基于Chrome DevTools Protocol的网页挖矿劫持攻击特征分析方法

Characteristic Analysis Method of Web-based Cryptojacking Based on Chrome DevTools Protocol

随着整治虚拟货币“挖矿”活动的开展,一些利用显卡、硬盘等主动挖矿的行为已得到有效遏制,但通过网页挖矿劫持攻击达到挖矿目的的被动挖矿行为,由于其具有容易入侵、隐秘性强的特点,用户难以察觉。为了能自动判断这种被动挖矿行为,以一个被植入挖矿程序的网站为例,提出基于Chrome DevTools Protocol的特征分析方法,分别通过抓取websocket流量和CPU导出性能剖析报告进行分析与判断。经过验证,该方法可有效检测与判断网页挖矿劫持攻击行为,具有一定的参考价值。

With the regulation of virtual currency "mining" activities,some active mining behaviors such as using graphics cards and hard disk mining have been effectively curbed,but the passive mining behaviors that achieve the purpose of mining through web mining hijacking attacks are difficult to be detected by users because of their easy invasion and stealthy characteristics. In order to automatically judge the passive mining beharior,take a website embedded with a mining program as an example,proposes a feature analysis method based on Chrome DevTools Protocol to analyze and judge the websocket traffic and export CPU performance profiling report respectively. After verification,This method can effectively detect and judge web mining hijacking attacks,it has certain reference value.