Next Article in Journal
Active Gate Drive Based on Negative Feedback for SiC MOSFETs to Suppress Crosstalk Parasitic Oscillation and Avoid Decreased Efficiency
Previous Article in Journal
Suppression of STI-Induced Asymmetric Stress in FinFET by CESL Stressor
Previous Article in Special Issue
Efficient Post-Quantum Cryptography Algorithms for Auto-Enrollment in Public Key Infrastructure
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 14
Issue 11
10.3390/electronics14112101
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Anonymous Networking Detection in Cryptocurrency Using Network Fingerprinting and Machine Learning †

by
Amanul Islam
*,
Nazmus Sakib
,
Kelei Zhang
,
Simeon Wuthier
and
Sang-Yoon Chang
*
Department of Computer Science, University of Colorado Colorado Springs, Colorado Springs, CO 80918, USA
*
Authors to whom correspondence should be addressed.
This paper is extended of the conference Islam, A.; Sakib, N.; Zhang, K.; Wuthier, S.; Chang, S. Y. Network fingerprinting using machine learning for anonymous networking detection in cryptocurrency. In Proceedings of the IEEE Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 10–13 January 2025.
Electronics 2025, 14(11), 2101; https://doi.org/10.3390/electronics14112101
Submission received: 17 April 2025 / Revised: 14 May 2025 / Accepted: 20 May 2025 / Published: 22 May 2025
(This article belongs to the Special Issue Cryptography and Computer Security)
Browse Figures
Review Reports Versions Notes

Abstract

:
Cryptocurrency such as Bitcoin supports anonymous routing (Tor and I2P) due to the application requirements of anonymity and censorship resistance. In permissionless and open networking for cryptocurrency, an adversary can spoof to pretend to use Tor or I2P for anonymity and privacy protection, while, in reality, it is not using anonymous routing and is forwarding its networking directly to the destination peer to reduce networking overheads. Using profile detection based on deterministic features to detect anonymous routing and false claims is vulnerable to spoofing, especially in permissionless cryptocurrency bypassing registration control. We thus designed and built a method of network fingerprinting, using networking behaviors to detect and classify networking types. We built a network sensor to collect data on an active Bitcoin node connected to the Mainnet and applied supervised machine learning to identify whether a peer node was using IP (direct forwarding without the relays for anonymity protection), Tor, or I2P. Our results show that our scheme is effective in accurately detecting networking types and identifying spoofing attempts through supervised machine learning. We tested our scheme using multiple supervised learning models, specifically CatBoost, Random Forest, and HistGradientBoosting. CatBoost and Random Forest performed best and had comparable accuracy performance in effectively detecting false claims, i.e., they classified the networking types and detected fake claims of Tor usage with 93% accuracy and false claims of I2P with 94% accuracy in permissionless Bitcoin. However, CatBoost-based detection was significantly quicker than Random Forest and HistGradientBoosting in real-time testing and detection.

