NDSS 2025 – MineShark: Cryptomining Traffic Detection At Scale
None
<p>SESSION<br> Session 3A: Network Security 1</p><p></p><center data-preserve-html-node="true"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" src="https://www.youtube-nocookie.com/embed/4FQFf_8PJVw?si=K4rDtsWj0ycN2w_1" width="560" frameborder="0" data-preserve-html-node="true" title="YouTube video player" height="315"></iframe><div class="code-block code-block-13" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-13-1" data-info="WyIxMy0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="U2hvcnQ=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://www.techstrongevents.com/cruisecon-virtual-west-2025/home?ref=in-article-ad-2&utm_source=sb&utm_medium=referral&utm_campaign=in-article-ad-2" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2025/10/Banner-770x330-social-1.png" alt="Cruise Con 2025"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div> <p></p><center data-preserve-html-node="true">Authors, Creators & Presenters: Shaoke Xi (Zhejiang University), Tianyi Fu (Zhejiang University), Kai Bu (Zhejiang University), Chunling Yang (Zhejiang University), Zhihua Chang (Zhejiang University), Wenzhi Chen (Zhejiang University), Zhou Ma (Zhejiang University), Chongjie Chen (HANG ZHOU CITY BRAIN CO., LTD), Yongsheng Shen (HANG ZHOU CITY BRAIN CO., LTD), Kui Ren (Zhejiang University) <p></p><center data-preserve-html-node="true">—-<br> <center data-preserve-html-node="true">PAPER<br> <center data-preserve-html-node="true">—– <p></p><center data-preserve-html-node="true">MineShark: Cryptomining Traffic Detection at Scale<br> The rapid growth of cryptojacking and the increase in regulatory bans on cryptomining have prompted organizations to enhance detection ability within their networks. Traditional methods, including rule-based detection and deep packet inspection, fall short in timely and comprehensively identifying new and encrypted mining threats. In contrast, learning-based techniques show promise by identifying content-agnostic traffic patterns, adapting to a wide range of cryptomining configurations. However, existing learning-based systems often lack scalability in real-world detection, primarily due to challenges with unlabeled, imbalanced, and high-speed traffic inputs. To address these issues, we introduce MineShark, a system that identifies robust patterns of mining traffic to distinguish between vast quantities of benign traffic and automates the confirmation of model outcomes through active probing to prevent an overload of model alarms. As model inference labels are progressively confirmed, MineShark conducts self-improving updates to enhance model accuracy. MineShark is capable of line-rate detection at various traffic volume scales with the allocation of different amounts of CPU and GPU resources. In a 10 Gbps campus network deployment lasting ten months, MineShark detected cryptomining connections toward 105 mining pools ahead of concurrently deployed commercial systems, 17.6% of which were encrypted. It automatically filtered over 99.3% of false alarms and achieved an average packet processing throughput of 1.3 Mpps, meeting the line-rate demands of a 10 Gbps network, with a negligible loss rate of 0.2%. We publicize MineShark for broader use. <p></p><center data-preserve-html-node="true">—–<br> <center data-preserve-html-node="true">ABOUT NDSS<br> <center data-preserve-html-node="true">—– <p></p><center data-preserve-html-node="true">The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. <p></p><center data-preserve-html-node="true">—– <p></p><center data-preserve-html-node="true">Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel. <p></p></center></center></center></center></center></center></center></center></center></center></center></center><p><a href="https://www.infosecurity.us/blog/2025/11/16/ndss-2025-mineshark-cryptomining-traffic-detection-at-scale">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/ndss-2025-mineshark-cryptomining-traffic-detection-at-scale/" data-a2a-title="NDSS 2025 – MineShark: Cryptomining Traffic Detection At Scale"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-mineshark-cryptomining-traffic-detection-at-scale%2F&linkname=NDSS%202025%20%E2%80%93%20MineShark%3A%20Cryptomining%20Traffic%20Detection%20At%20Scale" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-mineshark-cryptomining-traffic-detection-at-scale%2F&linkname=NDSS%202025%20%E2%80%93%20MineShark%3A%20Cryptomining%20Traffic%20Detection%20At%20Scale" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-mineshark-cryptomining-traffic-detection-at-scale%2F&linkname=NDSS%202025%20%E2%80%93%20MineShark%3A%20Cryptomining%20Traffic%20Detection%20At%20Scale" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-mineshark-cryptomining-traffic-detection-at-scale%2F&linkname=NDSS%202025%20%E2%80%93%20MineShark%3A%20Cryptomining%20Traffic%20Detection%20At%20Scale" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fndss-2025-mineshark-cryptomining-traffic-detection-at-scale%2F&linkname=NDSS%202025%20%E2%80%93%20MineShark%3A%20Cryptomining%20Traffic%20Detection%20At%20Scale" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://www.youtube-nocookie.com/embed/4FQFf_8PJVw?si=K4rDtsWj0ycN2w_1">https://www.youtube-nocookie.com/embed/4FQFf_8PJVw?si=K4rDtsWj0ycN2w_1</a> </p>