skip to main content
10.1145/3297280.3297430acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

Mind your wallet's privacy: identifying Bitcoin wallet apps and user's actions through network traffic analysis

Published: 08 April 2019 Publication History

Abstract

With the surge in popularity of cryptocurrencies, Bitcoin has emerged as one of the most promising means for remittance, payments, and trading. Supplemented by the convenience offered by the smartphones, an increasing number of users are adopting Bitcoin wallet apps for different purposes.
In this paper, we focus on identifying user activities on smart-phone-based Bitcoin wallet apps that are commonly used for sending, receiving, and trading Bitcoin. To accomplish our goal, we performed network traffic analysis using machine learning techniques. Since we focus on apps of the same type/functionality, it makes our classification problem even more difficult compared to classifying apps tailored for discrete purposes. Moreover, our goal is to identify user activities even in the presence of encryption. In our experiments, we considered the worldwide most downloaded Bitcoin wallet apps on both Google Play Store and Apple's App Store. For collecting network traffic traces, we used only physical hardware and omitted any emulator to build our experiment scenario as close to the real environment as possible. We process the traffic traces in several phases before extracting the features that are utilized to train our supervised learning algorithms. We deal with the classification problem in multiple stages in a hierarchical fashion. We ran a thorough set of experiments to assess the performance of our system and attained nearly 95% accuracy in user activity identification.

