An Early Stage Identification of Cryptomining Behavior with DNS Requests.

The booming of cryptocurrencies in the last decade brought about the burst of cryptomining for obtaining cryptocurrencies in recent years. Only those users with plenty of computing resources are able to gain profits according to the design of block chain. As a result, this brings out more and more criminal attacks to maliciously plunder private and public computing resources through networks. Consequently, the detection of malicious cryptomining behavior is particularly important for network security and management. In this paper, we designed Mining Vanguard, realizing the recognition of mining behavior through the detection of DNS behavior. By constructing a comprehensive feature set that includes both traditional DNS resolution features and morpheme features, we combine network characteristics with semantic characteristics, aiming to achieve early recognition. Through a large number of targeted experiments, it is verified that Mining Vanguard is promising for detecting mining behaviors on the Internet.