Detection of Bitcoin-Based Botnets Using a One-Class Classifier - Information Security Theory and Practice
Conference Papers Year : 2019

Detection of Bitcoin-Based Botnets Using a One-Class Classifier

Abstract

Botnets have been part of some of the most aggressive cyberattacks reported in recent years. To make them even harder to be detected and mitigated, attackers have built C&C (Command and Control) infrastructures on top of popular Internet services such as Skype and Bitcoin. In this work, we propose an approach to detect botnets with C&C infrastructures based on the Bitcoin network. First, transactions are grouped according to the users that issued them. Next, features are extracted for each group of transactions, aiming to identify whether they behave systematically, which is a typical bot characteristic. To analyse this data, we employ the OSVM (One-class Support Vector Machine) algorithm, which requires only samples from legitimate behaviour to build a classification model. Tests were performed in a controlled environment using the ZombieCoin botnet and real data from the Bitcoin blockchain. Results showed that the proposed approach can detect most of the bots with a low false positive rate in multiple scenarios.
Fichier principal
Vignette du fichier
484602_1_En_13_Chapter.pdf (444.01 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-02294596 , version 1 (23-09-2019)

Licence

Identifiers

Cite

Bruno Bogaz Zarpelão, Rodrigo Sanches Miani, Muttukrishnan Rajarajan. Detection of Bitcoin-Based Botnets Using a One-Class Classifier. 12th IFIP International Conference on Information Security Theory and Practice (WISTP), Dec 2018, Brussels, Belgium. pp.174-189, ⟨10.1007/978-3-030-20074-9_13⟩. ⟨hal-02294596⟩
158 View
123 Download

Altmetric

Share

More