol from raw NetFlow records. Our detector is trained offline using\n                    <jats:italic>only mining traffic<\/jats:italic>\n                    and does not require privacy-sensitive normal network traffic, which facilitates its adoption and integration.In our experiments, XMR-Ray attained 98.94% detection rate at 0.05% false alarm rate, outperforming the closest competitor. Our evaluation furthermore demonstrates that it reliably detects previously unseen mining pools, is robust against common obfuscation techniques such as encryption and proxies, and is applicable to mining in the browser or by compiled binaries. Finally, by deploying our detector in a large university network, we show its effectiveness in protecting real-world systems.\n                  <\/jats:p>","DOI":"10.1186\/s13635-021-00126-1","type":"journal-article","created":{"date-parts":[[2021,12,4]],"date-time":"2021-12-04T06:02:32Z","timestamp":1638597752000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Detection of illicit cryptomining using network metadata"],"prefix":"10.1186","volume":"2021","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6876-2798","authenticated-orcid":false,"given":"Michele","family":"Russo","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nedim","family":"\u0160rndi\u0107","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pavel","family":"Laskov","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,12,4]]},"reference":[{"key":"126_CR1","unstructured":"S. Higgins, $600 billion: cryptocurrency market cap sets new record (2017). https:\/\/www.coindesk.com\/600-billion-cryptocurrency-market-cap-sets-new-record\/ Accessed 19 Apr 2021."},{"key":"126_CR2","unstructured":"CoinMarketCap, Global cryptocurrency charts - total market capitalization (2021). https:\/\/coinmarketcap.com\/charts\/ Accessed 17 May 2021."},{"key":"126_CR3","unstructured":"M. Yamazaki, Tokyo-based cryptocurrency exchange hacked, losing $530 million: NHK (2018). https:\/\/www.reuters.com\/article\/us-japan-cryptocurrency\/tokyo-based-cryptocurrency-exchange-hacked-losing-530-million-nhk-idUSKBN1FF29C Accessed 21 Apr 2021."},{"key":"126_CR4","unstructured":"J. Russell, Korean crypto exchange Bithumb says it lost over $30M following a hack (2018). https:\/\/techcrunch.com\/2018\/06\/19\/korean-crypto-exchange-bithumb-says-it-lost-over-30m-following-a-hack\/ Accessed 21 Apr 2021."},{"key":"126_CR5","unstructured":"M. Yuval, CoinDash TGE Hack findings report 15.11.17 (2017). https:\/\/blog.coindash.io\/coi---tge-hack-findings-report-15-11-17-9657465192e1 Accessed 21 Apr 2021."},{"key":"126_CR6","unstructured":"E. Ananin, A. Semenchenko, Copy-pasting thief from a copy-pasted code (2018). https:\/\/www.fortinet.com\/blog\/threat-research\/copy-pasting-thief-from-a-copy-pasted-code.html Accessed 21 Apr 2021."},{"key":"126_CR7","unstructured":"J. Wilmoth, Hackers seize $32 million in Ethereum in parity wallet breach (2017). https:\/\/www.ccn.com\/hackers-seize-32-million-in-parity-wallet-breach\/ Accessed 21 Apr 2021."},{"key":"126_CR8","unstructured":"S. Higgins, Tether claims $30 million in US dollar token stolen (2017). https:\/\/www.coindesk.com\/tether-claims-30-million-stable-token-stolen-attacker Accessed 21 Apr 2021."},{"key":"126_CR9","unstructured":"R. Iyengar, More than $70 million stolen in bitcoin hack (2017). https:\/\/money.cnn.com\/2017\/12\/07\/technology\/nicehash-bitcoin-theft-hacking\/index.html Accessed 21 Apr 2021."},{"key":"126_CR10","unstructured":"C. Budd, Threat brief: malware authors mine Monero across the globe in a big way (2108). https:\/\/unit42.paloaltonetworks.com\/threat-brief-malware-authors-mine-monero-across-globe-big-way\/ Accessed 21 Apr 2021."},{"key":"126_CR11","unstructured":"E. Lopatin, Kaspersky Security Bulletin 2018 story of the year: miners (2018). https:\/\/securelist.com\/kaspersky-security-bulletin-2018-story-of-the-year-miners\/89096\/Accessed 21 Apr 2021."},{"key":"126_CR12","unstructured":"European Union Agency For Network and Information Security, Enisa threat landscape report 2018. Technical report, ENISA (2019). https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-report-2018."},{"key":"126_CR13","unstructured":"McAfee Labs, McAfee Labs Threats Report (2018). https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/reports\/rp-quarterly-threats-dec-2018.pdf Accessed 21 Apr 2021."},{"key":"126_CR14","doi-asserted-by":"crossref","unstructured":"McAfee Labs, McAfee Labs Threats Report (2019). https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/reports\/rp-quarterly-threats-aug-2019.pdf Accessed 21 Apr 2021.","DOI":"10.1016\/S1361-3723(19)30004-1"},{"key":"126_CR15","unstructured":"C. Cimpanu, Cryptomining malware saw new life over the summer as Monero value tripled (2019). https:\/\/www.zdnet.com\/article\/crypto-mining-malware-saw-new-life-over-the-summer-as-monero-value-tripled\/ Accessed 21 Apr 2021."},{"key":"126_CR16","unstructured":"AMR, Kaspersky Security Bulletin 2019 (2019). https:\/\/securelist.com\/kaspersky-security-bulletin-2019-statistics\/95475 Accessed 21 Apr 2021."},{"key":"126_CR17","unstructured":"C. Cimpanu, Thousands of enterprise systems infected by new Blue Mockingbird malware gang (2020). https:\/\/www.zdnet.com\/article\/thousands-of-enterprise-systems-infected-by-new-blue-mockingbird-malware-gang\/ Accessed 21 Apr 2021."