Forensic Analysis of Cryptojacking in Host-Based Docker Containers Using Honeypots Conference

Franco, J, Acar, A, Aris, A et al. (2023). Forensic Analysis of Cryptojacking in Host-Based Docker Containers Using Honeypots . 2023-May 4860-4865. 10.1109/ICC45041.2023.10278764

cited authors

  • Franco, J; Acar, A; Aris, A; Uluagac, S

abstract

  • Blockchain-based cryptocurrencies have transformed financial transactions and created opportunities to profit from generating new coins through cryptomining. This has led to cybercriminals stealthily using their victim's computational power and resources for their own profit. Recent trends point to an increase in cryptojacking malware targeting devices with greater processing power such as host-based docker engines for faster and greater profit. In our study, we perform a forensic analysis for detecting cryptojacking (i.e., unauthorized cryptomining) in Docker containers using honeypots. Then, we present countermeasures for securing host-based Docker containers. In addition, we propose an approach for monitoring host-based Docker containers for cryptojacking detection. To the best of our knowledge, this is the first study investigating cryptojacking detection with the use of a honeypot system. Our results reveal that host resource usage and network traffic are the key indicators of possible unauthorized cryptomining in Docker containers.

publication date

  • January 1, 2023

Digital Object Identifier (DOI)

International Standard Book Number (ISBN) 13

start page

  • 4860

end page

  • 4865

volume

  • 2023-May