Detection of Bitcoin-Based Botnets Using a One-Class Classifier

Abstract : Botnets have been part of some of the most aggressive cyberattacks reported in recent years. To make them even harder to be detected and mitigated, attackers have built C&C (Command and Control) infrastructures on top of popular Internet services such as Skype and Bitcoin. In this work, we propose an approach to detect botnets with C&C infrastructures based on the Bitcoin network. First, transactions are grouped according to the users that issued them. Next, features are extracted for each group of transactions, aiming to identify whether they behave systematically, which is a typical bot characteristic. To analyse this data, we employ the OSVM (One-class Support Vector Machine) algorithm, which requires only samples from legitimate behaviour to build a classification model. Tests were performed in a controlled environment using the ZombieCoin botnet and real data from the Bitcoin blockchain. Results showed that the proposed approach can detect most of the bots with a low false positive rate in multiple scenarios.
Document type :
Conference papers
Complete list of metadatas

Cited literature [14 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-02294596
Contributor : Hal Ifip <>
Submitted on : Monday, September 23, 2019 - 3:49:22 PM
Last modification on : Monday, September 23, 2019 - 3:52:11 PM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2022-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Bruno Zarpelão, Rodrigo Miani, Muttukrishnan Rajarajan. Detection of Bitcoin-Based Botnets Using a One-Class Classifier. 12th IFIP International Conference on Information Security Theory and Practice (WISTP), Dec 2018, Brussels, Belgium. pp.174-189, ⟨10.1007/978-3-030-20074-9_13⟩. ⟨hal-02294596⟩

Share

Metrics

Record views

11