},{"key":"126_CR18","unstructured":"J. Karasek, A. Remillano, Outlaw updates kit to kill older miner versions, targets more systems (2020). https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/outlaw-updates-kit-to-kill-older-miner-versions-targets-more-systems\/ Accessed 21 Apr 2021."},{"key":"126_CR19","unstructured":"A. Windsor, Breaking down a two-year run of Vivin\u2019s cryptominers (2020). https:\/\/blog.talosintelligence.com\/2020\/01\/vivin-cryptomining-campaigns.html Accessed 21 Apr 2021."},{"key":"126_CR20","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1145\/3355369.3355576","volume-title":"Proceedings of the Internet Measurement Conference, IMC","author":"S. Pastrana","year":"2019","unstructured":"S. Pastrana, G. Suarez-Tangil, in Proceedings of the Internet Measurement Conference, IMC. A first look at the crypto-mining malware ecosystem: a decade of unrestricted wealth (ACMAmsterdam, 2019), pp. 73\u201386. https:\/\/doi.org\/10.1145\/3355369.3355576."},{"key":"126_CR21","unstructured":"BitcoinWiki, Stratum mining protocol (2020). https:\/\/en.bitcoinwiki.org\/wiki\/Stratum_mining_protocol Accessed 21 Apr 2021."},{"key":"126_CR22","unstructured":"Crypto-Loot, CryptoLoot earn more from your visitors (2020). https:\/\/crypto-loot.org\/ Accessed 21 Apr 2021."},{"key":"126_CR23","unstructured":"N. Buchka, A. Kivva, D. Galov, Jack of all trades (2017). https:\/\/securelist.com\/jack-of-all-trades\/83470\/ Accessed 21 Apr 2021."},{"key":"126_CR24","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1109\/EuroSPW.2018.00014","volume-title":"IEEE European Symposium on Security and Privacy Workshops, EuroS&P Workshops","author":"S. Eskandari","year":"2018","unstructured":"S. Eskandari, A. Leoutsarakos, T. Mursch, J. Clark, in IEEE European Symposium on Security and Privacy Workshops, EuroS&P Workshops. A first look at browser-based cryptojacking (IEEELondon, 2018), pp. 58\u201366. https:\/\/doi.org\/10.1109\/EuroSPW.2018.00014."},{"key":"126_CR25","first-page":"70","volume-title":"Proceedings of the Internet Measurement Conference IMC","author":"J. R\u00fcth","year":"2018","unstructured":"J. R\u00fcth, T. Zimmermann, K. Wolsing, O. Hohlfeld, in Proceedings of the Internet Measurement Conference IMC. Digging into browser-based crypto mining (ACMBoston, 2018), pp. 70\u201376. https:\/\/dl.acm.org\/citation.cfm?id=3278539."},{"key":"126_CR26","doi-asserted-by":"publisher","first-page":"1701","DOI":"10.1145\/3243734.3243840","volume-title":"ACM SIGSAC Conference on Computer and Communications Security CCS","author":"G. Hong","year":"2018","unstructured":"G. Hong, Z. Yang, S. Yang, L. Zhang, Y. Nan, Z. Zhang, M. Yang, Y. Zhang, Z. Qian, H. Duan, in ACM SIGSAC Conference on Computer and Communications Security CCS, ed. by D. Lie, M. Mannan, M. Backes, and X. Wang. How you get shot in the back: a systematical study about cryptojacking in the real world (ACMToronto, 2018), pp. 1701\u20131713. https:\/\/doi.org\/10.1145\/3243734.3243840."},{"key":"126_CR27","first-page":"1627","volume-title":"28th USENIX Security Symposium, USENIX Security","author":"H. L. J. Bijmans","year":"2019","unstructured":"H. L. J. Bijmans, T. M. Booij, C. Doerr, in 28th USENIX Security Symposium, USENIX Security, ed. by N. Heninger, P. Traynor. Inadvertently making cyber criminals rich: a comprehensive study of cryptojacking campaigns at internet scale (USENIX AssociationSanta Clara, 2019), pp. 1627\u20131644. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/bijmans."},{"key":"126_CR28","doi-asserted-by":"publisher","first-page":"1714","DOI":"10.1145\/3243734.3243858","volume-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS","author":"R. K. Konoth","year":"2018","unstructured":"R. K. Konoth, E. Vineti, V. Moonsamy, M. Lindorfer, C. Kruegel, H. Bos, G. Vigna, in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS, ed. by D. Lie, M. Mannan, M. Backes, and X. Wang. MineSweeper: an in-depth look into drive-by cryptocurrency mining and its defense (ACMToronto, 2018), pp. 1714\u20131730. https:\/\/doi.org\/10.1145\/3243734.3243858."},{"key":"126_CR29","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1145\/3274694.3274735","volume-title":"Proceedings of the 34th Annual Computer Security Applications Conference ACSAC","author":"J. D. P. Rodriguez","year":"2018","unstructured":"J. D. P. Rodriguez, J. Posegga, in Proceedings of the 34th Annual Computer Security Applications Conference ACSAC. RAPID: resource and API-based detection against in-browser miners (ACMSan Juan, 2018), pp. 313\u2013326. https:\/\/doi.org\/10.1145\/3274694.3274735."},{"key":"126_CR30","doi-asserted-by":"publisher","first-page":"122","DOI":"10.1007\/978-3-319-98989-1_7","volume-title":"23rd European Symposium on Research in Computer Security","author":"W. Wang","year":"2018","unstructured":"W. Wang, B. Ferrell, X. Xu, K. W. Hamlen, S. Hao, in 23rd European Symposium on Research in Computer Security, 11099, ed. by J. L\u00f3pez, J. Zhou, and M. Soriano. SEISMIC: SEcure In-lined Script Monitors for Interrupting Cryptojacks (SpringerBarcelona, 2018), pp. 122\u2013142. https:\/\/doi.org\/10.1007\/978-3-319-98989-1_7."