Mining Trojan Detection Based on Multi-dimensional Static Features

Abstract

The developing technic and the variety of Mining Trojan is increasingly threatening the computational resources from the weak-defend systems. Mining Trojan is illicitly implanted into the systems and mines cryptocurrency such as Bitcon through the hijacked resource. Previous work focuses on performing binary classification to identify a malicious software from the benign ones, but fail to classify the specific Mining Trojan. In order to tackle the above issues, in this paper, we propose a hierarchical detector, called Miner-Killer, to effectively and precisely classify Mining Trojans apart from the benign ones. First, Miner-Killer converts binary codes from Trojan samples to format files, assembly files and string files. Second, the static features are extracted by MSFV Extractor. Then, an ensemble learning model is trained by the extracted features and is applied to classify the unseen Mining Trojans. Experiments on two real-world datasets demonstrate that our proposed method can significantly detect the Mining Trojans, which outperforms the state-of-the-art methods applied to detect malware.