1. Introduction

Cryptocurrencies like Bitcoin have revolutionized the financial landscape by generating digital currencies and processing financial transactions in a distributed and decentralized manner without the traditional centralized banking systems. Such cryptocurrency invention and development have been motivated by anonymity and the ability to bypass censorship and regulation by the centralized system. To ensure application-layer anonymity, cryptocurrency users generate and sign their own public keys to create a pseudonym account ID without needing registration. However, the anonymity provided at Bitcoin’s application layer is compromised by its network layer, as anyone can potentially link network-layer IP addresses to Bitcoin users’ real-world identities. To address this, Bitcoin adopts and supports the anonymous routing of Tor, I2P, and CJDNS in the underlying P2P network. (Even though CJDNS is supported by the default Bitcoin Core software, our Bitcoin prototype connected to the Mainnet observed no peers participating and zero networking via CJDNS from May 2023 to April 2024. Because Bitcoin networking practice currently does not use CJDNS anonymous routing, our paper focuses on non-anonymous routing vs. Tor vs. I2P.)
While anonymous routing protects anonymity (required by financial transactions at the Bitcoin application layer), adversaries can falsify and spoof their routing type, thereby undermining the trustworthiness of network interactions. The integrity of cryptocurrency networks can be compromised as adversaries can manipulate their routing types to forgo the overheads of anonymous routing, which are the inherent-by-design additions of routing relay nodes and have performance/latency costs associated with them. Additionally, the security of these networks can be jeopardized as spoofing attacks can deceive the traditional methods used for identifying the networking type of peer nodes. Profile detection approaches such as those using the deterministic features of anonymous routing are vulnerable to an adversary spoofing its anonymous-routing type, which is particularly easy and of high risk in permissionless cryptocurrency environments (no registration control).
In response to these challenges, our research proposes a novel approach to network fingerprinting using network sensing and machine learning. Instead of relying on spoofing-vulnerable deterministic features or IP address-based identification, we detect and distinguish between networking types using non-anonymous routing, Tor, or I2P using networking behaviors. Our work therefore promotes anonymity, which is important in cryptocurrency, as described in Section 3.1, by detecting profile spoofing and ensuring anonymous networking use.
In addition to processing data to detect and classify anonymous routing types, we implemented an active Bitcoin node connected to the Mainnet using various routing protocols, including non-anonymous IP, Tor, I2P, and CJDNS, to collect diverse networking traffic data. We collected both networking data (from the Connection Manager and the backend Address Manager) and consensus data to adopt a systems approach for training our machine learning model. This data-driven approach distinguishes our work from most prior studies, which primarily focused on blockchain ledger data.
The rest of this paper is organized as follows. Section 2 provides an overview of the related literature and highlights the research gap. Section 3 presents the research background, including cryptocurrency for anonymity and anonymous routing. Section 4 discusses the motivation regarding spoofing threats against profile detection. Section 5 presents the prototype implementation and data collection. Section 6 presents the network fingerprinting using machine learning along with a machine learning model description. Section 7 discusses the machine learning primer, implementation, empirical analyses, feature engineering, confusion matrix, and performance metrics. Finally, Section 9 summarizes the findings, outlines the limitations, and suggests future research directions in the field of network fingerprinting for anonymous networking detection in cryptocurrency.

2. Related Work

2.1. Data Analysis and Machine Learning in Cryptocurrency and Blockchain

Machine learning techniques have been widely applied to enhance the security and privacy of cryptocurrency and blockchain systems. In this section, we discuss the relevant literature regarding the use of machine learning for network connectivity estimation and anomaly detection in blockchain networks. Martin et al. [1] and Kim et al. [2] proposed machine learning-based approaches for anomaly detection in blockchain networks. Kim et al. [3] used machine learning to estimate networking connectivity health without relying on identities, which are easily spoofable in permissionless cryptocurrency. Patel et al. [4] applied graph neural networks for anomaly detection in blockchain transaction graphs, while Zhou et al. [5] evaluated ML-based methods for vulnerability detection in smart contracts, particularly for blockchain IoT contexts. However, these works focused on the IP protocol without Tor or I2P (no anonymity protection). In contrast, our research specifically targets the analysis of anonymous routing, including a comparison with non-anonymous routing.
Other previous research analyzed networking data without machine learning. Sakib et al. [6] analyzed networking performances using anonymous routing of Tor and I2P and compared this with skipping anonymous routing and showed that the networking overheads can be significant, resulting in partitioning. Fan et al. [7] and Hong et al. [8] analyzed networking behaviors without using identity information (as it can be easily manipulated in permissionless cryptocurrency environments) for robust anomaly detection and connectivity estimation. Biryukov et al. [9] revealed how anonymity systems like Tor could be exploited to deanonymize Bitcoin users, while Koshy et al. [10] conducted a network-level analysis of Bitcoin clients, highlighting vulnerabilities in P2P communications. These previous studies are related to this paper, as our research also analyzes networking data. However, these works did not detect or classify networking types and differ from our work in the research objective. To the best of our knowledge, our work is the first to classify networking types to detect anonymous routing. This new approach helps us better understand how peers behave and makes networks more secure in open, decentralized blockchain systems.

