中圖分類號： TP399
文獻標識碼： A
DOI： 10.19358/j.issn.2097-1788.2022.04.006
引用格式： 周成勝，董偉，崔梟飛，等. 虛擬貨幣挖礦木馬行為監測技術研究與應用[J].網絡安全與數據治理，2022，41(4)：37-41.

Research on the behavior monitoring of virtual currency mining Trojan

Abstract： In recent years, driven by economic interests, the behavior of using the computing power of the victim′s host to mine to obtain virtual currency by spreading the mining Trojan program has become increasingly fierce. From the perspective of the attacker, this paper analyzes the typical attack paths of the mining Trojan, such as violent explosion, vulnerability utilization, Trojan implantation, horizontal propagation, etc., carries out technical research based on the mining protocol traffic identification, threat intelligence matching, attack chain model correlation analysis, AI gene model monitoring, and carries out the actual network traffic monitoring application in combination with the research results, so as to provide thinking and reference for the prevention and governance of the mining Trojan.

Key words : virtual currency；mining Trojan；behavior monitoring；network flow identification