Publication Details
How to detect cryptocurrency miners? By traffic forensics!
Bitcoin, Cryptocurrency, Mining pool, Mining server, Stratum protocol,
GetBlockTemplate protocol, GetWork protocol
Cryptocurrencies set a new trend for a financial interaction between people. In
order to successfully meet this use-case, cryptocurrencies combine various
advanced information technologies (e.g., blockchain as a replicated database,
asymmetrical ciphers and hashes guaranteeing integrity properties, peer-to-peer
networking providing fault-tolerant service). Mining process not only introduces
new cryptocurrency units, but it has become a business how to generate revenue in
real life. This paper aims at different approaches how to detect cryptocurrency
mining within corporate networks (where it should not be present). Mining
activity is often a sign of malware presence or unauthorized exploitation of
company resources. The article provides an in-depth overview of pooled mining
process including deployment and operational details. Two detection methods and
their implementations are available for network administrators, law enforcement
agents and the general public interested in cryptocurrency mining forensics.
@article{BUT159983,
author="Vladimír {Veselý} and Martin {Žádník}",
title="How to detect cryptocurrency miners? By traffic forensics!",
journal="Digital Investigation",
year="2019",
volume="31",
number="31",
pages="1--14",
doi="10.1016/j.diin.2019.08.002",
issn="1742-2876",
url="https://doi.org/10.1016/j.diin.2019.08.002"
}