},{"key":"126_CR31","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/PST.2018.8514167","volume-title":"16th Annual Conference on Privacy, Security and Trust","author":"D. Carlin","year":"2018","unstructured":"D. Carlin, P. O\u2019Kane, S. Sezer, J. Burgess, in 16th Annual Conference on Privacy, Security and Trust, ed. by K. McLaughlin, A. A. Ghorbani, S. Sezer, R. Lu, L. Chen, R. H. Deng, P. Miller, S. Marsh, and J. R. C. Nurse. Detecting cryptomining using dynamic analysis (IEEE Computer SocietyBelfast, 2018), pp. 1\u20136. https:\/\/doi.org\/10.1109\/PST.2018.8514167."},{"key":"126_CR32","volume-title":"21st Annual Network and Distributed System Security Symposium","author":"D. Y. Huang","year":"2014","unstructured":"D. Y. Huang, H. Dharmdasani, S. Meiklejohn, V. Dave, C. Grier, D. McCoy, S. Savage, N. Weaver, A. C. Snoeren, K. Levchenko, in 21st Annual Network and Distributed System Security Symposium. Botcoin: monetizing stolen cycles (The Internet SocietySan Diego, 2014). https:\/\/www.ndss-symposium.org\/ndss2014\/botcoin-monetizing-stolen-cycles."},{"key":"126_CR33","unstructured":"xmrig, XMRig (2021). https:\/\/xmrig.com\/ Accessed 21 Apr 2021."},{"key":"126_CR34","unstructured":"J. Grunzweig, The rise of the cryptocurrency miners (2018). https:\/\/unit42.paloaltonetworks.com\/unit42-rise-cryptocurrency-miners\/ Accessed 21 Apr 2021."},{"key":"126_CR35","unstructured":"V. Bulavas, A. Kazantsev, A mining multitool (2018). https:\/\/securelist.com\/a-mining-multitool\/86950\/ Accessed 21 Apr 2021."},{"key":"126_CR36","unstructured":"SecurityFocus, Microsoft Windows SMB Server CVE-2017-0144 Remote Code Execution Vulnerability (2017). https:\/\/www.securityfocus.com\/bid\/96704 Accessed 21 Apr 2021."},{"key":"126_CR37","unstructured":"Dr. WEB Anti-virus, Linux.BtcMine.174 (2018). https:\/\/vms.drweb.com\/virus\/?i=17645163 Accessed 21 Apr 2021."},{"key":"126_CR38","unstructured":"E. Vasilenko, O. Mamedov, To crypt, or to mine - that is the question (2018). https:\/\/securelist.com\/to-crypt-or-to-mine-that-is-the-question\/86307\/ Accessed 21 Apr 2021."},{"key":"126_CR39","unstructured":"P. Papadopoulos, P. Ilia, E. P. Markatos, Truth in web mining: Measuring the profitability and cost of cryptominers as a web monetization model. CoRR (2018). http:\/\/arxiv.org\/abs\/1806.01994."},{"key":"126_CR40","unstructured":"Coinhive, Coinhive Monero JavaScript Mining (2019). https:\/\/web.archive.org\/web\/20190109010215\/https:\/\/coinhive.com\/ Accessed 21 Apr 2021."},{"key":"126_CR41","unstructured":"C. Leonard, CoinHive cryptocurrency mining script injected into 1000s of government websites via BrowseAloud plugin (2018). https:\/\/www.forcepoint.com\/blog\/x-labs\/coinhive-cryptocurrency-mining-script-injected-1000s-government-websites Accessed 21 Apr 2021."},{"key":"126_CR42","unstructured":"C. Liu, J. Chen, Google\u2019s DoubleClick abused to deliver miners (2018). https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners\/ Accessed 21 Apr 2021."},{"key":"126_CR43","unstructured":"M. Hron, D. Jursa, MikroTik mayhem: Cryptomining campaign abusing routers (2018). https:\/\/blog.avast.com\/mikrotik-routers-targeted-by-cryptomining-campaign-avast Accessed 21 Apr 2021."},{"key":"126_CR44","doi-asserted-by":"crossref","unstructured":"E. Tekiner, A. Acar, A. S. Uluagac, E. Kirda, A. A. Selcuk, SoK: cryptojacking malware (2021). https:\/\/doi.org\/2103.03851.","DOI":"10.1109\/EuroSP51992.2021.00019"},{"key":"126_CR45","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1145\/586110.586146","volume-title":"Proceedings of the 9th ACM Conference on Computer and Communications Security","author":"R. Sekar","year":"2002","unstructured":"R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, S. Zhou, in Proceedings of the 9th ACM Conference on Computer and Communications Security, ed. by V. Atluri. Specification-based anomaly detection: a new approach for detecting network intrusions (ACMWashington, 2002), pp. 265\u2013274. https:\/\/doi.org\/10.1145\/586110.586146."},{"key":"126_CR46","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1007\/978-3-540-30143-1_7","volume-title":"7th International Workshop on Recent Advances in Intrusion Detection","author":"Y. Huang","year":"2004","unstructured":"Y. Huang, W. Lee, in 7th International Workshop on Recent Advances in Intrusion Detection, 3224, ed. by E. Jonsson, A. Valdes, and M. Almgren. Attack analysis and detection for ad hoc routing protocols (SpringerSophia Antipolis, 2004), pp. 125\u2013145. https:\/\/doi.org\/10.1007\/978-3-540-30143-1_7."},{"key":"126_CR47","unstructured":"F. Erlacher, F. Dressler, On high-speed flow-based intrusion detection using snort-compatible signatures. IEEE Trans Dependable Secure Comput., 1\u20131 (2020)."},{"key":"126_CR48","doi-asserted-by":"publisher","first-page":"1723","DOI":"10.1145\/3097983.3098163","volume-title":"Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining","author":"B. Anderson","year":"2017","unstructured":"B. Anderson, D. A. McGrew, in Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity (ACMHalifax, 2017), pp. 1723\u20131732. https:\/\/doi.org\/10.1145\/3097983.3098163."