English

CryptoCatch: Cryptomining Hidden Nowhere

Cryptography and Security 2026-02-12 v1

Abstract

Cryptomining poses significant security risks, yet traditional detection methods like blacklists and Deep Packet Inspection (DPI) are often ineffective against encrypted mining traffic and suffer from high false positive rates. In this paper, we propose a practical encrypted cryptomining traffic detection mechanism. It consists of a two-stage detection framework, which can effectively provide fine-grained detection results by machine learning and reduce false positives from classifiers through active probing. Our system achieves an F1-score of 0.99 and identifies specific cryptocurrencies with a 99.39\% accuracy rate. Extensive testing across various mining pools confirms the effectiveness of our approach, offering a more precise and reliable solution for identifying cryptomining activities.

Keywords

Cite

@article{arxiv.2602.10573,
  title  = {CryptoCatch: Cryptomining Hidden Nowhere},
  author = {Ruisheng Shi and Ziding Lin and Haoran Sun and Qin Wang and Shihan Zhang and Lina Lan and Zhiyuan Peng and Chenfeng Wang},
  journal= {arXiv preprint arXiv:2602.10573},
  year   = {2026}
}

Comments

IEEE TDSC with DOI 10.1109/TDSC.2026.3661145

R2 v1 2026-07-01T10:31:22.351Z