Threat Level Analysis of Bitcoin Address Based on v3 Onion Domain Name
Bitcoin can be exchanged without revealing the user's identity,making it the main way for criminals to engage in illegal activities on the dark Web.To track illegal Bitcoin transactions,traditional methods use the pseudo anonymity of Bitcoin to perform heuristic address clustering on the entire blockchain,without fully utilizing the information of Bitcoin addresses on the dark Web.In 2021,Tor officially launched the v3 onion domain name,making the previous v2 onion domain name data no longer a basis for analysis.In response to this challenge,an integrated analysis framework called threat-level analysis framework for Bitcoin addresses based on v3 onion domain names TLAFDB is proposed.This framework enables the assessment of the threat level associated with Bitcoin addresses using v3 onion domain names.Information collection module uses overseas servers to solve regional restrictions and sets socks5h agents to support the operation of dark Web crawlers.It crawls through the dark web using onion seed addresses to collect the latest v3 onion domain name data.Information cleaning module uses regular expressions that can simultaneously cover Base58 and Bech32 encoding to extract Bitcoin addresses from the v3 onion domain name webpage,through the blockchain search engine,Blockchain.com,Bitcoin addresses with real transactions are filtered and their association with the v3 onion domain name is established.Information analysis module uses a combination of manual analysis and keyword matching to classify v3 onion domain names,assign their associated Bitcoin address categories and popularity,and determine the degree of threat.The experimental results show that TLAFDB can collect 23627 v3 onion domain web pages,as well as extract and analyze the categories,popularity,and threat levels of 1141 Bitcoin addresses with real transactions.In dark web,the same Bitcoin address often appears on numerous mirrored onion domain web pages,with over 95%of Bitcoin addresses being maliciously used,and the Ponzi scheme accounts for 99%of the total transaction volume of high-risk Bitcoin addresses.
dark Webcrawlerv3 onion domain nameBitcoin addressclassification
国家科技期刊平台
NSTL
万方数据