},{"key":"126_CR49","volume-title":"11th USENIX Workshop on Cyber Security Experimentation and Test","author":"X. Deng","year":"2018","unstructured":"X. Deng, J. Mirkovic, in 11th USENIX Workshop on Cyber Security Experimentation and Test, ed. by C. S. Collberg, P. A. H. Peterson. Malware analysis through high-level behavior (USENIX AssociationBaltimore, 2018). https:\/\/www.usenix.org\/conference\/cset18\/presentation\/deng."},{"key":"126_CR50","first-page":"807","volume-title":"25th USENIX Security Symposium, USENIX Security","author":"K. Bartos","year":"2016","unstructured":"K. Bartos, M. Sofka, V. Franc, in 25th USENIX Security Symposium, USENIX Security, ed. by T. Holz, S. Savage. Optimized invariant representation of network traffic for detecting unseen malware variants (USENIX AssociationAustin, 2016), pp. 807\u2013822. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/bartos."},{"key":"126_CR51","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/ECRIME.2018.8376209","volume-title":"2018 APWG Symposium on Electronic Crime Research, eCrime","author":"B. A. Alahmadi","year":"2018","unstructured":"B. A. Alahmadi, I. Martinovic, in 2018 APWG Symposium on Electronic Crime Research, eCrime. MalClassifier: malware family classification using network flow sequence behaviour (IEEESan Diego, 2018), pp. 1\u201313. https:\/\/doi.org\/10.1109\/ECRIME.2018.8376209."},{"issue":"3","key":"126_CR52","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1145\/3308897.3308961","volume":"46","author":"M. Piskozub","year":"2018","unstructured":"M. Piskozub, R. Spolaor, I. Martinovic, Malalert: detecting malware in large-scale network traffic using statistical features. SIGMETRICS Perform. Evaluation Rev.46(3), 151\u2013154 (2018). https:\/\/doi.org\/10.1145\/3308897.3308961.","journal-title":"SIGMETRICS Perform. Evaluation Rev."},{"key":"126_CR53","first-page":"139","volume-title":"Proceedings of the 17th USENIX Security Symposium","author":"G. Gu","year":"2008","unstructured":"G. Gu, R. Perdisci, J. Zhang, W. Lee, in Proceedings of the 17th USENIX Security Symposium, ed. by P. C. van Oorschot. BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection (USENIX AssociationSan Jose, 2008), pp. 139\u2013154. http:\/\/www.usenix.org\/events\/sec08\/tech\/full_papers\/gu\/gu.pdf."},{"key":"126_CR54","doi-asserted-by":"publisher","unstructured":"L. Bilge, D. Balzarotti, W. K. Robertson, E. Kirda, C. Kruegel, ed. by R. H. Zakon. 28th Annual Computer Security Applications Conference (ACMOrlando, 2012), pp. 129\u2013138. https:\/\/doi.org\/10.1145\/2420950.2420969.","DOI":"10.1145\/2420950.2420969"},{"key":"126_CR55","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1016\/j.cose.2013.04.007","volume":"39","author":"D. Zhao","year":"2013","unstructured":"D. Zhao, I. Traor\u00e9, B. Sayed, W. Lu, S. Saad, A. A. Ghorbani, D. Garant, Botnet detection based on traffic behavior analysis and flow intervals. Comput. Secur.39:, 2\u201316 (2013). https:\/\/doi.org\/10.1016\/j.cose.2013.04.007.","journal-title":"Comput. Secur."},{"key":"126_CR56","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1109\/ICDCS.2006.6","volume-title":"26th IEEE International Conference on Distributed Computing Systems (ICDCS)","author":"Y. Gao","year":"2006","unstructured":"Y. Gao, Z. Li, Y. Chen, in 26th IEEE International Conference on Distributed Computing Systems (ICDCS). A DoS resilient flow-level intrusion detection approach for high-speed networks (IEEE Computer SocietyLisboa, 2006), p. 39. https:\/\/doi.org\/10.1109\/ICDCS.2006.6."},{"key":"126_CR57","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1145\/1080091.1080118","volume-title":"Proceedings of the ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications","author":"A. Lakhina","year":"2005","unstructured":"A. Lakhina, M. Crovella, C. Diot, in Proceedings of the ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, ed. by R. Gu\u00e9rin, R. Govindan, and G. Minshall. Mining anomalies using traffic feature distributions (ACMPhiladelphia, 2005), pp. 217\u2013228. https:\/\/doi.org\/10.1145\/1080091.1080118."},{"key":"126_CR58","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1109\/INM.2007.374774","volume-title":"10th IFIP\/IEEE International Symposium on Integrated Network Management","author":"G. M\u00fcnz","year":"2007","unstructured":"G. M\u00fcnz, G. Carle, in 10th IFIP\/IEEE International Symposium on Integrated Network Management. Real-time analysis of flow data for network attack detection (IEEEMunich, 2007), pp. 100\u2013108. https:\/\/doi.org\/10.1109\/INM.2007.374774."},{"key":"126_CR59","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1007\/978-3-540-87357-0_2","volume-title":"IP Operations and Management, 8th IEEE International Workshop","author":"A. Sperotto","year":"2008","unstructured":"A. Sperotto, R. Sadre, A. Pras, in IP Operations and Management, 8th IEEE International Workshop, 5275, ed. by N. Akar, M. Pi\u00f3ro, and C. Skianis. Anomaly characterization in flow-based traffic time series (SpringerSamos Island, 2008), pp. 15\u201327. https:\/\/doi.org\/10.1007\/978-3-540-87357-0_2."