References

[1]
Hasan Faik Alan and Jasleen Kaur. 2016. Can Android Applications be Identified using only TCP/IP Headers of their Launch Time Traffic?. In 9th ACM conference on Security and Privacy in Wireless and Mobile Networks (WiSec). 61--66.
[2]
Giuseppe Ateniese, Briland Hitaj, Luigi Vincenzo Mancini, Nino Vincenzo Verde, and Antonio Villani. 2015. No Place to Hide that Bytes won't Reveal: Sniffing Location-Based Encrypted Traffic to Track a User's Position. In Springer Network and System Security (NSS), LNCS, Vol. 9408. 46--59.
[3]
Xiang Cai, Xin Zhang, Brijesh Joshi, and Rob Johnson. 2012. Touching From a Distance: Website Fingerprinting Attacks and Defenses. In 19th ACM Computer and Communications Security (CCS). 605--616.
[4]
Nitesh V. Chawla, Kevin W. Bowyer, Lawrence O. Hall, and W. Philip Kegelmeyer. 2002. SMOTE: Synthetic Minority Over-sampling Technique. Journal of Artificial Intelligence Research 16, 1 (2002), 321--357.
[5]
Mauro Conti, Ankit Gangwal, and Sushmita Ruj. 2018. On the Economic Significance of Ransomware Campaigns: A Bitcoin Transactions Perspective. Elsevier Computers & Security 79 (2018), 162--189.
[6]
Mauro Conti, Luigi Vincenzo Mancini, Riccardo Spolaor, and Nino Vincenzo Verde. 2016. Analyzing Android Encrypted Network Traffic to Identify User Actions. IEEE Transactions on Information Forensics and Security 11, 1 (2016), 114--125.
[7]
Corinna Cortes and Vladimir Vapnik. 1995. Support Vector Networks. Machine Learning 20, 3 (1995), 273--297.
[8]
Scott E Coull and Kevin P Dyer. 2014. Traffic Analysis of Encrypted Messaging Services: Apple iMessage and Beyond. ACM SIGCOMM Computer Communication Review 44, 5 (2014), 5--11.
[9]
Shuaifu Dai, Alok Tongaonkar, Xiaoyin Wang, Antonio Nucci, and Dawn Song. 2013. NetworkProfiler: Towards Automatic Fingerprinting of Android Apps. In 32nd IEEE International Conference on Computer Communications (INFOCOM). 809--817.
[10]
William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. 2014. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. ACM Transactions on Computer Systems 32, 2 (2014), 1--29.
[11]
Hossein Falaki, Dimitrios Lymberopoulos, Ratul Mahajan, Srikanth Kandula, and Deborah Estrin. 2010. A First Look at Traffic on Smartphones. In 10th ACM SIGCOMM Internet Measurement Conference (IMC). 281--287.
[12]
Hyo Ham and Mi Choi. 2012. Applicaion-level Traffic Analysis of Smartphone Users using Embedded Agents. In 14th IEEE Asia-Pacific Network Operations and Management Symposium (APNOMS). 1--4.
[13]
Dominik Herrmann, Rolf Wendolsky, and Hannes Federrath. 2009. Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve-Bayes Classifier. In 1st ACM Cloud Computing Security Workshop (CCSW). 31--42.
[14]
Andrew Hintz. 2003. Fingerprinting Websites using Traffic Analysis. In Springer Privacy Enhancing Technologies (PET), LNCS, Vol. 2482. 171--178.
[15]
Tin Kam Ho. 1995. Random Decision Forests. In 3rd International Conference on Document Analysis and Recognition (ICDAR). 278--282.
[16]
Chih-Wei Hsu, Chih-Chung Chang, and Chih-Jen Lin. 2003. A Practical Guide to Support Vector Classification. Technical Report.
[17]
Sang-Woo Lee, Jun-Sang Park, Hyun-Shin Lee, and Myung-Sup Kim. 2011. A Study on Smartphone Traffic Analysis. In 13th IEEE Asia-Pacific Network Operations and Management Symposium (APNOMS). 1--7.
[18]
Marc Liberatore and Brian Neil Levine. 2006. Inferring the Source of Encrypted HTTP Connections. In 13th ACM Computer and Communications Security (CCS). 255--263.
[19]
Sophon Mongkolluksamee, Vasaka Visoottiviseth, and Kensuke Fukuda. 2016. Combining Communication Patterns & Traffic Patterns to Enhance Mobile Traffic Identification Performance. Journal of Information Processing 24, 2 (2016), 247--254.
[20]
Thuy TT Nguyen and Grenville Armitage. 2008. A Survey of Techniques for Internet Traffic Classification using Machine Learning. IEEE Communications Surveys & Tutorials 10, 4 (2008), 56--76.
[21]
Andriy Panchenko, Lukas Niessen, Andreas Zinnen, and Thomas Engel. 2011. Website Fingerprinting in Onion Routing Based Anonymization Networks. In 10th ACM Workshop on Privacy in the Electronic Society (WPES). 103--114.
[22]
Zafar Ayyub Qazi, Jeongkeun Lee, Tao Jin, Gowtham Bellala, Manfred Arndt, and Guevara Noubir. 2013. Application-awareness in SDN. In ACM SIGCOMM conference. 487--488.
[23]
Jean-François Raymond. 2001. Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems. In Springer Designing Privacy Enhancing Technologies, LNCS, Vol. 2009. 10--29.
[24]
Brendan Saltaformaggio, Hongjun Choi, Kristen Johnson, Yonghwi Kwon, Qi Zhang, Xiangyu Zhang, Dongyan Xu, and John Qian. 2016. Eavesdropping on Fine-Grained User Activities within Smartphone Apps over Encrypted Network Traffic. In 10th USENIX Workshop on Offensive Technologies (WOOT). 1--10.
[25]
John Shawe-Taylor and Nello Cristianini. 2004. Kernel Methods for Pattern Analysis. Cambridge University Press, New York, NY, USA.
[26]
Tim Stöber, Mario Frank, Jens Schmitt, and Ivan Martinovic. 2013. Who do you sync you are? Smartphone Fingerprinting via Application Behaviour. In 6th ACM conference on Security and Privacy in Wireless and Mobile Networks (WiSec). 7--12.
[27]
Vincent F Taylor, Riccardo Spolaor, Mauro Conti, and Ivan Martinovic. 2018. Robust Smartphone App Identification via Encrypted Network Traffic Analysis. IEEE Transactions on Information Forensics and Security 13, 1 (2018), 63--78.
[28]
Vladimir N. Vapnik. 1995. The Nature of Statistical Learning Theory. Springer-Verlag New York, Inc., New York, NY, USA.
[29]
Qinglong Wang, Amir Yahyavi, Bettina Kemme, and Wenbo He. 2015. I Know What You Did on Your Smartphone: Inferring App Usage over Encrypted Data Traffic. In 3rd IEEE Communications and Network Security (CNS). 433--441.
[30]
Jie Yang, Shuo Zhang, Xinyu Zhang, Jun Liu, and Gang Cheng. 2013. Analysis of Smartphone Traffic with MapReduce. In 22nd IEEE Wireless and Optical Communication Conference (WOCC). 394--398.
[31]
Xiaoyong Zhou, Soteris Demetriou, Dongjing He, Muhammad Naveed, Xiaorui Pan, XiaoFeng Wang, Carl A Gunter, and Klara Nahrstedt. 2013. Identity, location, disease and more: Inferring your secrets from android public resources. In 20th ACM Computer and Communications Security (CCS). 1017--1028.

