Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Information Security Applications

WISA 2018: Information Security Applications pp 117–128Cite as

Network Deployments of Bitcoin Peers and Malicious Nodes Based on Darknet Sensor

  • Conference paper
  • First Online:

  • 640 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11402))

Abstract

Bitcoin depends on Peer-to-Peer (P2P) network in a major way and shares the connecting IP address list with the nearest peer. In addition, the blockchain which is the basic technology can be accessed by anyone, and the transaction stored in the block can be checked anytime. Recent research has reported that anonymity of such a bitcoin P2P network is low, regardless of whether peer uses the anonymizers like TOR to keep the anonymity. This fact shows the risk of the malicious users being able to use this public information without exception. However, when the malicious user is hiding behind the network and browsing public information, it is difficult to distinguish between a malicious user and a honest one, and it is a challenge to detect signs of hidden threats. In this research, we propose a data mining approach to analyze by combining two kinds of IP address distributions: Bitcoion peer and malicious node (not in the bitcoin network), in order to obtain characteristics of hidden users. As a result, we confirmed that the nodes, which matched the first 24 bits of the IP address in the bitcoin network peer, sent the packet to the darknet. The contribution of this paper is three-fold: (1) we employ a novel approach to analyze a bitcoin network using Darknet dataset, (2) we identify the malicious node in the same network as the honest peer, and (3) we clarify the network deployments of Bitcoin peers and malicious nodes.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Bitnodes. https://bitnodes.earn.com/. Accessed 13 Mar 2018

  2. Bailey, M., Cooke, E., Jahanian, F., Nazario, J., Watson, D., et al.: The internet motion sensor-a distributed blackhole monitoring system. In: NDSS (2005)

    Google Scholar 

  3. Ban, T., Eto, M., Guo, S., Inoue, D., Nakao, K., Huang, R.: A study on association rule mining of darknet big data. In: 2015 International Joint Conference on Neural Networks (IJCNN), pp. 1–7. IEEE (2015)

    Google Scholar 

  4. Ban, T., Zhu, L., Shimamura, J., Pang, S., Inoue, D., Nakao, K.: Detection of botnet activities through the lens of a large-scale darknet. In: Liu, D., Xie, S., Li, Y., Zhao, D., El-Alfy, E.-S.M. (eds.) ICONIP 2017. LNCS, vol. 10638, pp. 442–451. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70139-4_45

    Chapter  Google Scholar 

  5. Bojja Venkatakrishnan, S., Fanti, G., Viswanath, P.: Dandelion: redesigning the bitcoin network for anonymity. Proc. ACM Meas. Anal. Comput. Syst. 1(1), 22 (2017)

    Article  Google Scholar 

  6. Brandão, A., Mamede, H.S., Gonçalves, R.: Systematic review of the literature, research on blockchain technology as support to the trust model proposed applied to smart places. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) WorldCIST’18 2018. AISC, vol. 745, pp. 1163–1174. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-77703-0_113

    Chapter  Google Scholar 

  7. Cohen, B.: Incentives build robustness in BitTorrent. In: Workshop on Economics of Peer-to-Peer Systems, vol. 6, pp. 68–72 (2003)

    Google Scholar 

  8. Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. Technical report, Naval Research Lab, Washington DC (2004)

    Google Scholar 

  9. Eto, M., Inoue, D., Song, J., Nakazato, J., Ohtaka, K., Nakao, K.: Nicter: a large-scale network incident analysis system: case studies for understanding threat landscape. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 37–45. ACM (2011)

    Google Scholar 

  10. Fachkha, C., Debbabi, M.: Darknet as a source of cyber intelligence: survey, taxonomy, and characterization. IEEE Commun. Surv. Tutor. 18(2), 1197–1227 (2016)

    Article  Google Scholar 

  11. Gervais, A., Capkun, S., Karame, G.O., Gruber, D.: On the privacy provisions of bloom filters in lightweight bitcoin clients. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 326–335. ACM (2014)

    Google Scholar 

  12. Hatada, M., Akiyama, M., Matsuki, T., Kasama, T.: Empowering anti-malware research in Japan by sharing the MWS datasets. J. Inf. Process. 23(5), 579–588 (2015)