},{"issue":"10","key":"126_CR60","doi-asserted-by":"publisher","first-page":"1840","DOI":"10.1109\/JSAC.2006.877139","volume":"24","author":"Q. Zhao","year":"2006","unstructured":"Q. Zhao, J. J. Xu, A. Kumar, Detection of super sources and destinations in high-speed networks: algorithms, analysis and evaluation. IEEE J. Sel. Areas Commun.24(10), 1840\u20131852 (2006). https:\/\/doi.org\/10.1109\/JSAC.2006.877139.","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"126_CR61","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1007\/978-3-642-01645-5_4","volume-title":"International Workshop on Traffic Monitoring and Analysis","author":"I. Paredes-Oliva","year":"2009","unstructured":"I. Paredes-Oliva, P. Barlet-Ros, J. Sol\u00e9-Pareta, in International Workshop on Traffic Monitoring and Analysis, 5537, ed. by M. Papadopouli, P. Owezarski, and A. Pras. Portscan detection with sampled NetFlow (SpringerAachen, 2009), pp. 26\u201333. https:\/\/doi.org\/10.1007\/978-3-642-01645-5_4."},{"key":"126_CR62","doi-asserted-by":"publisher","first-page":"166","DOI":"10.1109\/WETICE.2005.40","volume-title":"14th IEEE International Workshops on Enabling Technologies (WETICE)","author":"T. D\u00fcbendorfer","year":"2005","unstructured":"T. D\u00fcbendorfer, B. Plattner, in 14th IEEE International Workshops on Enabling Technologies (WETICE). Host behaviour based early detection of worm outbreaks in internet backbones (IEEE Computer SocietyLink\u00f6ping, 2005), pp. 166\u2013171. https:\/\/doi.org\/10.1109\/WETICE.2005.40."},{"key":"126_CR63","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1109\/IWCIP.2005.2","volume-title":"Proceedings of the First IEEE International Workshop on Critical Infrastructure Protection IWCIP \u201905","author":"T. D\u00fcbendorfer","year":"2005","unstructured":"T. D\u00fcbendorfer, A. Wagner, B. Plattner, in Proceedings of the First IEEE International Workshop on Critical Infrastructure Protection IWCIP \u201905. A framework for real-time worm attack detection and backbone monitoring (IEEE Computer SocietyUSA, 2005), pp. 3\u201312. https:\/\/doi.org\/10.1109\/IWCIP.2005.2."},{"issue":"1","key":"126_CR64","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1109\/TIFS.2015.2478741","volume":"11","author":"M. Conti","year":"2016","unstructured":"M. Conti, L. V. Mancini, R. Spolaor, N. V. Verde, Analyzing android encrypted network traffic to identify user actions. IEEE Trans. Inf. Forensics Secur.11(1), 114\u2013125 (2016). https:\/\/doi.org\/10.1109\/TIFS.2015.2478741.","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"126_CR65","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1145\/2699026.2699119","volume-title":"Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY","author":"M. Conti","year":"2015","unstructured":"M. Conti, L. V. Mancini, R. Spolaor, N. V. Verde, in Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY, ed. by J. Park, A. C. Squicciarini. Can\u2019t you hear me knocking: identification of user actions on Android apps via traffic analysis (ACMSan Antonio, 2015), pp. 297\u2013304. https:\/\/doi.org\/10.1145\/2699026.2699119."},{"key":"126_CR66","doi-asserted-by":"publisher","unstructured":"E. Papadogiannaki, C. Halevidis, P. Akritidis, L. Koromilas, 11050, ed. by M. Bailey, T. Holz, M. Stamatogiannakis, and S. Ioannidis. 21st International Symposium on Research in Attacks, Intrusions, and Defenses (SpringerHeraklion, 2018), pp. 315\u2013334. https:\/\/doi.org\/10.1007\/978-3-030-00470-5_15.","DOI":"10.1007\/978-3-030-00470-5_15"},{"issue":"2","key":"126_CR67","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1145\/1129582.1129589","volume":"36","author":"L. Bernaille","year":"2006","unstructured":"L. Bernaille, R. Teixeira, I. Akodkenou, A. Soule, K. Salamatian, Traffic classification on the fly. Comput. Commun. Rev.36(2), 23\u201326 (2006). https:\/\/doi.org\/10.1145\/1129582.1129589.","journal-title":"Comput. Commun. Rev."},{"key":"126_CR68","doi-asserted-by":"publisher","first-page":"479","DOI":"10.1145\/1815396.1815507","volume-title":"Proceedings of the 6th International Wireless Communications and Mobile Computing Conference","author":"D. Rossi","year":"2010","unstructured":"D. Rossi, S. Valenti, in Proceedings of the 6th International Wireless Communications and Mobile Computing Conference, ed. by A. Helmy, P. Mueller, and Y. Zhang. Fine-grained traffic classification with NetFlow data (ACMCaen, 2010), pp. 479\u2013483. https:\/\/doi.org\/10.1145\/1815396.1815507."},{"issue":"5","key":"126_CR69","doi-asserted-by":"publisher","first-page":"1083","DOI":"10.1016\/j.comnet.2010.11.002","volume":"55","author":"V. Carela-Espa\u00f1ol","year":"2011","unstructured":"V. Carela-Espa\u00f1ol, P. Barlet-Ros, A. Cabellos-Aparicio, J. Sol\u00e9-Pareta, Analysis of the impact of sampling on netflow traffic classification. Comput. Netw.55(5), 1083\u20131099 (2011). https:\/\/doi.org\/10.1016\/j.comnet.2010.11.002.","journal-title":"Comput. Netw."