基于v3洋葱域名的比特币地址威胁程度分析

doi:10.19678/j.issn.1000-3428.0066649

摘要/Abstract

摘要：

比特币可以在不透露使用者身份的情况下进行交换，导致其成为不法分子在暗网上进行违法活动的主要方式。为了追踪比特币非法交易，传统方法根据比特币的伪匿名性，在整个区块链上进行启发式地址聚类，没有充分利用比特币地址在暗网上的信息。2021年Tor官方全面启用v3洋葱域名，使得以往的v2洋葱域名数据无法再作为分析的依据。设计并实现基于v3洋葱域名的比特币地址威胁程度的一体化分析框架TLAFDB。信息收集模块使用境外服务器解决地域限制并设置socks5h代理以支持暗网爬虫运行，使用洋葱种子地址在暗网中爬行收集最新的v3洋葱域名数据，信息清洗模块采用可同时覆盖Base58和Bech32编码的正则表达式以提取v3洋葱域名网页中的比特币地址，通过区块链搜索引擎Blockchain.com筛选存在真实交易的比特币地址，并建立其和所在v3洋葱域名的关联关系，信息分析模块采用人工分析和关键词匹配相结合的方法分类v3洋葱域名，赋予其关联的比特币地址类别和流行度并判定威胁程度。实验结果表明，TLAFDB收集了23 627个v3洋葱域名网页，提取并分析1 141个存在真实交易的比特币地址的类别、流行度和威胁程度，发现在暗网中同一个比特币地址常出现在大量的镜像洋葱域名网页上，超过95%的比特币地址被恶意使用，并且庞氏骗局交易量占高危比特币地址总交易量的99%。

关键词: 暗网, 爬虫, v3洋葱域名, 比特币地址, 分类

Abstract:

Bitcoin can be exchanged without revealing the user's identity, making it the main way for criminals to engage in illegal activities on the dark Web. To track illegal Bitcoin transactions, traditional methods use the pseudo anonymity of Bitcoin to perform heuristic address clustering on the entire blockchain, without fully utilizing the information of Bitcoin addresses on the dark Web. In 2021, Tor officially launched the v3 onion domain name, making the previous v2 onion domain name data no longer a basis for analysis. In response to this challenge, an integrated analysis framework called threat-level analysis framework for Bitcoin addresses based on v3 onion domain names TLAFDB is proposed. This framework enables the assessment of the threat level associated with Bitcoin addresses using v3 onion domain names. Information collection module uses overseas servers to solve regional restrictions and sets socks5h agents to support the operation of dark Web crawlers. It crawls through the dark web using onion seed addresses to collect the latest v3 onion domain name data.Information cleaning module uses regular expressions that can simultaneously cover Base58 and Bech32 encoding to extract Bitcoin addresses from the v3 onion domain name webpage, through the blockchain search engine, Blockchain.com, Bitcoin addresses with real transactions are filtered and their association with the v3 onion domain name is established.Information analysis module uses a combination of manual analysis and keyword matching to classify v3 onion domain names, assign their associated Bitcoin address categories and popularity, and determine the degree of threat. The experimental results show that TLAFDB can collect 23 627 v3 onion domain web pages, as well as extract and analyze the categories, popularity, and threat levels of 1 141 Bitcoin addresses with real transactions. In dark web, the same Bitcoin address often appears on numerous mirrored onion domain web pages, with over 95% of Bitcoin addresses being maliciously used, and the Ponzi scheme accounts for 99% of the total transaction volume of high-risk Bitcoin addresses.

Key words: dark Web, crawler, v3 onion domain name, Bitcoin address, classification

胡锦枫, 徐晓瑀, 陈云芳, 张伟. 基于v3洋葱域名的比特币地址威胁程度分析[J]. 计算机工程, 2024, 50(3): 173-181.

Jinfeng HU, Xiaoyu XU, Yunfang CHEN, Wei ZHANG. Threat Level Analysis of Bitcoin Address Based on v3 Onion Domain Name[J]. Computer Engineering, 2024, 50(3): 173-181.

