Detecting Cryptomining Malware: a Deep Learning Approach for Static and Dynamic Analysis

Abadi, M., Agarwal, A., Barham, P., Brevdo, E., Chen, Z., Citro, C., Corrado, G. S., Davis, A., Dean, J., Devin, M., et al.: Tensorflow: Large-scale machine learning on heterogeneous distributed systems. arXiv:1603.04467 (2016)

Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate. arXiv:1409.0473 (2014)

Bahrami, P. N., Dehghantanha, A., Dargahi, T., Parizi, R. M., Choo, K. R., Javadi, H. H. S.: Cyber kill chain-based taxonomy of advanced persistent threat actors: Analogy of tactics, techniques, and procedures. J. Inf. Process. Sys. 15(4), 865–889 (2019). https://doi.org/10.3745/JIPS.03.0126

Bai, S., Kolter, J. Z., Koltun, V.: An empirical evaluation of generic convolutional and recurrent networks for sequence modeling. arXiv:1803.01271 (2018)

Baldwin, J., Dehghantanha, A.: Leveraging support vector machine for opcode density based detection of crypto-ransomware. In: Cyber Threat Intelligence, pp 107–136. Springer (2018)

Bishop, C. M.: Pattern Recognition and Machine Learning, chap. 2, pp 113–116. Springer, Berlin (2006)

Boughorbel, S., Jarray, F., El-Anbari, M.: Optimal classifier for imbalanced data using matthews correlation coefficient metric. PLOS ONE 12(6), e0177678 (2017). https://doi.org/10.1371/journal.pone.0177678

Brown, S. D.: Cryptocurrency and criminality. The Police Journal: Theory Practice and Principles 89(4), 327–339 (2016). https://doi.org/10.1177/0032258x16658927

Carlin, D., O’kane, P., Sezer, S., Burgess, J.: Detecting cryptomining using dynamic analysis. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp 1–6. IEEE (2018)

Carlin, D., OrKane, P., Sezer, S., Burgess, J.: Detecting cryptomining using dynamic analysis. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST). https://doi.org/10.1109/pst.2018.8514167. IEEE (2018)

Choo, K. K. R., et al.: Cyber threat landscape faced by financial and insurance industry. Trends and issues in crime and criminal justice (408), 1–6 (2011)

Choo, K. R.: The cyber threat landscape: Challenges and future research directions. Computers & Security 30(8), 719–731 (2011)

Chorowski, J., Bahdanau, D., Serdyuk, D., Cho, K., Bengio, Y.: Attention-based models for speech recognition. In: Proceedings of the 28th International Conference on Neural Information Processing Systems - Volume 1, NIPS’15. http://dl.acm.org/citation.cfm?id=2969239.2969304, pp 577–585. MIT Press, Cambridge (2015)

Cireşan, D. C., Meier, U., Masci, J., Gambardella, L. M., Schmidhuber, J.: Flexible, high performance convolutional neural networks for image classification. In: Proceedings of the Twenty-Second International Joint Conference on Artificial Intelligence - Volume Volume Two, IJCAI’11. https://doi.org/10.5591/978-1-57735-516-8/IJCAI11-210, pp 1237–1242. AAAI Press (2011)

Conti, M., Dargahi, T., Dehghantanha, A.: Cyber Threat Intelligence: Challenges and Opportunities. Springer, Berlin (2018)

Costin, A., Zaddach, J.: Iot malware: Comprehensive Survey, Analysis Framework and Case Studies. BlackHat, USA (2018)

Courtois, N. T., Emirdag, P., Wang, Z.: On detection of bitcoin mining redirection attacks. In: 2015 International Conference on Information Systems Security and Privacy (ICISSP), pp 98–105. IEEE (2015)

Darabian, H., Dehghantanha, A., Hashemi, S., Homayoun, S., Choo, K. K. R.: An opcode-based technique for polymorphic internet of things malware detection. Concurrency and Computation: Practice and Experience, pp. e5173. https://doi.org/10.1002/cpe.5173 (2019)

Draghicescu, D., Caranica, A., Vulpe, A., Fratu, O.: Crypto-mining application fingerprinting method. In: 2018 International Conference on Communications (COMM). https://doi.org/10.1109/iccomm.2018.8484745. IEEE (2018)

Gers, F. A., Schmidhuber, J., Cummins, F.: Learning to forget: Continual prediction with LSTM. Neural Comput. 12(10), 2451–2471 (2000). https://doi.org/10.1162/089976600300015015