2.2. Anonymous Routing Detection Beyond Cryptocurrency

Network traffic analysis of anonymous routing protocols has been practiced since as early as 2001 [11], not long after the invention of packet sniffing. Even today, the detection of anonymous routing remains an active field of research, especially for those working in security monitoring and law enforcement agencies. The most commonly targeted protocols are Tor and I2P.
A fundamental method for detecting anonymous routing is traffic analysis, which is widely used. In this method, an attacker detects the use of anonymous routing from regular network traffic by analyzing a combination of timing and packet size features [12,13,14,15,16,17]. Because timing and packet size reveal enough information for attackers to perform fingerprinting attacks, researchers have obfuscated the anonymous traffic to make these features less effective, leading to the development of counter-obfuscation detection techniques [18,19,20]. While I2P and Tor differ in terms of traffic flow, i.e., Tor is bidirectional and I2P is unidirectional, the detection of I2P traffic still utilizes a similar combination of time and packet size features [21,22,23,24]. The difference is that I2P traffic is split, and calculating the weight can be more challenging because the incoming packets may originate from different destinations. While previous works have proven that machine learning can detect anonymous routing traffic, we used machine learning to detect whether a Bitcoin peer sent its traffic over Tor or I2P networks. Because there was no publicly available dataset appropriate for our research goal, we collected data from our Bitcoin node connected to the real-world Mainnet to train the model.

2.3. Spoofing in Permissionless Networks

Spoofing attacks in permissionless networks present a significant challenge to maintaining security and anonymity. In decentralized networks like cryptocurrency, adversaries can pretend to be nodes, falsify routing identities, and manipulate network behavior to avoid detection.
One of the primary spoofing threats in cryptocurrency networks involves routing obscuration, where adversaries falsely claim to use anonymous routing protocols like Tor or I2P while forwarding traffic directly over non-anonymous IP-based connections. Such attacks can undermine privacy protections by allowing adversaries to avoid the extra routing steps through relays while appearing anonymous. Traditional detection methods that rely on IP addresses and deterministic network features are easily fooled by such deceptive tactics [25,26,27]. Recent advancements in network fingerprinting have improved the ability to detect spoofing attempts. Techniques such as deep learning classifiers can distinguish between genuine anonymous traffic and falsified claims [28,29,30].
While previous works depend on unsupervised learning, our approach leverages behavioral network fingerprinting to detect spoofing attacks dynamically using supervised learning. We utilize supervised machine learning for real-time traffic patterns and classify networking types based on their unique networking behaviors instead of depending on predefined characteristics that adversaries can easily manipulate.

3. Background

3.1. Cryptocurrency for Anonymity

Cryptocurrencies, inspired by the cypherpunk movement’s vision, were designed to ensure anonymity and avoid censorship. These digital currencies operate on a decentralized blockchain system, eliminating the need for a central authority. This setup allows anyone to participate anonymously (e.g., users can join the network, validate transactions, or mine new blocks without needing to register or disclose their identity). Users create and use unique digital signatures that generate pseudonymous accounts, unlinking their transaction activities from real-world identities. This permissionless design is different from other blockchains that require user registration and identity checks. Moreover, Satoshi Nakamoto, the creator of Bitcoin [31], encourages users to change their transaction addresses for anonymity purposes frequently. Furthermore, to enhance this anonymity, Bitcoin supports connections through anonymous routing protocols such as Tor, I2P, and CJDNS, allowing users to obfuscate their online activities and protect their identities from being linked to their real-world identities.

