An-Najah National University
Networks and Security Department
Graduation Project

Team Members: Raghad Jawabreh, Narmeen Darwashe
Advisor: Dr. Othman Othman

Fog Network Orchestration for Heterogeneous Networks







Agenda
Introduction
Problem & Motivation
Traditional Solutions
Mining techniques
Mining Detection and Prevention System (MDPS) design
Evaluation & Results
Future Work
Conclusion
Paper Acceptance







Internet of Things (IoT)
Cryptocurrency & Blockchain
Pools
Introduction







Internet of Things (IoT)
Everything (objects) in everyday life are connected to Internet and able to identify themselves to other objects

Representing network of connected objects exchanging data

Poor security or even none at all














Cryptocurrency
Digital currency, money exchange without bank
Huge attention and investment
1603 currencies
Total Market Cap: $381,019,238,087
Examples; Bitcoin, Monero and Ripple








Blockchain
Ledger is every transaction happened in network
Each node has same ledger
Mining confirms transactions and secures network








Pools
Pooling of resources by miners, who share their processing power over a network, to split the reward equally, according to the amount of work they contributed.






Problem & Motivation
Cybercriminals steal processing power
Create cluster of slaves called botnet
Bots mine cryptocurrency for botmaster

“Very likely to have bots mining cryptocurrency”






Statistics
On Feb 2018,  Smominru infected 526,000 devices, mined 9,000 Monero coins, worth $3.6 million
On Feb 2014, Linux.Darlloz infected 31, 716, mined 42, 438 Dogecoins 
Mirai botnet infected 148,000, used for mining
On May 2018,  WinstarNssmMinerv infected 500,00 devices . 






Mining techniques
Web Mining: uses JavaScript code in browsers
 Ex; coinhive service

Software Mining: application that connects to pools or network to allow mining
Ex; MinerGate






Traditional solutions .. inadequate ?!
Browser extensions: Block if matched with blacklisted domains
Doesn’t care about content, evaded by copying code to non-blacklisted domains
2.    Block domains in hosts file 
Vulnerable to domains not listed
3.   Antivirus software
NOT capable of detecting fileless malware
Clever software remain undetected
WinstarNssmMiner can shut down AV
Most IoT can’t install AV








“Kaspersky Lab experts predict that Web miners could be 2018’s most common threat. In 2017 our security solutions stopped the launch of Web miners on more than 70 million occasions.”

Source: How Kaspersky Lab products protect against miners







Mining Detection and Prevention System (MDPS)
MDPS represent proxy server
Intermediary between clients and Internet
Generate on-the-fly certificate to trick clients into believing it is the server
CLUE: connection to mining pools or cryptocurrency network is a MUST to perform mining



“ MDPS is a software that operates on a gateway; makes it a solid defence that secures all connected devices from cryptocurrency mining .”







MDPS Design














Web Mining Mitigation
 Algorithm







Software Mining Mitigation Algorithm







Evaluation & Results

Comparison between MDPS and Antiviruses

	MDPS	Kaspersky	BitDefender	Comodo	McAfee	Avast	
	✓	X	X	X	X	X	Plasma
	✓	✓	✓	✓	✓	X	EthDcrMiner64.exe
	✓	X	X	X	X	✓	MinerGate 
	✓	X	X	X	X	X	          FLUXMINER
	✓	X	X	X	X	✓	Silent-Miner-XMR-Monero
	✓	X	X	X	✓	✓	Stealth Miner
	✓	✓	X	X	X	X	ccminer







Detection percentage









Detection percentage of MDPS and VirusTotal


	MDPS	VirusTotal	
	✓	X	Plasma
	✓	 (72.3%)✓	EthDcrMiner64.exe
	✓	(11.45%)✓	MinerGate 
	✓	X	FLUXMINER
	✓	(4.9%)✓	Silent-Miner-XMR-Monero
	✓	X	Stealth Miner







Future  Work
1- MDPS Sandbox: isolated testing without exposing critical system to danger.

2- MDPS API: aggregates many antivirus products and online scan engines to check for miners

3- Cloud: create massive blacklist that approximately contain all mining websites and pools








Conclusion
MDPS is a software that operates on a gateway; makes it a solid defence that secures all connected devices from cryptocurrency mining.








Paper Acceptance
MDPS paper is accepted for presentation and publication at ACM International Conference (ICFNDS) on Future Networks and Distributed Systems.

Event will be held at Middle East University, Amman, Jordan, on June 26-27, 2018.








References
[1] https://www.finder.com.au/why-banks-are-running-towards-the-blockchain
[2]https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/future-retail-through-iot-paper.pdf
[3] http://www.cloudbus.org/papers/Internet-of-Things-Vision-Future2012.pdf
[4]https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/future-retail-through-iot-paper.pdf
[5]https://medium.com/michiganblockchain/the-world-of-blockchain-f3b268e3d748
[6]Kishore Angrishi, Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets https://arxiv.org/pdf/1702.03681.pdf













image13.png

image2.jpg

image1.png

image4.png

image3.png

image9.png

image5.png

image6.png

image7.png

image8.png

image10.png

image12.png

image11.png