Abstract
Bitcoin depends on Peer-to-Peer (P2P) network in a major way and shares the connecting IP address list with the nearest peer. In addition, the blockchain which is the basic technology can be accessed by anyone, and the transaction stored in the block can be checked anytime. Recent research has reported that anonymity of such a bitcoin P2P network is low, regardless of whether peer uses the anonymizers like TOR to keep the anonymity. This fact shows the risk of the malicious users being able to use this public information without exception. However, when the malicious user is hiding behind the network and browsing public information, it is difficult to distinguish between a malicious user and a honest one, and it is a challenge to detect signs of hidden threats. In this research, we propose a data mining approach to analyze by combining two kinds of IP address distributions: Bitcoion peer and malicious node (not in the bitcoin network), in order to obtain characteristics of hidden users. As a result, we confirmed that the nodes, which matched the first 24 bits of the IP address in the bitcoin network peer, sent the packet to the darknet. The contribution of this paper is three-fold: (1) we employ a novel approach to analyze a bitcoin network using Darknet dataset, (2) we identify the malicious node in the same network as the honest peer, and (3) we clarify the network deployments of Bitcoin peers and malicious nodes.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bitnodes. https://bitnodes.earn.com/. Accessed 13 Mar 2018
Bailey, M., Cooke, E., Jahanian, F., Nazario, J., Watson, D., et al.: The internet motion sensor-a distributed blackhole monitoring system. In: NDSS (2005)
Ban, T., Eto, M., Guo, S., Inoue, D., Nakao, K., Huang, R.: A study on association rule mining of darknet big data. In: 2015 International Joint Conference on Neural Networks (IJCNN), pp. 1–7. IEEE (2015)
Ban, T., Zhu, L., Shimamura, J., Pang, S., Inoue, D., Nakao, K.: Detection of botnet activities through the lens of a large-scale darknet. In: Liu, D., Xie, S., Li, Y., Zhao, D., El-Alfy, E.-S.M. (eds.) ICONIP 2017. LNCS, vol. 10638, pp. 442–451. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70139-4_45
Bojja Venkatakrishnan, S., Fanti, G., Viswanath, P.: Dandelion: redesigning the bitcoin network for anonymity. Proc. ACM Meas. Anal. Comput. Syst. 1(1), 22 (2017)
Brandão, A., Mamede, H.S., Gonçalves, R.: Systematic review of the literature, research on blockchain technology as support to the trust model proposed applied to smart places. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) WorldCIST’18 2018. AISC, vol. 745, pp. 1163–1174. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-77703-0_113
Cohen, B.: Incentives build robustness in BitTorrent. In: Workshop on Economics of Peer-to-Peer Systems, vol. 6, pp. 68–72 (2003)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. Technical report, Naval Research Lab, Washington DC (2004)
Eto, M., Inoue, D., Song, J., Nakazato, J., Ohtaka, K., Nakao, K.: Nicter: a large-scale network incident analysis system: case studies for understanding threat landscape. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 37–45. ACM (2011)
Fachkha, C., Debbabi, M.: Darknet as a source of cyber intelligence: survey, taxonomy, and characterization. IEEE Commun. Surv. Tutor. 18(2), 1197–1227 (2016)
Gervais, A., Capkun, S., Karame, G.O., Gruber, D.: On the privacy provisions of bloom filters in lightweight bitcoin clients. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 326–335. ACM (2014)
Hatada, M., Akiyama, M., Matsuki, T., Kasama, T.: Empowering anti-malware research in Japan by sharing the MWS datasets. J. Inf. Process. 23(5), 579–588 (2015)
Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin’s peer-to-peer network. In: USENIX Security Symposium, pp. 129–144 (2015)
Herrera-Joancomartí, J.: Research and challenges on bitcoin anonymity. In: Garcia-Alfaro, J., et al. (eds.) DPM/QASA/SETOP -2014. LNCS, vol. 8872, pp. 3–16. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17016-9_1
Huang, D.Y., et al.: Botcoin: monetizing stolen cycles. In: NDSS. Citeseer (2014)
Inoue, D., et al.: Nicter: an incident analysis system toward binding network monitoring with malware analysis. In: WOMBAT Workshop on Information Security Threats Data Collection and Sharing, WISTDCS 2008, pp. 58–66. IEEE (2008)
Inoue, D., et al.: An incident analysis system NICTER and its analysis engines based on data mining techniques. In: Köppen, M., Kasabov, N., Coghill, G. (eds.) ICONIP 2008. LNCS, vol. 5506, pp. 579–586. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02490-0_71
Kaushal, P.K., Bagga, A., Sobti, R.: Evolution of bitcoin and security risk in bitcoin wallets. In: 2017 International Conference on Computer, Communications and Electronics (Comptelix), pp. 172–177. IEEE (2017)
Kethineni, S., Cao, Y., Dodge, C.: Use of bitcoin in darknet markets: examining facilitative factors on bitcoin-related crimes. Am. J. Crim. Justice 1–17 (2017)
Neudecker, T., Andelfinger, P., Hartenstein, H.: A simulation model for analysis of attacks on the bitcoin peer-to-peer network. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1327–1332. IEEE (2015)
Neudecker, T., Hartenstein, H.: Could network information facilitate address clustering in bitcoin? In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 155–169. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_9
Satoshi, N.: Bitcoin: a peer-to-peer electronic cash system (2008). http://www.bitcoin.org/bitcoin.pdf
Yamauchi, S., Kawakita, M., Takeuchi, J.: Botnet detection based on non-negative matrix factorization and the MDL principle. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds.) ICONIP 2012. LNCS, vol. 7667, pp. 400–409. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34500-5_48
Zanero, S.: Observing the tidal waves of malware: experiences from the wombat project. In: 2010 Second Vaagdevi International Conference on Information Technology for Real World Problems (VCON), pp. 30–35. IEEE (2010)
Zseby, T., et al.: Workshop report: darkspace and unsolicited traffic analysis (DUST 2012). ACM SIGCOMM Comput. Commun. Rev. 42(5), 49–53 (2012)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Imamura, M., Omote, K. (2019). Network Deployments of Bitcoin Peers and Malicious Nodes Based on Darknet Sensor. In: Kang, B., Jang, J. (eds) Information Security Applications. WISA 2018. Lecture Notes in Computer Science(), vol 11402. Springer, Cham. https://doi.org/10.1007/978-3-030-17982-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-17982-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-17981-6
Online ISBN: 978-3-030-17982-3
eBook Packages: Computer ScienceComputer Science (R0)