基于Chrome DevTools Protocol的网页挖矿劫持攻击特征分析方法  被引量:1

Characteristic Analysis Method of Web-based Cryptojacking Based on Chrome DevTools Protocol

在线阅读下载全文

作  者:傅继晗 沈炜 FU Ji-han;SHEN Wei(School of Information Science and Technology,Zhejiang Sci-Tech University,Hangzhou 310018,China)

机构地区:[1]浙江理工大学信息学院,浙江杭州310018

出  处:《软件导刊》2022年第11期110-115,共6页Software Guide

摘  要:随着整治虚拟货币“挖矿”活动的开展,一些利用显卡、硬盘等主动挖矿的行为已得到有效遏制,但通过网页挖矿劫持攻击达到挖矿目的的被动挖矿行为,由于其具有容易入侵、隐秘性强的特点,用户难以察觉。为了能自动判断这种被动挖矿行为,以一个被植入挖矿程序的网站为例,提出基于Chrome DevTools Protocol的特征分析方法,分别通过抓取websocket流量和CPU导出性能剖析报告进行分析与判断。经过验证,该方法可有效检测与判断网页挖矿劫持攻击行为,具有一定的参考价值。With the regulation of virtual currency "mining" activities,some active mining behaviors such as using graphics cards and hard disk mining have been effectively curbed,but the passive mining behaviors that achieve the purpose of mining through web mining hijacking attacks are difficult to be detected by users because of their easy invasion and stealthy characteristics. In order to automatically judge the passive mining beharior,take a website embedded with a mining program as an example,proposes a feature analysis method based on Chrome DevTools Protocol to analyze and judge the websocket traffic and export CPU performance profiling report respectively. After verification,This method can effectively detect and judge web mining hijacking attacks,it has certain reference value.

关 键 词:虚拟货币 挖矿劫持攻击 网页挖矿 特征分析 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象