{"id":"https://openalex.org/W2989148126","doi":"https://doi.org/10.1145/3319535.3354230","title":"Just the Tip of the Iceberg","display_name":"Just the Tip of the Iceberg","publication_year":2019,"publication_date":"2019-11-06","ids":{"openalex":"https://openalex.org/W2989148126","doi":"https://doi.org/10.1145/3319535.3354230","mag":"2989148126"},"language":"en","primary_location":{"id":"doi:10.1145/3319535.3354230","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3319535.3354230","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015349363","display_name":"H.L.J. Bijmans","orcid":null},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Hugo L. J. Bijmans","raw_affiliation_strings":["TU Delft, Delft, Netherlands"],"affiliations":[{"raw_affiliation_string":"TU Delft, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078319946","display_name":"Tim Booij","orcid":"https://orcid.org/0000-0001-5170-4815"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Tim M. Booij","raw_affiliation_strings":["TU Delft, Delft, Netherlands"],"affiliations":[{"raw_affiliation_string":"TU Delft, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000335949","display_name":"Christian Doerr","orcid":null},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Christian Doerr","raw_affiliation_strings":["TU Delft, Delft, Netherlands"],"affiliations":[{"raw_affiliation_string":"TU Delft, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5015349363"],"corresponding_institution_ids":["https://openalex.org/I98358874"],"apc_list":null,"apc_paid":null,"fwci":2.5097,"has_fulltext":false,"cited_by_count":26,"citation_normalized_percentile":{"value":0.90452323,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"449","last_page":"464"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/revenue","display_name":"Revenue","score":0.7035977840423584},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.557400643825531},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5190168619155884},{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.5170772075653076},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5014307498931885},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.48224076628685},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.45135462284088135},{"id":"https://openalex.org/keywords/router","display_name":"Router","score":0.42255258560180664},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.32149559259414673},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.2632748484611511},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.26137030124664307},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.20942801237106323},{"id":"https://openalex.org/keywords/geography","display_name":"Geography","score":0.11956718564033508}],"concepts":[{"id":"https://openalex.org/C195487862","wikidata":"https://www.wikidata.org/wiki/Q850210","display_name":"Revenue","level":2,"score":0.7035977840423584},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.557400643825531},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5190168619155884},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.5170772075653076},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5014307498931885},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.48224076628685},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.45135462284088135},{"id":"https://openalex.org/C2775896111","wikidata":"https://www.wikidata.org/wiki/Q642560","display_name":"Router","level":2,"score":0.42255258560180664},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.32149559259414673},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.2632748484611511},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.26137030124664307},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.20942801237106323},{"id":"https://openalex.org/C205649164","wikidata":"https://www.wikidata.org/wiki/Q1071","display_name":"Geography","level":0,"score":0.11956718564033508},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3319535.3354230","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3319535.3354230","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4699999988079071,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W1484413656","https://openalex.org/W1985247771","https://openalex.org/W2001637908","https://openalex.org/W2065890363","https://openalex.org