Cryptojacking Malware Detection in Docker Images Using Supervised Machine Learning
Keywords:
Cryptojacking , Docker images , Machine Learning , Cryptomining , CybersecurityAbstract
Nowadays, Docker Containers are currently being adopted as industry standards for software delivery, because they provide quick and responsive delivery and handle performance and scalability challenges. However, attackers are exploiting them to introduce malicious instructions in publicly available images to perform unauthorized use of third-party’s computer resources for Cryptojacking. We developed a machine learning based model to detect Docker images that lead to cryptojacking. The dataset used is composed of 800 Docker images collected from Docker hub, half of which contains instructions for cryptomining, and the other half does not contain such instructions. We trained 10 classification algorithms and evaluated them using the K-Fold Cross Validation approach. The results showed accuracy scores ranging from 89% to 97%. Stochastic Gradient Descent for Logistic Regression outperformed the other algorithms reaching an accuracy score of 97%. With these results, we conclude that machine learning algorithms can detect Docker images carrying cryptojacking malware with a good performance.
https://doi.org/10.59200/ICONIC.2022.006