Graves, A., Jaitly, N., Mohamed, A.: Hybrid speech recognition with deep bidirectional LSTM. In: 2013 IEEE Workshop on Automatic Speech Recognition and Understanding. IEEE (2013), https://doi.org/10.1109/asru.2013.6707742

Hasan, S., Alam, M., Khan, T., Javaid, N., Khan, A.: Extraction of malware iocs and ttps mapping with coas. Computer and Cyber Security: Principles, Algorithm, Applications, and Perspectives, p. 335 (2018)

Hashemi, H., Azmoodeh, A., Hamzeh, A., Hashemi, S.: Graph embedding as a new approach for unknown malware detection. Journal of Computer Virology and Hacking Techniques 13(3), 153–166 (2016). https://doi.org/10.1007/s11416-016-0278-y

Hermann, K.M., Kočiský, T., Grefenstette, E., Espeholt, L., Kay, W., Suleyman, M., Blunsom, P.: Teaching machines to read and comprehend. In: Proceedings of the 28th International Conference on Neural Information Processing Systems - Volume 1, NIPS’15, pp 1693–1701. MIT Press, Cambridge (2015). http://dl.acm.org/citation.cfm?id=2969239.2969428

Homayoun, S., Dehghantanha, A., Ahmadzadeh, M., Hashemi, S., Khayami, R.: Know abnormal, find evil: Frequent pattern mining for ransomware threat hunting and intelligence. IEEE Transactions on Emerging Topics in Computing, pp. 1–1. https://doi.org/10.1109/tetc.2017.2756908 (2017)

Homayoun, S., Dehghantanha, A., Ahmadzadeh, M., Hashemi, S., Khayami, R., Choo, K. K. R., Newton, D. E.: DRTHIS: Deep Ransomware threat hunting and intelligence system at the fog layer. Futur. Gener. Comput. Syst. 90, 94–104 (2019). https://doi.org/10.1016/j.future.2018.07.045

Kananizadeh, S., Kononenko, K.: Predictive mitigation of timing channels - threat defense for machine codes. J. Grid Comput. 15(3), 395–414 (2017)

Kingma, D. P., Ba, J.: Adam: A method for stochastic optimization. arXiv:1412.6980 (2014)

Kovács, J.: Supporting programmable autoscaling rules for containers and virtual machines on clouds. J. Grid Comput. 17(4), 813–829 (2019)

Längkvist, M., Karlsson, L., Loutfi, A.: A review of unsupervised feature learning and deep learning for time-series modeling. Pattern Recogn. Lett. 42, 11–24 (2014). https://doi.org/10.1016/j.patrec.2014.01.008

Parizi, R.M., Dehghantanha, A.: On the understanding of gamification in blockchain systems. In: 2018 6th International Conference on Future Internet of Things and Cloud Workshops (Ficloudw), pp 214–219 (2018), https://doi.org/10.1109/W-FiCloud.2018.00041

Ma, Y., Peng, H., Cambria, E.: Targeted aspect-based sentiment analysis via embedding commonsense knowledge into an attentive Lstm. In: Thirty-Second AAAI Conference on Artificial Intelligence (2018)

Milosevic, N., Dehghantanha, A., Choo, K. K. R.: Machine learning aided android malware classification. Computers & Electrical Engineering 61, 266–274 (2017). https://doi.org/10.1016/j.compeleceng.2017.02.013

Mukhopadhyay, U., Skjellum, A., Hambolu, O., Oakley, J., Yu, L., Brooks, R.: A brief survey of cryptocurrency systems. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST). IEEE (2016), https://doi.org/10.1109/pst.2016.7906988

O’Shea, K., Nash, R.: An introduction to convolutional neural networks. arXiv:1511.08458 (2015)

Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., et al.: Scikit-learn: Machine learning in python. J. Mach. Learn. Res. 12(Oct), 2825–2830 (2011)

Pennington, J., Socher, R., Manning, C.: Glove: Global vectors for word representation. In: Proceedings of the 2014 conference on empirical methods in natural language processing (EMNLP), pp. 1532–1543 (2014)

Rüth, J., Zimmermann, T., Wolsing, K., Hohlfeld, O.: Digging into browser-based crypto mining. In: Proceedings of the Internet Measurement Conference 2018, pp 70–76. ACM (2018)