3.2. Anonymous Routing

Anonymous routing is designed to protect users’ identities and online activities from surveillance and tracking by applying multiple layers of encryption to internet traffic and routing it through various relay nodes. Well-known anonymous routing applications include Tor and I2P.
When a user initiates a Tor session, the Tor client software constructs a circuit, a path through the Tor network, by randomly selecting and negotiating connections with a series of relays. As the traffic is routed through this circuit, each relay only knows the identity of the relay immediately preceding it and the relay immediately following it, but not the entire path. In addition to using multiple relay nodes, the client software adds multiple layers of encryption to the traffic, such that only the final node is aware of the destination [32]. Together, they ensure the anonymity of the user. People can use Tor as a proxy to visit public websites, as well as hidden services that are only accessible on the Tor network.
I2P uses a similar path scheme but applies it differently from Tor. Instead of using a single path (circuit) for traffic to a destination, I2P uses two separate paths (tunnels): one for outgoing traffic and another for incoming traffic [33]. This approach enhances anonymity since each path involves multiple relay nodes, but it simultaneously reduces performance. Unlike Tor, I2P cannot be used as a proxy to visit public websites because it does not allow traffic to exit its network.

4. Motivation: Spoofing Threat Against Profile Detection

Profile detection based on deterministic feature analysis finds and compares network traffic features against known signatures. Signatures of traffic direction and pattern, as shown in Table 1, can be used to distinguish Tor and I2P traffic from non-anonymous traffic [21,22,23].
IP addresses can also be used to detect if the traffic relates to Tor because there are commonly known Tor relay nodes, which are P2P nodes volunteering to serve in the Tor network as relays. These Tor relay nodes are known through the public consensus directory, which can be downloaded by any node (typically those using the Tor service).
IP spoofing involves manipulating the IP address in packet headers to disguise the sender’s true identity or location, while profile spoofing involves creating a fake online profile or identity that mimics a real person’s or entity’s profile. Profile spoofing also uses IP spoofing to help hide who is really behind the fake profile.
However, such profile detection and deterministic feature analysis is not effective against an attacker capable of profile spoofing. An attacker can fabricate the networking to match the known deterministic features of Tor and I2P traffic to trigger the false positives (detected as Tor/I2P while it is not), which threat has been studied as early as 2001 by Patton et al. [39]. Spoofing in our paper therefore refers to profile spoofing, in which an attacker deceives the victim by mimicking others’ actions, habits, etc. For example, an attacker spoofs Tor traffic, causing the firewall identifier to generate a false-positive alert, indicating that it is Tor traffic when, in reality, it consists of meaningless content. This is different from, and often more sophisticated than, IP spoofing, where an attacker pretends to be another node based on its identity.

5. Bitcoin Prototype Implementation and Mainnet Data Collection

We implemented an active Bitcoin node prototype connected to the Mainnet. In our implementation, the peer node connections varied from 0 to 10, and we collected the data for individual peer connections. We collected networking traffic data utilizing a range of routing protocols that are supported by the Bitcoin Core, including non-anonymous IP, Tor, I2P, and CJDNS. Our data collection included both networking data (i.e., from the Connection Manager and the backend Address Manager) and consensus data, which we utilized to train the machine learning model. This comprehensive data collection process was designed to support our research objectives of detecting anonymous routing and classifying the networking types of peer nodes. Furthermore, unlike many previous studies that focused primarily on blockchain ledger data that can be downloaded [40,41,42], we sensed and collected real-time networking traffic data. Figure 1 illustrates the various logical components from which our Bitcoin node logged and collected data to provide a clear view of our data-driven approach.
To classify peer nodes based on their networking behaviors, we collected and analyzed network traffic data generated during interactions of nodes once the connection socket was established, as shown on the left in Figure 1 using the blue bidirectional arrow showing the connection to the Bitcoin Mainnet. We used Bitcoin Core v0.26.0 with the default settings to collect the network traffic data. The data were measured with respect to each individual peer connection, logging the packet-level information, including the bytes sent, the message type, and the timestamp of each packet. Thus, our data collection process captured the dynamic behaviors of peer nodes during network interactions. The collected data were further fed to a supervised machine learning model, as shown on the right in Figure 1, which detected and classified the networking types. We implemented the different routing types (IPv4, Tor, and I2P) and injected that traffic ourselves; therefore, we had the ground truth for each sample. Since our Bitcoin node was manually configured to use a specific routing method for each connection, we knew exactly which type of network (IPv4, Tor, and I2P) was used.
Our Bitcoin prototypes observed and sensed the real-world IP (non-anonymous), Tor, and I2P networking simultaneously from June 2023 to August 2023. The virtual machines were hosted within the same physical machine so that they sensed and collected the networking data from the same place in the networking topology. The dataset consisted of 35,080 labeled peer connection samples, collected from our Bitcoin prototype running on the Mainnet. The node was configured to accept connections using IPv4, Tor, and I2P protocols. We split the dataset into 70% training, 15% validation, and 15% testing. The validation set was used for hyperparameter tuning, while the test set was used for performance reporting.

