US 12,137,119 B2
Crypto-jacking detection
George Kallos, London (GB); and Fadi El-Moussa, London (GB)
Assigned to British Telecommunications Public Limited Company, (GB)
Appl. No. 17/758,386
Filed by British Telecommunications Public Limited Company, London (GB)
PCT Filed Dec. 18, 2020, PCT No. PCT/EP2020/087114
§ 371(c)(1), (2) Date Jul. 5, 2022,
PCT Pub. No. WO2021/140007, PCT Pub. Date Jul. 15, 2021.
Claims priority of application No. 2000128 (GB), filed on Jan. 6, 2020.
Prior Publication US 2022/0377109 A1, Nov. 24, 2022
Int. Cl. H04L 9/00 (2022.01); G06F 18/214 (2023.01); H04L 9/32 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/1483 (2013.01) [G06F 18/214 (2023.01); H04L 9/3236 (2013.01); H04L 63/1416 (2013.01)] 9 Claims
OG exemplary drawing
 
1. A computer implemented method of detecting blockchain miner code executing in a web browser comprising:
receiving a profile for the browser identifying typical resource consumption by the browser in use;
responsive to a detection of a deviation of the resource consumption by the browser from the profile, intercepting a communication with the browser including a cryptographic nonce, training a plurality of classifiers based on generated training examples, each training example being generated by applying a hashing algorithm to the nonce such that each of the classifiers are trained with training examples generated using a different hashing algorithm;
intercepting one or more second communications with the browser, each of the second communications including a hash value;
executing at least a subset of the classifiers based on the hash value of each of the second communications; and
identifying malicious miner code executing in the browser based on the classifications of the at least the subset of classifiers.