A Malicious Mining Code Detection Method Based on Multi-Features Fusion

Document Type

Article

Publication Title

IEEE Transactions on Network Science and Engineering

Abstract

With the continuous increase in the economic value of new digital currencies represented by Bitcoin, more and more cybercriminals use malicious code to occupy victims' system resources and network resources for mining without the victims' permission, thereby obtaining cryptocurrency. This type of malicious code named malicious mining code has brought considerable influence and harm to society, enterprises and users. The mining code always conceals the fact that it consumes computer resources in a way that is difficult for ordinary people to discover. This paper proposes a malicious mining code detection method based on feature fusion and machine learning. First, we analyze from static analysis methods and statistical analysis methods to extract multi-dimensional features. Then for multi-dimensional text features, feature vectors are extracted through the n-gram model and TF-IDF, and best feature vectors are selected through the classifier and we fuse these best feature vectors with other statistic features to train our detection model. Finally, automatic detection is performed based on the machine learning framework. The experimental results show that the recognition accuracy of our method can reach 98.0%, its F1 score reach 0.969, and the ROC's AUC reach 0.973.

First Page

2731

Last Page

2739

DOI

10.1109/TNSE.2022.3155187

Publication Date

9-1-2023

Keywords

Feature extraction, Codes, Malware, Analytical models, Training, Terminology, Production

Comments

IR conditions: non-described

Share

COinS