Charles Lever and Manos Antonakakis received the Best Paper Award at The Web Conference 2019: 30 Years of the Web, held May 13-17 in San Francisco, California.
Charles Lever and Manos Antonakakis received the Best Paper Award at The Web Conference 2019: 30 Years of the Web. The conference was held May 13-17 in San Francisco, California. Lever and Antonakakis work in the Georgia Tech School of Electrical and Computer Engineering (ECE).
The title of Lever’s and Antonakakis’ award-winning paper is “OUTGUARD: Detecting In-Browser Covert Cryptocurrency Mining in the Wild.” Their co-authors—Amin Kharraz, Andrew Miller, Paul Murley, Zane Ma, Nikita Borisov, Michael Bailey, and Joshua Mason—are all from the Department of ECE at the University of Illinois at Urbana-Champaign (UIUC). Lever, a research engineer II in ECE’s Astrolavos Lab, played a key role in coordinating the efforts of the UIUC and Georgia Tech teams to complete this paper. Antonakakis serves as the lab’s director and is an assistant professor in ECE.
In-browser cryptojacking is a form of resource abuse that leverages end-users’ machines to mine cryptocurrency without obtaining the users’ consent. In this paper, Lever, Antonakakis, and their UIUC collaborators design, implement, and evaluate Outguard, an automated cryptojacking detection system. They construct a large ground-truth dataset, extract several features using an instrumented web browser, and ultimately select seven distinctive features that are used to build a Support Vector Machine (SVM) classification model.
Outguard achieves a 97.9% True Positive Rate (TPR) and 1.1% False Positive Rate (FPR) and is reasonably tolerant to adversarial evasions. They utilized Outguard in the wild by deploying it across the Alexa Top 1M websites and found 6,302 cryptojacking sites, of which 3,600 are new detections that were absent from the training data. These cryptojacking sites paint a broad picture of the cryptojacking ecosystem, with particular emphasis on the prevalence of cryptojacking websites and the shared infrastructure that provides clues to the operators behind the cryptojacking phenomenon.