An early stage convolutional feature extracting method using for mining traffic detection

Cryptocurrency is becoming more and more popular due to its superiority to traditional currencies, resulting in the boom of mining. Mining cryptocurrencies requires tremendous computing resources, and extensive high-performance computers are used for mining nowadays. A significant consequent problem is the huge amount of energy consuming for mining. Thus, managing mining behaviors become an urgent issue. There are two main ways to detecting mining behavior. One is to deploy a detecting program on the target host, and use features of system calls to detect the mining behaviors. The other is to deploy detection models on network, and identify mining behaviors via network traffic. Comparing with the former method, detecting mining behavior by traffic is ''non-contact'', and can monitor a whole network instead of a single host. We propose in this paper a convolutional function based method to extract the features from the first few packets of flows to identify mining traffic. We first extract the size of each packet of a flow, and then design a convolution function with a sliding window to extract meaningful features from the packet size sequence. This method maps the flows to a feature space in which the mining flows can be distinguished from the normal flows easily. We collect a set of mining traffic traces including 8 types of cryptocurrency mining behaviors in a real network, and launch a set of empirical studies using this data set. We also develop an online mining traffic identification platform to validate the performance of our proposal. Both the offline experimental results and the online validation results suggests that our proposal can achieve high performance satisfying the real mining traffic detecting requirements.