Computer Engineering and Applications ›› 2021, Vol. 57 ›› Issue (22): 125-130.DOI: 10.3778/j.issn.1002-8331.2007-0373

• Network, Communication and Security • Previous Articles     Next Articles

Research on Mining Detection Model of Browser Based on Machine Learning

GAO Jian, SUN Yi, WANG Runzheng, YUAN Deyu   

  1. 1.Key Laboratory of Safety Precautions and Risk Assessment, People’s Public Security University of China, Beijing 102623, China
    2.College of Information Network Security, People’s Public Security University of China, Beijing 100038, China
  • Online:2021-11-15 Published:2021-11-16

基于机器学习的浏览器挖矿检测模型研究

高见,孙懿,王润正,袁得嵛   

  1. 1.中国人民公安大学 安全防范与风险评估公安部重点实验室,北京 102623
    2.中国人民公安大学 信息网络安全学院,北京 100038

Abstract:

By embedding mining code into the Web page, browser mining makes users illegally occupy other people’s system resources and network resources to exploit money while visiting the website, so as to achieve their own benefits of mining attacks. In this paper, through the fusion of Web mining features, eight features are extracted for malicious mining attack detection, and four algorithms are used at the same time:logistic regression, support vector machine, decision tree, random forest. Finally, a detection model with an average recognition rate of 98.7% is obtained. At the same time, experiments show that the random forest algorithm model has the highest performance in malicious mining detection; the combination of three characteristics of the presence or absence of Websocket connection, the number of Web Workers, and the total number of Postmessage and onmessage events is highly identifying for malicious mining detection.

Key words: bitcoin, mining attacks, Web security, Web detection, machine learning

摘要:

浏览器挖矿通过向网页内嵌入挖矿代码,使得用户访问该网站的同时,非法占用他人系统资源和网络资源开采货币,达到自己获益的挖矿攻击。通过对网页挖矿特征进行融合,选取八个特征用以恶意挖矿攻击检测,同时使用逻辑回归、支持向量机、决策树、随机森林四种算法进行模型训练,最终得到了平均识别率高达98.7%的检测模型。同时经实验得出随机森林算法模型在恶意挖矿检测中性能最高;有无Websocket连接、Web Worker的个数和Postmessage及onmessage事件总数这三个特征的组合对恶意挖矿检测具有高标识性。

关键词: 比特币, 挖矿攻击, 网页安全, 网页检测, 机器学习