Cryptomining malware (also referred to as cryptojacking) has changed the cyber threat landscape. Such malware exploits the victim’s CPU or GPU resources with the aim of generating cryptocurrency. In this paper, we study the potential of using deep learning techniques to detect cryptomining malware by utilizing both static and dynamic analysis approaches. To facilitate dynamic analysis, we establish an environment to capture the system call events of 1500 Portable Executable (PE) samples of the cryptomining malware. We also demonstrate how one can perform static analysis of PE files’ opcode sequences. In our study, we evaluate the performance of using Long Short-Term Memory (LSTM), Attention-based LSTM (ATT-LSTM), and Convolutional Neural Networks (CNN) on our sequential data (opcodes and system call invocations) for classification by a Softmax function. We achieve an accuracy rate of 95% in the static analysis and an accuracy rate of 99% in the dynamic analysis.

中文翻译：

---

检测加密货币恶意软件：用于静态和动态分析的深度学习方法

加密采矿恶意软件（也称为加密劫持）已改变了网络威胁格局。此类恶意软件利用受害者的CPU或GPU资源来生成加密货币。在本文中，我们研究了利用深度学习技术通过利用静态和动态分析方法来检测加密矿恶意软件的潜力。为了促进动态分析，我们建立了一个环境来捕获1500个加密矿恶意软件的便携式可执行（PE）样本的系统调用事件。我们还演示了如何对PE文件的操作码序列进行静态分析。在我们的研究中，我们评估了使用长短期记忆（LSTM），基于注意力的LSTM（ATT-LSTM），和卷积神经网络（CNN）上的顺序数据（操作码和系统调用调用），以通过Softmax函数进行分类。静态分析的准确率达到95％，动态分析的准确率达到99％。