},{"issue":"1-4","key":"126_CR70","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1109\/SURV.2008.080406","volume":"10","author":"T. T. T. Nguyen","year":"2008","unstructured":"T. T. T. Nguyen, G. J. Armitage, A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. Tutor.10(1-4), 56\u201376 (2008). https:\/\/doi.org\/10.1109\/SURV.2008.080406.","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"4","key":"126_CR71","doi-asserted-by":"publisher","first-page":"2658","DOI":"10.1109\/COMST.2018.2843533","volume":"20","author":"M. Conti","year":"2018","unstructured":"M. Conti, Q. Li, A. Maragno, R. Spolaor, The dark side(-channel) of mobile devices: a survey on network traffic analysis. IEEE Commun. Surv. Tutor.20(4), 2658\u20132713 (2018). https:\/\/doi.org\/10.1109\/COMST.2018.2843533.","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"126_CR72","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1145\/3230833.3230869","volume-title":"Proceedings of the 13th International Conference on Availability, Reliability and Security","author":"J. Rauchberger","year":"2018","unstructured":"J. Rauchberger, S. Schrittwieser, T. Dam, R. Luh, D. Buhov, G. P\u00f6tzelsberger, H. Kim, in Proceedings of the 13th International Conference on Availability, Reliability and Security, ed. by S. Doerr, M. Fischer, S. Schrittwieser, and D. Herrmann. The other side of the coin: a framework for detecting and analyzing web-based cryptocurrency mining campaigns (ACMHamburg, 2018), pp. 18\u201311810. https:\/\/doi.org\/10.1145\/3230833.3230869."},{"key":"126_CR73","unstructured":"M. Musch, C. Wressnegger, M. Johns, K. Rieck, Web-based cryptojacking in the wild. CoRR abs\/1808.09474 (2018). http:\/\/arxiv.org\/abs\/1808.09474."},{"key":"126_CR74","unstructured":"I. Petrov, L. Invernizzi, E. Bursztein, CoinPolice: detecting hidden cryptojacking attacks with neural networks (2020). http:\/\/arxiv.org\/abs\/2006.10861."},{"key":"126_CR75","doi-asserted-by":"crossref","unstructured":"A. Romano, Y. Zheng, W. Wang, in 2020 35th IEEE\/ACM International Conference on Automated Software Engineering (ASE). Minerray: semantics-aware analysis for ever-evolving cryptojacking detection, (2020), pp. 1129\u20131140.","DOI":"10.1145\/3324884.3416580"},{"key":"126_CR76","unstructured":"M. Solanas, J. Hernandez-Castro, D. Dutta, Detecting fraudulent activity in a cloud using privacy-friendly data aggregates. CoRR abs\/1411.6721 (2014). http:\/\/arxiv.org\/abs\/1411.6721."},{"key":"126_CR77","doi-asserted-by":"publisher","unstructured":"R. Ning, C. Wang, C. Xin, J. Li, L. Zhu, H. Wu, in IEEE INFOCOM 2019 - IEEE Conference on Computer Communications. Capjack: capture in-browser crypto-jacking by deep capsule network through behavioral analysis, (2019), pp. 1873\u20131881. https:\/\/doi.org\/10.1109\/INFOCOM.2019.8737381.","DOI":"10.1109\/INFOCOM.2019.8737381"},{"key":"126_CR78","doi-asserted-by":"publisher","first-page":"287","DOI":"10.1007\/978-3-319-66332-6_13","volume-title":"20th International Symposium on Research in Attacks, Intrusions, and Defenses","author":"R. Tahir","year":"2017","unstructured":"R. Tahir, M. Huzaifa, A. Das, M. Ahmad, C. A. Gunter, F. Zaffar, M. Caesar, N. Borisov, in 20th International Symposium on Research in Attacks, Intrusions, and Defenses, 10453, ed. by M. Dacier, M. Bailey, M. Polychronakis, and M. Antonakakis. Mining on someone else\u2019s dime: mitigating covert mining operations in clouds and enterprises (SpringerAtlanta, 2017), pp. 287\u2013310. https:\/\/doi.org\/10.1007\/978-3-319-66332-6_13."},{"key":"126_CR79","unstructured":"M. Conti, A. Gangwal, G. Lain, S. G. Piazzetta, Detecting covert cryptomining using HPC. CoRR abs\/1909.00268 (2019). http:\/\/arxiv.org\/abs\/1909.00268."},{"issue":"2","key":"126_CR80","doi-asserted-by":"publisher","first-page":"67","DOI":"10.26577\/JMMCS-2018-2-400","volume":"98","author":"M. Bissaliyev","year":"2018","unstructured":"M. Bissaliyev, A. Nyussupov, S. Mussiraliyeva, Enterprise security assessment framework for cryptocurrency mining based on monero. J. Math. Mech. Comput. Sci.98(2), 67\u201376 (2018). https:\/\/doi.org\/10.26577\/jmmcs-2018-2-400.","journal-title":"J. Math. Mech. Comput. Sci."},{"key":"126_CR81","doi-asserted-by":"publisher","unstructured":"D. Draghicescu, A. Caranica, A. Vulpe, O. Fratu, in 2018 International Conference on Communications (COMM). Crypto-mining application fingerprinting method, (2018), pp. 543\u2013546. https:\/\/doi.org\/10.1109\/ICComm.2018.8484745.","DOI":"10.1109\/ICComm.2018.8484745"},{"key":"126_CR82","doi-asserted-by":"publisher","unstructured":"F. Gomes, M. Correia, in 2020 IEEE 19th International Symposium on Network Computing and Applications (NCA). Cryptojacking detection with cpu usage metrics, (2020), pp. 1\u201310. https:\/\/doi.org\/10.1109\/NCA51143.2020.9306696.","DOI":"10.1109\/NCA51143.2020.9306696"},{"key":"126_CR83","doi-asserted-by":"publisher","unstructured":"G. Gomes, L. Dias, M. Correia, in 2020 IEEE 19th International Symposium on Network Computing and Applications (NCA). Cryingjackpot: network flows and performance counters against cryptojacking, (2020), pp. 1\u201310. https:\/\/doi.org\/10.1109\/NCA51143.2020.9306698.","DOI":"10.1109\/NCA51143.2020.9306698"},{"key":"126_CR84","doi-asserted-by":"crossref","unstructured":"F. Naseem, A. Aris, L. Babun, E. Tekiner, S. Uluagac, in Network and Distributed Systems Security (NDSS) Symposium 2021, February 21-25, 2021 Virtual. Minos*: a lightweight real-time cryptojacking detection system, (2021). https:\/\/dx.doi.org\/10.14722\/ndss.2021.24444.","DOI":"10.14722\/ndss.2021.24444"},{"key":"126_CR85","unstructured":"S. S. Ali, A. ElAshmawy, A. F. Shosha, in Proceedings of the International Conference on Security and Management (SAM). Memory forensics methodology for investigating cryptocurrency protocols, (2018), pp. 153\u2013159."