Santos, I., Brezo, F., Nieves, J., Penya, Y.K., Sanz, B., Laorden, C., Bringas, P.G.: Idea: Opcode-sequence-based malware detection. In: Lecture Notes in Computer Science, pp 35–43. Springer, Berlin (2010), https://doi.org/10.1007/978-3-642-11747-3_3

Sniezynski, B., Nawrocki, P., Wilk, M., Jarzab, M., Zielinski, K.: VM Reservation plan adaptation using machine learning in cloud computing. J. Grid Comput. 17(4), 797–812 (2019)

Srivastava, N., Hinton, G., Krizhevsky, A., Sutskever, I., Salakhutdinov, R.: Dropout: a simple way to prevent neural networks from overfitting. J. Mach. Learn. Res. 15(1), 1929–1958 (2014)

Stokel-Walker, C.: Are you making cryptocurrency for crooks? New Scientist 237(3161), 16 (2018). https://doi.org/10.1016/s0262-4079(18)30115-5

Sundermeyer, M., Schlüter, R., Ney, H.: Lstm neural networks for language modeling. In: Thirteenth Annual Conference of the International Speech Communication Association (2012)

Taylor, P.J., Dargahi, T., Dehghantanha, A., Parizi, R.M., Choo, K.K.R.: A systematic literature review of blockchain cyber security. Digital communications and networks. https://doi.org/10.1016/j.dcan.2019.01.005. http://www.sciencedirect.com/science/article/pii/S2352864818301536(2019)

Vinod, P., Jaipur, R., Laxmi, V., Gaur, M.: Survey on malware detection methods. In: Proceedings of the 3rd Hackers’ Workshop on Computer and Internet Security (IITKHACK’09), pp. 74–79 (2009)

Vukalovic, J., Delija, D.: Advanced persistent threats - detection and defense. In: 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). IEEE (2015), https://doi.org/10.1109/mipro.2015.7160480

Wang, W., Zeng, G.: Bayesian cognitive model in scheduling algorithm for data intensive computing. J. Grid. Comput. 10(1), 173–184 (2012)

Wang, Y., Huang, M., Zhu, X., Zhao, L.: Attention-based LSTM for aspect-level sentiment classification. In: Proceedings of the 2016 Conference on Empirical Methods in Natural Language Processing. Association for Computational Linguistics, Austin, Texas. https://doi.org/10.18653/v1/D16-1058, https://www.aclweb.org/anthology/D16-1058, pp 606–615 (2016)

Xu, K., Ba, J., Kiros, R., Cho, K., Courville, A., Salakhudinov, R., Zemel, R., Bengio, Y.: Show, attend and tell: Neural image caption generation with visual attention. In: Proceedings of the 32nd International Conference on Machine Learning, Proceedings of Machine Learning Research, vol. 37, pp. 2048–2057. PMLR http://proceedings.mlr.press/v37/xuc15.html (2015)

Yang, Z., Yang, D., Dyer, C., He, X., Smola, A., Hovy, E.: Hierarchical attention networks for document classification. In: Proceedings of the 2016 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, pp. 1480–1489. Association for Computational Linguistics. https://doi.org/10.18653/v1/n16-1174 (2016)

Ye, Y., Li, T., Adjeroh, D., Iyengar, S. S.: A survey on malware detection using data mining techniques. ACM Comput. Surv. 50(3), 1–40 (2017). https://doi.org/10.1145/3073559

Yin, C., Zhu, Y., Fei, J., He, X.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017). https://doi.org/10.1109/access.2017.2762418

Zhao, Z., Chen, W., Wu, X., Chen, P. C. Y., Liu, J.: LSTM Network: a deep learning approach for short-term traffic forecast. IET Intell. Transp. Syst. 11(2), 68–75 (2017). https://doi.org/10.1049/iet-its.2016.0208

Zhou, C., Sun, C., Liu, Z., Lau, F.: A c-lstm neural network for text classification. arXiv:1511.08630 (2015)

Zhou, P., Shi, W., Tian, J., Qi, Z., Li, B., Hao, H., Xu, B.: Attention-based bidirectional long short-term memory networks for relation classification. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 2: Short Papers), vol. 2, pp 207–212 (2016), https://doi.org/10.18653/v1/p16-2034

Zimba, A., Wang, Z., Mulenga, M., Odongo, N. H.: Crypto mining attacks in information systems: an emerging threat to cyber security. J. Comput. Inf. Sys. pp. 1–12. https://doi.org/10.1080/08874417.2018.1477076 (2018)