POSTER: Content-Agnostic Identification of Cryptojacking in Network Traffic

In this paper, we propose a method that detects cryptojacking activities by analyzing content-agnostic network traffic flows. Our method first distinguishes crypto-mining activities by profiling the traffic with fast Fourier transform at each time window. It then generates the variation vectors between adjacent time windows and leverages a recurrent neural network to identify the cryptojacking patterns. Compared with the existing approaches, this method is privacy-preserving and can identify both browser-based and malware-based cryptojacking activities. Additionally, this method is easy to deploy. It can monitor all the devices within a network by accessing packet headers from the gateway router.