Cited By

View all
  • (2024)Classifying 5G Encrypted Packet Traces2024 International Conference on Electrical, Communication and Computer Engineering (ICECCE)10.1109/ICECCE63537.2024.10823417(1-6)Online publication date: 30-Oct-2024
  • (2024)The next phase of identifying illicit activity in BitcoinInternational Journal of Network Management10.1002/nem.225934:5Online publication date: 15-Jan-2024
  • (2023)When Free Tier Becomes Free to Enter: A Non-Intrusive Way to Identify Security Cameras with no Cloud SubscriptionProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623083(651-665)Online publication date: 15-Nov-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing
April 2019
2682 pages
ISBN:9781450359337
DOI:10.1145/3297280
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 April 2019

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Android
  2. Bitcoin
  3. iOS
  4. machine learning
  5. traffic analysis

Qualifiers

  • Research-article

Funding Sources

  • Fondazione Cassa di Risparmio di Padova e Rovigo (CARIPARO)

Conference

SAC '19
Sponsor:

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25
The 40th ACM/SIGAPP Symposium on Applied Computing
March 31 - April 4, 2025
Catania , Italy

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)31
  • Downloads (Last 6 weeks)2
Reflects downloads up to 19 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Classifying 5G Encrypted Packet Traces2024 International Conference on Electrical, Communication and Computer Engineering (ICECCE)10.1109/ICECCE63537.2024.10823417(1-6)Online publication date: 30-Oct-2024
  • (2024)The next phase of identifying illicit activity in BitcoinInternational Journal of Network Management10.1002/nem.225934:5Online publication date: 15-Jan-2024
  • (2023)When Free Tier Becomes Free to Enter: A Non-Intrusive Way to Identify Security Cameras with no Cloud SubscriptionProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623083(651-665)Online publication date: 15-Nov-2023
  • (2023)Rediscovering Fraud Detection in Bitcoin Transactions Using Machine Learning Models2023 IEEE 9th World Forum on Internet of Things (WF-IoT)10.1109/WF-IoT58464.2023.10539490(1-6)Online publication date: 12-Oct-2023
  • (2023)Dissecting Mining Pools of Bitcoin Network: Measurement, Analysis and ModelingIEEE Transactions on Network Science and Engineering10.1109/TNSE.2022.321053710:1(398-412)Online publication date: 1-Jan-2023
  • (2023)Illegal activity detection on bitcoin transaction using deep learningSoft Computing - A Fusion of Foundations, Methodologies and Applications10.1007/s00500-022-07779-127:9(5503-5520)Online publication date: 5-Jan-2023
  • (2023)Bitcoin Blockchain System: An Overview of Security and Privacy AspectsBlockchains10.1007/978-3-031-32146-7_3(75-108)Online publication date: 10-Aug-2023
  • (2022)Patterns for Anonymity Enhancing Cryptocurrencies Non-Custodian Mobile WalletsProceedings of the 29th Conference on Pattern Languages of Programs10.5555/3631672.3631676(1-29)Online publication date: 24-Oct-2022
  • (2022)Revisiting Online Privacy and Security Mechanisms Applied in the In-App Payment Realm from the Consumers’ PerspectiveProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3543786(1-12)Online publication date: 23-Aug-2022
  • (2022)Metainformation Extraction from Encrypted Streaming Video Packet Traces2022 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME)10.1109/ICECCME55909.2022.9988476(1-6)Online publication date: 16-Nov-2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media