Mining Trojan Detection Based on Multi-dimensional Static Features

SciSec 2021: Science of Cyber Security. 2021

Zixian Tang, Qiang Wang, Wenhao Li, Huaifeng Bao, Feng Liu, and Wen Wang*.


The developing technic and the variety of Mining Trojan is increasingly threatening the computational resources from the weak-defend systems. Mining Trojan is illicitly implanted into the systems and mines cryptocurrency such as Bitcon through the hijacked resource. Previous work focuses on performing binary classification to identify a malicious software from the benign ones, but fail to classify the specific Mining Trojan. In order to tackle the above issues, in this paper, we propose a hierarchical detector, called Miner-Killer, to effectively and precisely classify Mining Trojans apart from the benign ones. First, Miner-Killer converts binary codes from Trojan samples to format files, assembly files and string files. Second, the static features are extracted by MSFV Extractor. Then, an ensemble learning model is trained by the extracted features and is applied to classify the unseen Mining Trojans. Experiments on two real-world datasets demonstrate that our proposed method can significantly detect the Mining Trojans, which outperforms the state-of-the-art methods applied to detect malware.