6. Network Fingerprinting Using Machine Learning

In our research, we tackled the challenge of classifying networking types of cryptocurrency peer nodes, specifically focusing on distinguishing between non-anonymous routing, Tor (The Onion Router), and I2P (Invisible Internet Project). Cryptocurrencies like Bitcoin rely on anonymous routing protocols such as Tor and I2P to ensure privacy and censorship resistance. However, adversaries may attempt to deceive network monitoring systems by spoofing their routing type, posing a threat to the integrity of the network.
To address this issue, we propose a novel approach that leverages networking behaviors rather than deterministic features or IP addresses for identification. Traditional methods relying on deterministic features are vulnerable to spoofing attacks, making them unreliable for accurate classification. Instead, we utilize machine learning techniques to analyze the dynamic behaviors exhibited by peer nodes during network interactions.
Our approach involves the application of supervised machine learning algorithms to classify peer nodes based on their networking behaviors. By training our models on labeled datasets that capture the distinct characteristics of non-anonymous routing, Tor, and I2P, we enabled them to learn and recognize patterns indicative of each networking type. This enabled us to differentiate between legitimate anonymous routing and potential spoofing attempts effectively.

6.1. Machine Learning Model

We used supervised learning. Supervised learning was suitable for our work as it aligned with the nature of our problem, which involved classifying networking types in cryptocurrency networks based on observed behaviors. By providing the model with labeled examples of network data and their corresponding networking types (such as Tor, I2P, or non-anonymous routing), we could train it to distinguish between different classes and generalize its classifications to new data.
Our work used the CatBoost, Random Forest, and HistGradientBoosting classifiers, all supervised learning models, due to their effectiveness and efficacy in handling our specific dataset characteristics and problem domain. For instance, the CatBoost, Random Forest, and HistGradientBoosting classifiers were well-suited for our work due to their ability to handle NaN (missing) values, which were present in our data. Additionally, our work uses gradient-boosting techniques to sequentially improve tde performance of decision trees, resulting in effective classification and efficient training. By leveraging this model, we could effectively address the challenges of classifying networking types in cryptocurrency networks and achieve accurate and reliable classifications.

6.2. Overfitting Prevention Strategies

To address concerns about overfitting, particularly given the moderate dataset size and limited number of features, we employed several techniques to ensure generalization and model stability. First, we applied stratified 5-fold cross-validation to maintain class distribution across folds and provide a more reliable evaluation of the model’s performance. Additionally, we performed hyperparameter tuning using grid search for tree-based models such as CatBoost and HistGradientBoosting, including adjustments to L2 regularization strength and learning rate to penalize overly complex models. Furthermore, we incorporated early stopping during training to monitor validation loss and halt training when performance no longer improved, effectively preventing overfitting to the training data. These measures collectively enhanced our model’s ability to generalize unseen data while preserving high accuracy.

7. Empirical Analyses

We present the empirical analyses conducted to evaluate the effectiveness and performance of our networking fingerprinting approach using machine learning in a cryptocurrency network. The empirical analyses were structured to assess various aspects of our proposed solution, including classification accuracy, detection capabilities, and scalability.

