Abstract:
JavaScript has been a popular and the most widely used language for web applications.
However, it has some limitations especially related to performance while running computationally
intensive tasks which hinders usage of such applications through the web.
To resolve the issue of performance, a new low-level assembly-like language Web Assembly
“also referred to as WASM” has been developed to run in the browser and to
complement the usage of JavaScript rather than replacing it. WASM is designed keeping
the security features in mind. However, being a new technology, it still has some
security flaws which can be exploited to compromise different applications. Mining cryptocurrency
is a lucrative opportunity due to its increased usage. One of the illegitimate
ways of mining is through deploying cryptojacking malware within web browsers. Web
Assembly has provided malicious actors with a new avenue for utilizing cryptojacking
malware given its performance gains. This resulted in development of different systems
for detection of Wasm-based cryptojacking, using both static and dynamic analysis. In
this paper, we provide an overview of Web Assembly (WASM) and a comprehensive
review of different cryptojacking detection techniques. Furthermore, we propose a novel
framework which is based on AI-driven WebAssembly analysis engine designed to detect
WebAssembly-based cryptojacking attacks. Our evaluation of the framework shows an
accuracy rate of 98.5% with only 0.78% FN rate in detecting cryptojacking WASM applications.
In the end, we carried out a comparative analysis of our proposed framework
with two malware detection tools: VirusTotal and Malwarebytes.
