(1.Institute of Security,China Academy of Information and Communications Technology,Beijing 100191,China; 2.Security Testing and Evaluation Laboratory of Industrial Internet Key Laboratory Ministry of Industry and Information Technology,Beijing 100191,China; 3.National Computer System Engineering Research Institute of China,Beijing 100083,China)
Abstract: In recent years, driven by economic interests, the behavior of using the computing power of the victim′s host to mine to obtain virtual currency by spreading the mining Trojan program has become increasingly fierce. From the perspective of the attacker, this paper analyzes the typical attack paths of the mining Trojan, such as violent explosion, vulnerability utilization, Trojan implantation, horizontal propagation, etc., carries out technical research based on the mining protocol traffic identification, threat intelligence matching, attack chain model correlation analysis, AI gene model monitoring, and carries out the actual network traffic monitoring application in combination with the research results, so as to provide thinking and reference for the prevention and governance of the mining Trojan.
Key words : virtual currency;mining Trojan;behavior monitoring;network flow identification