http://www.ecice06.com/CN/Y2024/V50/I3/173

图/表 11

图1 TLAFDB框架

Fig.1 TLAFDB framework

图2 Tor服务配置步骤

Fig.2 Configuration steps of Tor service

图3 比特币地址与洋葱域名关联信息

Fig.3 The associated information of Bitcoin address and onion domain name

图4 支持向量机模型分类结果

Fig.4 Classification results of support vector machine model

图5 比特币地址类别占比

Fig.5 Ratio of Bitcoin address category

图6 比特币地址威胁程度分布

Fig.6 Distribution of Bitcoin address threat level

参考文献 29

1	HURLBURT G. Shining light on the dark Web. Computer, 2017, 50(4): 100- 105. doi: 10.1109/MC.2017.110
2	KWON K H, PRINISKI J H, SARKAR S, et al. Crisis and collective problem solving in dark web: an exploration of a black hat forum[C]//Proceedings of the 8th International Conference on Social Media & Society. New York, USA: ACM Press, 2017: 1-5.
3	SAMTANI S, CHINN R, CHEN H. Exploring hacker assets in underground forums[C]//Proceedings of International Conference on Intelligence and Security Informatics. Washington D. C., USA: IEEE Press, 2015: 31-36.
4	UNODC. World drug report 2021[EB/OL]. [2022-11-25]. https://www.unodc.org/unodc/en/data-and-analysis/wdr2021.html.
5	HOELLER T, ROLAND M, MAYRHOFER R. On the state of v3 onion services[C]//Proceedings of the ACM SIGCOMM 2021 Workshop on Free and Open Communications on the Internet. New York, USA: ACM Press, 2021: 50-56.
6	DINGLEDINE R, MATHEWSON N, SYVERSON P. Tor: the second-generation onion router[C]//Proceedings of the 13th Conference on USENIX Security Symposium. New York, USA: ACM Press, 2004: 21.
7	TOR PROJECT. Tor hidden service protocol[EB/OL]. [2022-11-25]. https://community.torproject.org/onion-services/overview.
8	BIRYUKOV A, PUSTOGAROV I, WEINMANN R P. Trawling for Tor hidden services: detection, measurement, deanonymization[C]//Proceedings of Symposium on Security and Privacy. Washington D. C., USA: IEEE Press, 2013: 80-94.
9	汤艳君, 安俊霖. 基于Tor的暗网数据爬虫设计与实现. 信息安全研究, 2019, 5(9): 798- 804. URL
	TANG Y J, AN J L. Design and implementation of dark net data crawler based on Tor. Journal of Information Security Research, 2019, 5(9): 798- 804. URL
10	LI K, LIU P P, TAN Q F, et al. Out-of-band discovery and evaluation for Tor hidden services[C]//Proceedings of the 31st Annual ACM Symposium on Applied Computing. New York, USA: ACM Press, 2016: 2057-2062.
11	BERNASCHI M, CELESTINI A, GUARINO S, et al. Spiders like onions: on the network of Tor hidden services[C]//Proceedings of the World Wide Web Conference. New York, USA: ACM Press, 2019: 105-115.
12	PERERA I, BOSHMAF Y. Dizzy: large-scale crawling and analysis of onion services[C]//Proceedings of International Conference on Intelligence and Security Informatics. Washington D. C. , USA: IEEE Press, 2022: 1-10.
13	TORPROJECT. Tor rendezvous specification-version 3[EB/OL]. [2022-11-25]. https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt.
14	NAKAMOTO S. Bitcoin: a peer-to-peer electronic cash system[EB/OL]. [2022-11-25]. https://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=051480446BB56691DB1BBA726F21AA37?doi=10.1.1.221.9986&=reprep1&type=pdf.
15	REID F, HARRIGAN M. An analysis of anonymity in the Bitcoin system[EB/OL]. [2022-11-25]. https://arxiv.org/pdf/1107.4524.pdf.
16	MEIKLEJOHN S, POMAROLE M, JORDAN G, et al. A fistful of Bitcoins: characterizing payments among men with no names[C]//Proceedings of Conference on Internet Measurement. New York, USA: ACM Press, 2013: 127-140.
17	ZHENG B K, ZHU L H, SHEN M, et al. Identifying the vulnerabilities of Bitcoin anonymous mechanism based on address clustering. Science China Information Sciences, 2020, 63(3): 1- 15.
18	ZHANG Y H, WANG J, LUO J. Heuristic-based address clustering in Bitcoin. IEEE Access, 2020, 8, 210582- 210591. doi: 10.1109/ACCESS.2020.3039570
19	HE X, HE K T, LIN S W, et al. Bitcoin address clustering method based on multiple heuristic conditions. IET Blockchain, 2022, 2(2): 44- 56. doi: 10.1049/blc2.12014
20	AL JAWAHERI H, AL SABAH M, BOSHMAF Y, et al. Deanonymizing Tor hidden service users through Bitcoin transactions analysis. Computers & Security, 2020, 89, 101684.
21	DÖPMANN C, RUST S, TSCHORSCH F. Exploring deployment strategies for the tor network[C]//Proceedings of the 43rd Conference on Local Computer Networks. Washington D. C., USA: IEEE Press, 2019: 255-258.
22	JUHA N. Ahmia project[EB/OL]. [2022-11-25]. https://ahmia.fi/.
23	Onion Search Engine. Onion search engine[EB/OL]. [2022-11-25]. https://eu.onionsearchengine.com/.
24	BRANDON C. Market capitalization[EB/OL]. [2022-11-25]. https://coinmarketcap.com/charts/.
25	BLOCKCHAIN LTD. Blockchain. com[EB/OL]. [2022-11-25]. https://www.blockchain.com/explorer.
26	QAISER S, ALI R. Text mining: use of TF-IDF to examine the relevance of words to documents. International Journal of Computer Applications, 2018, 181(1): 25- 29. doi: 10.5120/ijca2018917395
27	余志玮, 何月顺. 基于Scrapy分布式的暗网探测爬虫构建. 计算机时代, 2020,(4): 21- 25. URL
	YU Z W, HE Y S. Building dark web probe crawler with Scrapy-redis. Computer Era, 2020,(4): 21- 25. URL
28	沈蒙, 桑安琪, 祝烈煌, 等. 一种基于交易图匹配的比特币异常交易实体识别方法: 111652732B[P]. 2020-09-11.
	SHEN M, SANG A Q, ZHU L H, et al. A Bitcoin anomaly transaction entity recognition method based on transaction graph matching: 111652732B[P]. 2020-09-11. (in Chinese)
29	BARTOLETTI M, PES B, SERUSI S. Data mining for detecting Bitcoin ponzi schemes[C]//Proceedings of Crypto Valley Conference on Blockchain Technology. Washington D. C., USA: IEEE Press, 2018: 75-84.

