Rohde & Schwarz Cybersecurity’s R&S PACE 2 DPI Software Features New Classification for Stratum Mining Protocol
February 2018 by Marc Jacob
Rohde & Schwarz Cybersecurity has enhanced its R&S PACE 2 deep packet inspection (DPI) software to include Stratum protocol classification capabilities. The DPI engine can now reliably classify and therefore enable network security solutions to block malicious mining activities.
A new category of cryptocurrency-based cyberattacks that mine cryptocurrencies on the victims PC over the internet are increasing in popularity. Known as drive-by mining and stealth mining, these network-based cryptocurrency attacks use the Stratum network protocol to transfer the results of the malicious mining activities to a mining pool controlled by the attacker.
By embedding the R&S PACE 2 DPI software with Stratum protocol classification capabilities into network security solutions, vendors enhance their visibility of networks and control over security risks. With this increased visibility network security solutions are able to detect symptoms of drive-by crypto and stealth mining attacks and can implement countermeasures such as application control policies or security algorithms based on anomaly detection.
The DPI software library R&S PACE 2 provides powerful and reliable detection and classification of thousands of applications and protocols by combining deep packet inspection and behavioral traffic analysis — regardless of whether the protocols use advanced obfuscation, port-hopping techniques or encryption.
Stratum is a mining communication protocol used by blockchain based cryptocurrency systems and enables miners to reliably and efficiently fetch jobs from mining pool servers. Miners benefit from reduced bandwidth and server load on larger pools.