},{"key":"126_CR86","doi-asserted-by":"publisher","first-page":"1630","DOI":"10.1109\/TIFS.2019.2945171","volume":"15","author":"A. Gangwal","year":"2020","unstructured":"A. Gangwal, M. Conti, Cryptomining cannot change its spots: detecting covert cryptomining using magnetic side-channel. IEEE Transactions on Information Forensics and Security. 15:, 1630\u20131639 (2020).","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"126_CR87","unstructured":"J. D\u2019Herdt, Detecting crypto currency mining in corporate environments. Technical report, SANS (2018). https:\/\/www.sans.org\/reading-room\/whitepapers\/threats\/paper\/35722."},{"key":"126_CR88","doi-asserted-by":"publisher","unstructured":"E. L. Jamtel, in 2018 11th International Conference on IT Security Incident Management IT Forensics (IMF). Swimming in the monero pools, (2018), pp. 110\u2013114. https:\/\/doi.org\/10.1109\/IMF.2018.00016.","DOI":"10.1109\/IMF.2018.00016"},{"key":"126_CR89","doi-asserted-by":"publisher","unstructured":"A. Swedan, A. N. Khuffash, O. Othman, A. Awad, ed. by A. Abuarqoub, B. Adebisi, M. Hammoudeh, S. Murad, and M. Arioua. Proceedings of the 2nd International Conference on Future Networks and Distributed Systems (ACMAmman, 2018), pp. 23\u201312310. https:\/\/doi.org\/10.1145\/3231053.3231076.","DOI":"10.1145\/3231053.3231076"},{"key":"126_CR90","doi-asserted-by":"publisher","unstructured":"H. N. C. Neto, M. A. Lopez, N. C. Fernandes, D. M. F. Mattos, 75. Minecap: super incremental learning for detecting and blocking cryptocurrency mining on software-defined networking, (2020), pp. 121\u2013131. https:\/\/doi.org\/10.1007\/s12243-019-00744-4.","DOI":"10.1007\/s12243-019-00744-4"},{"key":"126_CR91","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1016\/j.comcom.2021.02.016","volume":"171","author":"M. Caprolu","year":"2021","unstructured":"M. Caprolu, S. Raponi, G. Oligeri, R. D. Pietro, Cryptomining makes noise: detecting cryptojacking via machine learning. Comput. Commun.171:, 126\u2013139 (2021). https:\/\/doi.org\/10.1016\/j.comcom.2021.02.016.","journal-title":"Comput. Commun."},{"key":"126_CR92","doi-asserted-by":"publisher","first-page":"158036","DOI":"10.1109\/ACCESS.2020.3019658","volume":"8","author":"A. Pastor","year":"2020","unstructured":"A. Pastor, A. Mozo, S. Vakaruk, D. Canavese, D. R. L\u00f3pez, L. Regano, S. G\u00f3mez-Canaval, A. Lioy, Detection of encrypted cryptomining malware connections with machine and deep learning. IEEE Access. 8:, 158036\u2013158055 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2020.3019658.","journal-title":"IEEE Access"},{"key":"126_CR93","doi-asserted-by":"publisher","first-page":"907","DOI":"10.1145\/3320269.3405440","volume-title":"Proceedings of the 15th ACM Asia Conference on Computer and Communications Security ASIA CCS \u201920","author":"Y. Feng","year":"2020","unstructured":"Y. Feng, D. Sisodia, J. Li, in Proceedings of the 15th ACM Asia Conference on Computer and Communications Security ASIA CCS \u201920. Poster: content-agnostic identification of cryptojacking in network traffic (Association for Computing MachineryNew York, 2020), pp. 907\u2013909. https:\/\/doi.org\/10.1145\/3320269.3405440."},{"key":"126_CR94","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/IWMN.2019.8804995","volume-title":"5th IEEE International Symposium on Measurements & Networking, M&N","author":"J. Su\u00e1rez-Varela","year":"2019","unstructured":"i Mu\u00f1oz J.Z., J. Su\u00e1rez-Varela, P. Barlet-Ros, in 5th IEEE International Symposium on Measurements & Networking, M&N. Detecting cryptocurrency miners with NetFlow\/IPFIX network measurements (IEEECatania, 2019), pp. 1\u20136. https:\/\/doi.org\/10.1109\/IWMN.2019.8804995."},{"key":"126_CR95","doi-asserted-by":"publisher","first-page":"100884","DOI":"10.1016\/j.diin.2019.08.002","volume":"31","author":"V. Vesel\u00fd","year":"2019","unstructured":"V. Vesel\u00fd, M. Z\u00e1dn\u00edk, How to detect cryptocurrency miners? by traffic forensics!Dig. Investig.31:, 100884 (2019). https:\/\/doi.org\/10.1016\/j.diin.2019.08.002.","journal-title":"Dig. Investig."},{"issue":"1-3","key":"126_CR96","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/s10994-014-5473-9","volume":"101","author":"F. Iglesias","year":"2015","unstructured":"F. Iglesias, T. Zseby, Analysis of network traffic features for anomaly detection. Mach. Learn.101(1-3), 59\u201384 (2015). https:\/\/doi.org\/10.1007\/s10994-014-5473-9.","journal-title":"Mach. Learn."},{"key":"126_CR97","unstructured":"SupportXMR, List of all Monero Pools (2021). http:\/\/moneropools.com\/ Accessed 21 Apr 2021."},{"key":"126_CR98","unstructured":"Slushpool, What is Vardiff (variable difficulty algorithm)? (2021). https:\/\/help.slushpool.com\/en\/support\/solutions\/articles\/77000433929-what-is-vardiff-variable-difficulty-algorithm- Accessed 21 Apr 2021."},{"key":"126_CR99","first-page":"2825","volume":"12","author":"F. Pedregosa","year":"2011","unstructured":"F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, E. Duchesnay, Scikit-learn: machine learning in Python. J. Mach. Learn. Res.12:, 2825\u20132830 (2011).","journal-title":"J. Mach. Learn. Res."