/W2102101901","https://openalex.org/W2743785144","https://openalex.org/W2807008354","https://openalex.org/W2885419983","https://openalex.org/W2885525054","https://openalex.org/W2887627765","https://openalex.org/W2887682444","https://openalex.org/W2890152369","https://openalex.org/W2890228473","https://openalex.org/W2897385569","https://openalex.org/W2903438051","https://openalex.org/W2911975451","https://openalex.org/W2946416612","https://openalex.org/W2963603877","https://openalex.org/W2980839873","https://openalex.org/W4248175462","https://openalex.org/W4299301436"],"related_works":["https://openalex.org/W2582981600","https://openalex.org/W4389238932","https://openalex.org/W4387467152","https://openalex.org/W4212885212","https://openalex.org/W4379115910","https://openalex.org/W3010413952","https://openalex.org/W4253989935","https://openalex.org/W2810560948","https://openalex.org/W2070793896","https://openalex.org/W4400609513"],"abstract_inverted_index":{"The":[0],"release":[1],"of":[2,24,33,104,110,205,217,227,234,244,257,272],"an":[3,59,175],"efficient":[4],"browser-based":[5],"cryptominer,":[6],"as":[7,20],"introduced":[8],"by":[9,171],"Coinhive":[10],"in":[11,145,161,188,225],"2017,":[12],"has":[13],"quickly":[14],"spread":[15],"throughout":[16],"the":[17,31,42,66,95,106,114,182,211,218],"web":[18,84,164,168],"either":[19],"a":[21,72,75,91,127,142,189,203,270],"new":[22,128],"source":[23],"revenue":[25,64,89,116],"for":[26,65],"websites":[27,101,112],"or":[28],"exploited":[29],"within":[30],"context":[32],"hacks":[34],"and":[35,46,157,195,208,214],"malicious":[36],"advertisements.":[37],"Several":[38],"studies":[39],"have":[40],"analyzed":[41],"Alexa":[43],"Top":[44],"1M":[45],"found":[47],"380":[48],"-":[49,52],"3,200":[50],"(0.038%":[51],"0.32%)":[53],"to":[54,139,152,180,229,252],"be":[55,119],"actively":[56],"mining,":[57],"with":[58],"estimated":[60],"$41,000":[61],"per":[62],"month":[63],"top":[67],"10":[68,206],"perpetrators.":[69],"While":[70],"placing":[71],"cryptominer":[73],"on":[74,126,185,210],"popular":[76,100],"website":[77],"supplies":[78],"considerable":[79],"returns":[80],"from":[81,249],"its":[82],"visitors'":[83],"browsers,":[85],"it":[86],"only":[87],"generates":[88],"while":[90],"client":[92],"is":[93,267],"visiting":[94],"page.":[96],"Even":[97],"though":[98],"large":[99,255],"attract":[102],"millions":[103],"visitors,":[105],"relatively":[107],"low":[108],"number":[109],"exploiting":[111],"limits":[113],"total":[115],"that":[117,131,262],"can":[118],"made.":[120],"In":[121],"this":[122,223],"paper,":[123],"we":[124,198],"report":[125,209],"attack":[129,277],"vector":[130],"drastically":[132],"overshadows":[133],"all":[134,235],"existing":[135],"cryptojacking":[136,263],"activity":[137],"discovered":[138],"date.":[140],"Through":[141],"firmware":[143],"vulnerability":[144],"MikroTik":[146,236],"routers,":[147,231],"cyber":[148],"criminals":[149],"are":[150],"able":[151],"rewrite":[153],"outgoing":[154,163],"user":[155,173],"traffic":[156],"embed":[158],"cryptomining":[159],"code":[160],"every":[162,167],"connection.":[165],"Thus,":[166],"page":[169],"visited":[170],"any":[172],"behind":[174],"infected":[176],"router":[177],"would":[178],"mine":[179],"profit":[181],"criminals.":[183],"Based":[184],"NetFlows":[186],"recorded":[187],"Tier":[190],"1":[191],"network,":[192],"semiweekly":[193],"crawls":[194],"telescope":[196],"traffic,":[197],"followed":[199],"their":[200],"activities":[201],"over":[202],"period":[204,224],"months,":[207],"modus":[212],"operandi":[213],"coordinating":[215],"infrastructure":[216],"perpetrators,":[219],"which":[220],"were":[221],"during":[222],"control":[226],"up":[228],"1.4M":[230],"approximately":[232],"70%":[233],"devices":[237],"deployed":[238],"worldwide.":[239],"We":[240],"observed":[241],"different":[242],"levels":[243],"sophistication":[245],"among":[246],"adversaries,":[247],"ranging":[248],"individual":[250],"installations":[251],"campaigns":[253],"involving":[254],"numbers":[256],"routers.":[258],"Our":[259],"results":[260],"show":[261],"through":[264],"MITM":[265],"attacks":[266],"highly":[268],"lucrative,":[269],"factor":[271],"30":[273],"more":[274],"than":[275],"previous":[276],"vectors.":[278]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":4}],"updated_date":"2026-03-06T13:50:29.536080","created_date":"2025-10-10T00:00:00"}