Cryptojacking Malware Detection in Docker Images Using Supervised Machine Learning

Abstract

Nowadays, Docker Containers are currently being  adopted as industry standards for software  delivery, because they provide quick and  responsive delivery and handle performance and  scalability challenges. However, attackers are  exploiting them to introduce malicious  instructions in publicly available images to  perform unauthorized use of third-party’s  computer resources for Cryptojacking. We  developed a machine learning based model to  detect Docker images that lead to cryptojacking.  The dataset used is composed of 800 Docker  images collected from Docker hub, half of which  contains instructions for cryptomining, and the  other half does not contain such instructions. We  trained 10 classification algorithms and evaluated  them using the K-Fold Cross Validation approach.  The results showed accuracy scores ranging from  89% to 97%. Stochastic Gradient Descent for  Logistic Regression outperformed the other  algorithms reaching an accuracy score of 97%.  With these results, we conclude that machine  learning algorithms can detect Docker images  carrying cryptojacking malware with a good  performance. 

https://doi.org/10.59200/ICONIC.2022.006