Filtering by
- All Subjects: Mining
- Creators: Bazzi, Rida
- Member of: Theses and Dissertations
The method captures the dataflow of an ad-hoc workflow through its execution and abstracts it with a process for simplifying repetition. An instrumentation system first processes the workflow to produce an instrumented version, capable of logging events, which is then executed on an input to produce a trace. The trace undergoes dataflow construction to produce a provenance graph. The dataflow is examined for equivalent regions, which are collected into a single unit. The workflow is thus characterized in terms of its treatment of an input. Unlike other methods, a run-time approach characterizes the workflow's actual behavior; including elements which static analysis cannot predict (for example, code dynamically evaluated based on input parameters). This also enables the characterization of dataflow through external tools.
The contributions of this work are: a run-time method for recording a provenance graph from an ad-hoc Python workflow, and a method to analyze the structure of a workflow from provenance. Methods are implemented in Python and are demonstrated on real world Python workflows. These contributions enable users to derive graph structure from workflows. Empowered by a graphical view, users can better understand a legacy workflow. This makes the wealth of legacy ad-hoc workflows accessible, enabling workflow reuse instead of investing time and resources into creating a workflow.
Cryptojacking is a process in which a program utilizes a user’s CPU to mine cryptocurrencies unknown to the user. Since cryptojacking is a relatively new problem and its impact is still limited, very little has been done to combat it. Multiple studies have been conducted where a cryptojacking detection system is implemented, but none of these systems have truly solved the problem. This thesis surveys existing studies and provides a classification and evaluation of each detection system with the aim of determining their pros and cons. The result of the evaluation indicates that it might be possible to bypass detection of existing systems by modifying the cryptojacking code. In addition to this classification, I developed an automatic code instrumentation program that replaces specific instructions with functionally similar sequences as a way to show how easy it is to implement simple obfuscation to bypass detection by existing systems.