},{"key":"126_CR100","unstructured":"node-cryptonote-pool Developers, Mining pool for CryptoNote based coins such as Bytecoin and Monero. GitHub (2020). https:\/\/github.com\/zone117x\/node-cryptonote-pool."},{"key":"126_CR101","unstructured":"nodejs-pool Developers, nodejs-pool. GitHub (2020). https:\/\/github.com\/Snipa22\/nodejs-pool."},{"key":"126_CR102","unstructured":"Stichting Cuckoo Foundation, Cuckoo Sandbox - automated malware analysis (2021). https:\/\/cuckoosandbox.org\/ Accessed 19 Apr 2021."},{"key":"126_CR103","unstructured":"K. Khade, X. Lin, WebCobra malware uses victims\u2019 computers to mine cryptocurrency (2018). https:\/\/securingtomorrow.mcafee.com\/other-blogs\/mcafee-labs\/webcobra-malware-uses-victims-computers-to-mine-cryptocurrency\/ Accessed 21 Apr 2021."},{"key":"126_CR104","unstructured":"N. Hyv\u00e4rinen, NRSMiner updates to newer version (2019). https:\/\/labsblog.f-secure.com\/2019\/01\/03\/nrsminer-updates-to-newer-version\/ Accessed 21 Apr 2021."},{"key":"126_CR105","unstructured":"Nanopool, Claymore-XMR-Miner (2017). https:\/\/github.com\/nanopool\/Claymore-XMR-Miner\/blob\/master\/README.md Accessed 21 Apr 2021."},{"key":"126_CR106","unstructured":"OpenSSL Software Foundation, OpenSSL: Cryptography and SSL\/TLS Toolkit (2020). https:\/\/www.openssl.org\/docs\/man1.0.2\/man1\/ciphers.html Accessed 21 Apr 2021."},{"key":"126_CR107","unstructured":"mineXMR.com, High performance Monero mining pool (2021). http:\/\/minexmr.com\/ Accessed 21 Apr 2021."},{"key":"126_CR108","unstructured":"J. Grunzweig, Large scale Monero cryptocurrency mining operation using XMRig (2018). https:\/\/unit42.paloaltonetworks.com\/unit42-large-scale-monero-cryptocurrency-mining-operation-using-xmrig\/ Accessed 21 Apr 2021."},{"key":"126_CR109","unstructured":"CoinIMP, CoinIMP FREE JavaScript Mining (2020). https:\/\/www.coinimp.com\/ Accessed 21 Apr 2021."},{"key":"126_CR110","unstructured":"PublicWWW, PublicWWW Source Code Search Engine (2020). https:\/\/publicwww.com\/ Accessed 21 Apr 2021."},{"key":"126_CR111","unstructured":"Check Point, April 2019\u2019s most wanted malware: cyber criminals up to old \u2019trickbots\u2019 again (2019). https:\/\/www.checkpoint.com\/press\/2019\/april-2019s-most-wanted-malware-cyber-criminals-up-to-old-trickbots-again\/ Accessed 21 Apr 2021."},{"key":"126_CR112","unstructured":"Check Point, October 2019\u2019s most wanted malware: the decline of cryptominers continues, as Emotet Botnet expands rapidly (2019). https:\/\/www.checkpoint.com\/press\/2019\/may-2019-most-wanted-malware-patch-now-to-avoid-the-bluekeep-blues\/ Accessed 21 Apr 2021."},{"key":"126_CR113","unstructured":"Check Point, February 2020\u2019s most wanted malware: increase in exploits spreading the Mirai Botnet to IoT devices (2020). https:\/\/blog.checkpoint.com\/2020\/03\/11\/february-2020s-most-wanted-malware-increase-in-exploits-spreading-the-mirai-botnet-to-iot-devices\/ Accessed 21 Apr 2021."},{"key":"126_CR114","unstructured":"Marathon Studios Inc., AbuseIPDB - IP address abuse reports (2021). https:\/\/www.abuseipdb.com\/ Accessed 2021 Oct 15."},{"key":"126_CR115","unstructured":"Programmer All, Mac sample analysis (2020). https:\/\/programmerall.com\/article\/76021153067\/ Accessed 15 Oct 2021."},{"key":"126_CR116","unstructured":"Peter \u201cfracpete\u201d Reutemann, Python wrapper for the Weka Machine Learning Workbench (2021). https:\/\/pypi.org\/project\/python-weka-wrapper\/ Accessed 19 Apr 2021."}],"container-title":["EURASIP Journal on Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-021-00126-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s13635-021-00126-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-021-00126-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,2,10]],"date-time":"2023-02-10T01:14:50Z","timestamp":1675991690000},"score":1,"resource":{"primary":{"URL":"https:\/\/jis-eurasipjournals.springeropen.com\/articles\/10.1186\/s13635-021-00126-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12,4]]},"references-count":116,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2021,12]]}},"alternative-id":["126"],"URL":"https:\/\/doi.org\/10.1186\/s13635-021-00126-1","relation":{"has-preprint":[{"id-type":"doi","id":"10.21203\/rs.3.rs-607598\/v1","asserted-by":"object"}]},"ISSN":["2510-523X"],"issn-type":[{"value":"2510-523X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,12,4]]},"assertion":[{"value":"15 June 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 November 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 December 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 December 2021","order":4,"name":"change_date","label":"Change Date","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Update","order":5,"name":"change_type","label":"Change Type","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"A typesetting error caused by the incorrect XML tagging in the first paragraph of the Introduction section was fixed.","order":6,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors are currently applying for patents relating to the content of the manuscript. MR and N\u0160 have received salary from an organization that has applied for patents relating to the content of the manuscript.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"11"}}