[1]	吴冠荣, 李元祥, 王艺霖, 陆雨寒, 陈秀华. 基于对比学习的小样本金属表面损伤分类[J]. 计算机工程, 2024, 50(3): 36-43.
[2]	崔蒙蒙, 刘井平, 阮彤, 宋雨秋, 杜渂. 基于双重多视角表示的目标级隐性情感分类[J]. 计算机工程, 2024, 50(1): 79-90.
[3]	申秀雨, 姬伟峰, 李映岐, 吴玄. 面向边缘计算的TCA1C DDoS检测模型[J]. 计算机工程, 2024, 50(1): 198-205.
[4]	白尚旺, 王梦瑶, 胡静, 陈志泊. 多区域注意力的细粒度图像分类网络[J]. 计算机工程, 2024, 50(1): 271-278.
[5]	刘金硕, 王代辰, 邓娟, 王丽娜. 基于长尾分类算法的网络不良信息分类[J]. 计算机工程, 2023, 49(8): 13-19, 28.
[6]	杨燕燕, 谢明轩, 曹江峡, 王学宾, 柳厅文, 杜彦辉. 基于原型网络的中文分类模型对抗样本生成[J]. 计算机工程, 2023, 49(8): 54-62.
[7]	杨祖赫, 黎智辉, 唐云祁, 晏于文, 宋华青. 结合语义与图像信息的行人属性识别算法[J]. 计算机工程, 2023, 49(8): 215-222, 231.
[8]	余长宏, 陆雅, 王海鑫, 高明. 基于滑动时间窗的物联网设备流量分类算法[J]. 计算机工程, 2023, 49(7): 259-268.
[9]	曹坪, 杨怀志, 薄一军, 尤嘉, 张淳杰, 李丹勇. 面向低质量裂缝图像的多知识蒸馏分类[J]. 计算机工程, 2023, 49(7): 204-213.
[10]	谢虹, 姜文刚. RRA-InceptionV3结合鲁棒稀疏表示的表情识别方法[J]. 计算机工程, 2023, 49(7): 196-203.
[11]	殷文君, 黄建华, 纪元法. 基于改进密集卷积网络的皮肤肿瘤分类方法[J]. 计算机工程, 2023, 49(7): 288-294.
[12]	张博旭, 蒲智, 程曦. 基于提示学习的维吾尔语文本分类研究[J]. 计算机工程, 2023, 49(6): 292-299,313.
[13]	王其涵, 庞建民, 岳峰, 祝迪, 沈莉, 肖谦. 面向申威架构的KNN并行算法实现与优化[J]. 计算机工程, 2023, 49(5): 286-294.
[14]	石进, 徐杨, 曹斌. 基于自适应三线性池化网络的细粒度图像分类[J]. 计算机工程, 2023, 49(5): 239-246,254.
[15]	袁立宁, 胡皓, 刘钊. 基于多通道图卷积自编码器的图表示学习[J]. 计算机工程, 2023, 49(2): 150-160,174.

选择文件类型/文献管理软件名称

选择包含的内容