    Google Scholar 

  13. Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin’s peer-to-peer network. In: USENIX Security Symposium, pp. 129–144 (2015)

    Google Scholar 

  14. Herrera-Joancomartí, J.: Research and challenges on bitcoin anonymity. In: Garcia-Alfaro, J., et al. (eds.) DPM/QASA/SETOP -2014. LNCS, vol. 8872, pp. 3–16. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17016-9_1

    Chapter  Google Scholar 

  15. Huang, D.Y., et al.: Botcoin: monetizing stolen cycles. In: NDSS. Citeseer (2014)

    Google Scholar 

  16. Inoue, D., et al.: Nicter: an incident analysis system toward binding network monitoring with malware analysis. In: WOMBAT Workshop on Information Security Threats Data Collection and Sharing, WISTDCS 2008, pp. 58–66. IEEE (2008)

    Google Scholar 

  17. Inoue, D., et al.: An incident analysis system NICTER and its analysis engines based on data mining techniques. In: Köppen, M., Kasabov, N., Coghill, G. (eds.) ICONIP 2008. LNCS, vol. 5506, pp. 579–586. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02490-0_71

    Chapter  Google Scholar 

  18. Kaushal, P.K., Bagga, A., Sobti, R.: Evolution of bitcoin and security risk in bitcoin wallets. In: 2017 International Conference on Computer, Communications and Electronics (Comptelix), pp. 172–177. IEEE (2017)

    Google Scholar 

  19. Kethineni, S., Cao, Y., Dodge, C.: Use of bitcoin in darknet markets: examining facilitative factors on bitcoin-related crimes. Am. J. Crim. Justice 1–17 (2017)

    Google Scholar 

  20. Neudecker, T., Andelfinger, P., Hartenstein, H.: A simulation model for analysis of attacks on the bitcoin peer-to-peer network. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1327–1332. IEEE (2015)

    Google Scholar 

  21. Neudecker, T., Hartenstein, H.: Could network information facilitate address clustering in bitcoin? In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 155–169. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_9

    Chapter  Google Scholar 

  22. Satoshi, N.: Bitcoin: a peer-to-peer electronic cash system (2008). http://www.bitcoin.org/bitcoin.pdf

  23. Yamauchi, S., Kawakita, M., Takeuchi, J.: Botnet detection based on non-negative matrix factorization and the MDL principle. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds.) ICONIP 2012. LNCS, vol. 7667, pp. 400–409. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34500-5_48

    Chapter  Google Scholar 

  24. Zanero, S.: Observing the tidal waves of malware: experiences from the wombat project. In: 2010 Second Vaagdevi International Conference on Information Technology for Real World Problems (VCON), pp. 30–35. IEEE (2010)

    Google Scholar 

  25. Zseby, T., et al.: Workshop report: darkspace and unsolicited traffic analysis (DUST 2012). ACM SIGCOMM Comput. Commun. Rev. 42(5), 49–53 (2012)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Tsukuba, Tennodai 1-1-1, Tsukuba, 305-8573, Japan

    Mitsuyoshi Imamura & Kazumasa Omote

  2. Nomura Asset Management Ltd., 1-11-1 Nihonbashi, Chuo-ku, Tokyo, 103-8260, Japan

    Mitsuyoshi Imamura

Authors
  1. Mitsuyoshi Imamura
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kazumasa Omote
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Mitsuyoshi Imamura or Kazumasa Omote .

Editor information

Editors and Affiliations

  1. Korea Advanced Institute of Science and Technology, Daejeon, Korea (Republic of)

    Brent ByungHoon Kang

  2. Korea Advanced Institute of Science and Technology, Daejeon, Korea (Republic of)

    JinSoo Jang

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Imamura, M., Omote, K. (2019). Network Deployments of Bitcoin Peers and Malicious Nodes Based on Darknet Sensor. In: Kang, B., Jang, J. (eds) Information Security Applications. WISA 2018. Lecture Notes in Computer Science(), vol 11402. Springer, Cham. https://doi.org/10.1007/978-3-030-17982-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-17982-3_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-17981-6

  • Online ISBN: 978-3-030-17982-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation