Master of Science (MS)
First Advisor's Name
Dr. A. Selcuk Uluagac
First Advisor's Committee Title
Second Advisor's Name
Dr. Alexander Perez-Pons
Second Advisor's Committee Title
Third Advisor's Name
Dr. Alex Afanasyev
Third Advisor's Committee Title
Fourth Advisor's Name
Dr. Engin Kirda
Fourth Advisor's Committee Title
Blockchain, Cryptocurrency, Cryptojacking, IoT, IoT Security, Malware, Ransomware, Bitcoin
Date of Defense
Cryptojacking is an act of using a victim's computation power without his/her consent. Unauthorized mining costs extra electricity consumption and decreases the victim host's computational efficiency dramatically. In this thesis, we perform an extensive research on cryptojacking malware from every aspects. First, we present a systematic overview of cryptojacking malware based on the information obtained from the combination of academic research papers, two large cryptojacking datasets of samples, and numerous major attack instances. Second, we created a dataset of 6269 websites containing cryptomining scripts in their source codes to characterize the in-browser cryptomining ecosystem by differentiating permissioned and permissionless cryptomining samples. Third, we introduce an accurate and efficient IoT cryptojacking detection mechanism based on network traffic features that achieves an accuracy of 99%. Finally, we believe this thesis will greatly expand the scope of research and facilitate other novel solutions in the cryptojacking domain.
Previously Published In
Tekiner, Ege, et al. "SoK: Cryptojacking Malware." arXiv preprint arXiv:2103.03851 (2021).
Tekiner, Ege, "A Deep-dive into Cryptojacking Malware: From an Empirical Analysis to a Detection Method for Computationally Weak Devices" (2021). FIU Electronic Theses and Dissertations. 4889.
In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).