Network Deployments of Bitcoin Peers and Malicious Nodes Based on Darknet Sensor

  • Mitsuyoshi ImamuraEmail author
  • Kazumasa OmoteEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11402)


Bitcoin depends on Peer-to-Peer (P2P) network in a major way and shares the connecting IP address list with the nearest peer. In addition, the blockchain which is the basic technology can be accessed by anyone, and the transaction stored in the block can be checked anytime. Recent research has reported that anonymity of such a bitcoin P2P network is low, regardless of whether peer uses the anonymizers like TOR to keep the anonymity. This fact shows the risk of the malicious users being able to use this public information without exception. However, when the malicious user is hiding behind the network and browsing public information, it is difficult to distinguish between a malicious user and a honest one, and it is a challenge to detect signs of hidden threats. In this research, we propose a data mining approach to analyze by combining two kinds of IP address distributions: Bitcoion peer and malicious node (not in the bitcoin network), in order to obtain characteristics of hidden users. As a result, we confirmed that the nodes, which matched the first 24 bits of the IP address in the bitcoin network peer, sent the packet to the darknet. The contribution of this paper is three-fold: (1) we employ a novel approach to analyze a bitcoin network using Darknet dataset, (2) we identify the malicious node in the same network as the honest peer, and (3) we clarify the network deployments of Bitcoin peers and malicious nodes.


Darknet analysis Bitcoin Cybersecurity 


  1. 1.
    Bitnodes. Accessed 13 Mar 2018
  2. 2.
    Bailey, M., Cooke, E., Jahanian, F., Nazario, J., Watson, D., et al.: The internet motion sensor-a distributed blackhole monitoring system. In: NDSS (2005)Google Scholar
  3. 3.
    Ban, T., Eto, M., Guo, S., Inoue, D., Nakao, K., Huang, R.: A study on association rule mining of darknet big data. In: 2015 International Joint Conference on Neural Networks (IJCNN), pp. 1–7. IEEE (2015)Google Scholar
  4. 4.
    Ban, T., Zhu, L., Shimamura, J., Pang, S., Inoue, D., Nakao, K.: Detection of botnet activities through the lens of a large-scale darknet. In: Liu, D., Xie, S., Li, Y., Zhao, D., El-Alfy, E.-S.M. (eds.) ICONIP 2017. LNCS, vol. 10638, pp. 442–451. Springer, Cham (2017). Scholar
  5. 5.
    Bojja Venkatakrishnan, S., Fanti, G., Viswanath, P.: Dandelion: redesigning the bitcoin network for anonymity. Proc. ACM Meas. Anal. Comput. Syst. 1(1), 22 (2017)CrossRefGoogle Scholar
  6. 6.
    Brandão, A., Mamede, H.S., Gonçalves, R.: Systematic review of the literature, research on blockchain technology as support to the trust model proposed applied to smart places. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) WorldCIST’18 2018. AISC, vol. 745, pp. 1163–1174. Springer, Cham (2018). Scholar
  7. 7.
    Cohen, B.: Incentives build robustness in BitTorrent. In: Workshop on Economics of Peer-to-Peer Systems, vol. 6, pp. 68–72 (2003)Google Scholar
  8. 8.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. Technical report, Naval Research Lab, Washington DC (2004)Google Scholar
  9. 9.
    Eto, M., Inoue, D., Song, J., Nakazato, J., Ohtaka, K., Nakao, K.: Nicter: a large-scale network incident analysis system: case studies for understanding threat landscape. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 37–45. ACM (2011)Google Scholar
  10. 10.
    Fachkha, C., Debbabi, M.: Darknet as a source of cyber intelligence: survey, taxonomy, and characterization. IEEE Commun. Surv. Tutor. 18(2), 1197–1227 (2016)CrossRefGoogle Scholar
  11. 11.
    Gervais, A., Capkun, S., Karame, G.O., Gruber, D.: On the privacy provisions of bloom filters in lightweight bitcoin clients. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 326–335. ACM (2014)Google Scholar
  12. 12.
    Hatada, M., Akiyama, M., Matsuki, T., Kasama, T.: Empowering anti-malware research in Japan by sharing the MWS datasets. J. Inf. Process. 23(5), 579–588 (2015)Google Scholar
  13. 13.
    Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoin’s peer-to-peer network. In: USENIX Security Symposium, pp. 129–144 (2015)Google Scholar
  14. 14.
    Herrera-Joancomartí, J.: Research and challenges on bitcoin anonymity. In: Garcia-Alfaro, J., et al. (eds.) DPM/QASA/SETOP -2014. LNCS, vol. 8872, pp. 3–16. Springer, Cham (2015). Scholar
  15. 15.
    Huang, D.Y., et al.: Botcoin: monetizing stolen cycles. In: NDSS. Citeseer (2014)Google Scholar
  16. 16.
    Inoue, D., et al.: Nicter: an incident analysis system toward binding network monitoring with malware analysis. In: WOMBAT Workshop on Information Security Threats Data Collection and Sharing, WISTDCS 2008, pp. 58–66. IEEE (2008)Google Scholar
  17. 17.
    Inoue, D., et al.: An incident analysis system NICTER and its analysis engines based on data mining techniques. In: Köppen, M., Kasabov, N., Coghill, G. (eds.) ICONIP 2008. LNCS, vol. 5506, pp. 579–586. Springer, Heidelberg (2009). Scholar
  18. 18.
    Kaushal, P.K., Bagga, A., Sobti, R.: Evolution of bitcoin and security risk in bitcoin wallets. In: 2017 International Conference on Computer, Communications and Electronics (Comptelix), pp. 172–177. IEEE (2017)Google Scholar
  19. 19.
    Kethineni, S., Cao, Y., Dodge, C.: Use of bitcoin in darknet markets: examining facilitative factors on bitcoin-related crimes. Am. J. Crim. Justice 1–17 (2017)Google Scholar
  20. 20.
    Neudecker, T., Andelfinger, P., Hartenstein, H.: A simulation model for analysis of attacks on the bitcoin peer-to-peer network. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1327–1332. IEEE (2015)Google Scholar
  21. 21.
    Neudecker, T., Hartenstein, H.: Could network information facilitate address clustering in bitcoin? In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 155–169. Springer, Cham (2017). Scholar
  22. 22.
    Satoshi, N.: Bitcoin: a peer-to-peer electronic cash system (2008).
  23. 23.
    Yamauchi, S., Kawakita, M., Takeuchi, J.: Botnet detection based on non-negative matrix factorization and the MDL principle. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds.) ICONIP 2012. LNCS, vol. 7667, pp. 400–409. Springer, Heidelberg (2012). Scholar
  24. 24.
    Zanero, S.: Observing the tidal waves of malware: experiences from the wombat project. In: 2010 Second Vaagdevi International Conference on Information Technology for Real World Problems (VCON), pp. 30–35. IEEE (2010)Google Scholar
  25. 25.
    Zseby, T., et al.: Workshop report: darkspace and unsolicited traffic analysis (DUST 2012). ACM SIGCOMM Comput. Commun. Rev. 42(5), 49–53 (2012)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.University of TsukubaTsukubaJapan
  2. 2.Nomura Asset Management Ltd.Chuo-kuJapan

Personalised recommendations