基于机器学习的浏览器挖矿检测模型研究

doi:10.3778/j.issn.1002-8331.2007-0373

摘要/Abstract

摘要：

浏览器挖矿通过向网页内嵌入挖矿代码，使得用户访问该网站的同时，非法占用他人系统资源和网络资源开采货币，达到自己获益的挖矿攻击。通过对网页挖矿特征进行融合，选取八个特征用以恶意挖矿攻击检测，同时使用逻辑回归、支持向量机、决策树、随机森林四种算法进行模型训练，最终得到了平均识别率高达98.7%的检测模型。同时经实验得出随机森林算法模型在恶意挖矿检测中性能最高；有无Websocket连接、Web Worker的个数和Postmessage及onmessage事件总数这三个特征的组合对恶意挖矿检测具有高标识性。

关键词: 比特币, 挖矿攻击, 网页安全, 网页检测, 机器学习

Abstract:

By embedding mining code into the Web page, browser mining makes users illegally occupy other people’s system resources and network resources to exploit money while visiting the website, so as to achieve their own benefits of mining attacks. In this paper, through the fusion of Web mining features, eight features are extracted for malicious mining attack detection, and four algorithms are used at the same time：logistic regression, support vector machine, decision tree, random forest. Finally, a detection model with an average recognition rate of 98.7% is obtained. At the same time, experiments show that the random forest algorithm model has the highest performance in malicious mining detection; the combination of three characteristics of the presence or absence of Websocket connection, the number of Web Workers, and the total number of Postmessage and onmessage events is highly identifying for malicious mining detection.

Key words: bitcoin, mining attacks, Web security, Web detection, machine learning

高见，孙懿，王润正，袁得嵛. 基于机器学习的浏览器挖矿检测模型研究[J]. 计算机工程与应用, 2021, 57(22): 125-130.

GAO Jian, SUN Yi, WANG Runzheng, YUAN Deyu. Research on Mining Detection Model of Browser Based on Machine Learning[J]. Computer Engineering and Applications, 2021, 57(22): 125-130.

参考文献

[1] NAKAMOTO S.Bitcoin：a peer-to-peer electronic cash system[EB/OL].[2020-05-29].https：//bitcoin.org/bitcoin.pdf.
[2] 蔡晓晴，邓尧，张亮，等.区块链原理及其核心技术[J].计算机学报，2021，44（1）：84-131.
CAI X Q，DENG Y，ZHANG L，et al.The principle and core technology of blockchain[J].Chinese Journal of Computers，2021，44（1）：84-131.
[3] 深信服千里目安全实验室.黑客是如何利用你的浏览器进行挖矿的?[EB/OL].[2020-05-29].https：//www.freebuf.com/articles/web/172560.html.
Sangfor Qianlimu Safety Laboratory.How do hackers use your browser to mine?[EB/OL].[2020-05-29].https：//www.freebuf.com/articles/web/172560.html.
[4] KONOTH R K，VINETI E，MOONSAMY V，et al.MineSweeper：an in-depth look into drive-by cryptocurrency mining and its defense[C]//2018 ACM SIGSAC Conference on Computer and Communications Security，2018：1714-1730.
[5] KHARRAZ A，MA Z，MURLEY P，et al.Outguard：detecting in-browser covert cryptocurrency mining in the wild[C]//World Wide Web Conference，2019：840-852.
[6] SAAD M，KHORMALI A，MOHAISEN A.End-to-end analysis of in-browser cryptojacking[J].arXiv：1809.02152，2018.
[7] 龙廷艳，万良，邓烜堃.基于卷积神经网络的JavaScript恶意代码检测方法[J].计算机工程与应用，2019，55（18）：89-94.
LONG T Y，WAN L，DENG X K.Detection approach of malicious JavaScript code based on convolutional neural network[J].Computer Engineering and Applications，2019，55（18）：89-94.
[8] 张卫丰，刘蕊成，许蕾.基于动态行为分析的网页木马检测方法[J].软件学报，2018，29（5）：238-249.
ZHANG W F，LIU R C，XU L.Web page trojan detection method based on dynamic behavior analysis[J].Journal of Software，2018，29（5）：238-249.
[9] 魏旭，成卫青.基于特征融合和机器学习的恶意网页识别研究[J].南京邮电大学学报（自然科学版），2019，39（5）：95-104.
WEI X，CHENG W Q.Malicious web page recognition based on feature fusion and machine learning[J].Journal of Nanjing University of Posts and Telecommunications（Natural Science Edition），2019，39（5）：95-104.
[10] 秦玉海，刘禄源，高浩航，等.网页恶意挖矿行为的检测及防范[J].网络安全技术与应用，2018（12）：51-53.
QIN Y H，LIU L Y，GAO H H，et al.Detection and prevention of malicious mining behavior on web pages[J].Network Security Technology & Application，2018（12）：51-53.
[11] 李锴.新时期的Node.js入门[M].北京：清华大学出版社，2018.
LI K.New era Node.js introduction[M].Beijing：Tsinghua University Press，2018.
[12] MITCHELL R.Python网络爬虫权威指南[M].神烦小宝，译.北京：人民邮电出版社，2019.
MITCHELL R.Authoritative guide to Python web crawler[M].Beijing：People’s Posts and Telecommunications Press，2019.
[13] 周志华.机器学习[M].北京：清华大学出版社，2016.
ZHOU Z H.Machine learning[M].Beijing：Tsinghua University Press，2016.
[14] MULLER A C，GUIDO S.Python机器学习基础教程[M].张亮，译.北京：人民邮电出版社，2018.
MULLER A C，GUIDO S.Python fundamentals of machine learning[M].Beijing：People’s Posts and Telecommunications Press，2018.
[15] 倪一涛，陈咏佳，林柏钢.基于自动解混淆的恶意网页检测方法[J].信息网络安全，2019（4）：43-52.
NI Y T，CHEN Y J，LIN B G.Automatic de-obfuscation-based malicious webpages detection[J].Netinfo Security，2019（4）：43-52.