%0 Conference Proceedings %T Detection of Bitcoin-Based Botnets Using a One-Class Classifier %+ State University of Londrina = Universidade Estadual de Londrina %+ Department of Computer science [University College of London] (UCL-CS) %+ Universidade Federal de Uberlândia - UFU (BRAZIL) %A Zarpelão, Bruno, Bogaz %A Miani, Rodrigo, Sanches %A Rajarajan, Muttukrishnan %Z Part 5: Cybersecurity %< avec comité de lecture %( Lecture Notes in Computer Science %B 12th IFIP International Conference on Information Security Theory and Practice (WISTP) %C Brussels, Belgium %Y Olivier Blazy %Y Chan Yeob Yeun %I Springer International Publishing %3 Information Security Theory and Practice %V LNCS-11469 %P 174-189 %8 2018-12-10 %D 2018 %R 10.1007/978-3-030-20074-9_13 %K Anomaly detection %K Bitcoin %K Blockchain %K Botnet detection %K One-class Support Vector Machine %Z Computer Science [cs]Conference papers %X Botnets have been part of some of the most aggressive cyberattacks reported in recent years. To make them even harder to be detected and mitigated, attackers have built C&C (Command and Control) infrastructures on top of popular Internet services such as Skype and Bitcoin. In this work, we propose an approach to detect botnets with C&C infrastructures based on the Bitcoin network. First, transactions are grouped according to the users that issued them. Next, features are extracted for each group of transactions, aiming to identify whether they behave systematically, which is a typical bot characteristic. To analyse this data, we employ the OSVM (One-class Support Vector Machine) algorithm, which requires only samples from legitimate behaviour to build a classification model. Tests were performed in a controlled environment using the ZombieCoin botnet and real data from the Bitcoin blockchain. Results showed that the proposed approach can detect most of the bots with a low false positive rate in multiple scenarios. %G English %Z TC 11 %Z WG 11.2 %2 https://hal.science/hal-02294596/document %2 https://hal.science/hal-02294596/file/484602_1_En_13_Chapter.pdf %L hal-02294596 %U https://hal.science/hal-02294596 %~ IFIP-LNCS %~ IFIP %~ IFIP-TC %~ IFIP-TC11 %~ IFIP-WISTP %~ IFIP-WG11-2 %~ IFIP-LNCS-11469