Search Results

Documents authored by Shen, Jiasi


Document
Proof-of-Theft: Dynamic Graph-Based Fingerprinting of In-Browser Cryptomining

Authors: Tanapoom Sermchaiwong and Jiasi Shen

Published in: LIPIcs, Volume 372, 40th European Conference on Object-Oriented Programming (ECOOP 2026)


Abstract
The decentralized and unregulated nature of cryptocurrencies, combined with their monetary value, has made them a vehicle for various illicit activities. One such activity is cryptojacking, an attack that uses stolen computing resources to mine cryptocurrencies without consent for profit. In-browser cryptojacking malware exploits high-performance web technologies such as WebAssembly to mine cryptocurrencies directly within the browser without file downloads. Although existing methods for cryptomining detection report high accuracy and low overhead, they are often susceptible to various forms of obfuscation, and due to the limited variety of cryptomining scripts in the wild, standard code obfuscation methods present a natural and appealing solution to avoid detection. To address these limitations, we propose using instruction-level data-flow graphs to detect cryptomining behavior. Data-flow graphs offer detailed structural insights into a program’s computations, making them suitable for characterizing proof-of-work algorithms, but they can be difficult to analyze due to their large size and susceptibility to noise and fragmentation under obfuscation. We present two techniques to simplify and compare data-flow graphs: (1) a graph simplification algorithm to reduce the computational burden of processing large and granular data-flow graphs while preserving local substructures; and (2) a subgraph similarity measure, the n-fragment inclusion score, based on fragment inclusion that is robust against noise and obfuscation. Using data-flow graphs as computation fingerprints, our detection framework PoT (Proof-of-Theft) was able to achieve high detection accuracy against standard obfuscations, outperforming existing detection methods.

Cite as

Tanapoom Sermchaiwong and Jiasi Shen. Proof-of-Theft: Dynamic Graph-Based Fingerprinting of In-Browser Cryptomining. In 40th European Conference on Object-Oriented Programming (ECOOP 2026). Leibniz International Proceedings in Informatics (LIPIcs), Volume 372, pp. 25:1-25:31, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2026)


Copy BibTex To Clipboard

@InProceedings{sermchaiwong_et_al:LIPIcs.ECOOP.2026.25,
  author =	{Sermchaiwong, Tanapoom and Shen, Jiasi},
  title =	{{Proof-of-Theft: Dynamic Graph-Based Fingerprinting of In-Browser Cryptomining}},
  booktitle =	{40th European Conference on Object-Oriented Programming (ECOOP 2026)},
  pages =	{25:1--25:31},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-423-9},
  ISSN =	{1868-8969},
  year =	{2026},
  volume =	{372},
  editor =	{Krebbers, Robbert and Silva, Alexandra},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ECOOP.2026.25},
  URN =		{urn:nbn:de:0030-drops-261211},
  doi =		{10.4230/LIPIcs.ECOOP.2026.25},
  annote =	{Keywords: software security, cryptocurrency, malware detection, dynamic analysis, data-flow graph}
}
Document
Artifact
Proof-of-Theft: Dynamic Graph-Based Fingerprinting of In-browser Cryptomining (Artifact)

Authors: Tanapoom Sermchaiwong and Jiasi Shen

Published in: DARTS, Volume 12, Issue 1, Special Issue of the 40th European Conference on Object-Oriented Programming (ECOOP 2026)


Abstract
This artifact contains several supporting materials to the paper "Proof-of-Theft: Dynamic Graph-based Fingerprinting of In-browser Cryptomining". We provide code from our experiments implementing the analysis and detection algorithms described in the paper, along with a dataset of collected Wasm binaries, obfuscated Wasm binaries, data-flow graphs, and image rendering of data-flow graphs. The reader will find instructions and materials to reproduce our experiments, and an overview of how to apply our experimental process to other software.

Cite as

Tanapoom Sermchaiwong and Jiasi Shen. Proof-of-Theft: Dynamic Graph-Based Fingerprinting of In-browser Cryptomining (Artifact). In Special Issue of the 40th European Conference on Object-Oriented Programming (ECOOP 2026). Dagstuhl Artifacts Series (DARTS), Volume 12, Issue 1, pp. 19:1-19:5, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2026)


Copy BibTex To Clipboard

@Article{sermchaiwong_et_al:DARTS.12.1.19,
  author =	{Sermchaiwong, Tanapoom and Shen, Jiasi},
  title =	{{Proof-of-Theft: Dynamic Graph-Based Fingerprinting of In-browser Cryptomining (Artifact)}},
  pages =	{19:1--19:5},
  journal =	{Dagstuhl Artifacts Series},
  ISSN =	{2509-8195},
  year =	{2026},
  volume =	{12},
  number =	{1},
  editor =	{Sermchaiwong, Tanapoom and Shen, Jiasi},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DARTS.12.1.19},
  URN =		{urn:nbn:de:0030-drops-261569},
  doi =		{10.4230/DARTS.12.1.19},
  annote =	{Keywords: software security, cryptocurrency, malware detection, dynamic analysis, data-flow graph}
}
Any Issues?
X

Feedback on the Current Page

CAPTCHA

Thanks for your feedback!

Feedback submitted to Dagstuhl Publishing

Could not send message

Please try again later or send an E-mail