Cryptomining poses significant security risks, yet traditional detection methods like blacklists and Deep Packet Inspection (DPI) are often ineffective against encrypted mining traffic and suffer from high false positive rates. In this paper, we propose a practical encrypted cryptomining traffic detection mechanism. It consists of a two-stage detection framework, which can effectively provide fine-grained detection results by machine learning and reduce false positives from classifiers through active probing. Our system achieves an F1-score of 0.99 and identifies specific cryptocurrencies with a 99.39\% accuracy rate. Extensive testing across various mining pools confirms the effectiveness of our approach, offering a more precise and reliable solution for identifying cryptomining activities.
@article{arxiv.2602.10573,
title = {CryptoCatch: Cryptomining Hidden Nowhere},
author = {Ruisheng Shi and Ziding Lin and Haoran Sun and Qin Wang and Shihan Zhang and Lina Lan and Zhiyuan Peng and Chenfeng Wang},
journal= {arXiv preprint arXiv:2602.10573},
year = {2026}
}