7.1. Feature Engineering and Significance

Feature engineering/significance feature engineering plays a crucial role in the effectiveness of machine learning models for networking fingerprinting in cryptocurrency networks. The selection of informative features directly influences a model’s ability to distinguish between different networking types, ultimately impacting its performance metrics. This analysis identified several key features that were important for our classification, shown in Figure 2. These included the Average Ping RTT, Uplink Bandwidth, Downlink Bandwidth, CPU Utilization, and Memory Utilization. These selected features collectively contributed to the robustness and effectiveness of the machine learning model for networking fingerprinting in cryptocurrency networks. By leveraging these informative features, the model demonstrated high accuracy, precision, recall, and F1-score in classifying networking types, thereby enabling improved network analysis and security measures within the cryptocurrency ecosystem. Within these five features, Memory Utilization played a significant role as without using this feature, the accuracy performance was greatly degraded. The reason for this was that Tor and I2P networks require more memory for encrypted communication and routing through relays. We also tested other features to compare the accuracy with these five features, such as the Average Number of Blocks Behind, Redundant Transactions Rate, and Number of Peers with Blockchain Out-of-Date. Nevertheless, those features could not improve our model accuracy performance as the value of these features was zero, which meant that there was no information in these features. Other features, such as the number of Tor peer connections and I2P connections, we skipped in the experiment as these features were not trustworthy, and skipping these features also increased the performance of our model. Although Memory Utilization appeared to be the least significant among the five top features, ablation testing revealed that removing it caused the largest drop in model accuracy: 81% for IPv4, 84% for Tor, and 89% for I2P. This indicated that while it ranked low in individual importance, it contributed unique information not captured by other features, making it a crucial combination.

7.2. Comparison of Confusion Matrices: CatBoost vs. Random Forest vs. HistGradientBoosting

The comparison of the confusion matrices shown in Figure 3a–c for the CatBoost, Random Forest, and HistGradientBoosting classifiers revealed significant differences in their classification performance for I2P, IPv4, and Tor networks. CatBoost demonstrated a slight advantage in classifying I2P networks, correctly identifying 10,855 instances, compared to 10,815 for Random Forest and 10,367 for HistGradientBoosting. CatBoost misclassified fewer I2P instances as IPv4 or Tor. However, Random Forest performed better in classifying IPv4 and Tor networks, correctly classifying 10,502 IPv4 instances compared to 10,468 for CatBoost and 10,048 for HistGradientBoosting. Similarly, for Tor classification, Random Forest correctly identified 10,522 instances, compared to 10,486 for CatBoost and 10,183 for HistGradientBoosting.
When examining misclassification patterns, CatBoost showed fewer misclassifications for I2P, while Random Forest and HistGradientBoosting showed slightly lower misclassification rates for IPv4 and Tor. For example, CatBoost misclassified 348 I2P instances as IPv4, compared to 360 for Random Forest and 1032 for HistGradientBoosting. Similarly, CatBoost misclassified 478 I2P instances as Tor, compared to 506 for Random Forest and 282 for HistGradientBoosting, showing CatBoost’s better handling of I2P traffic. Conversely, Random Forest showed fewer misclassifications of Tor as I2P (609 vs. 657 for CatBoost and 594 for HistGradientBoosting) and fewer IPv4 to Tor misclassifications (726 vs. 770 for CatBoost and 649 for HistGradientBoosting).
Overall, the model demonstrated strong performance, correctly classifying the majority of the 35,080 samples across I2P, IPv4, and Tor networks. Out of these, only 3271 instances were misclassified by CatBoost, while 3241 were misclassified by Random Forest model and HistGradientBoosting misclassified 4482.

7.3. Accuracy and F-1 Performance Analyses

The performance metrics provided important information about how effective the classification model was in distinguishing between I2P, IPv4, and Tor networks operating in cryptocurrency for network fingerprinting. Without our scheme, the peer node was vulnerable against profile spoofing and would have 0% accuracy against profile spoofing threats.
In Figure 4, the horizontal axis represents the networking types such as IPv4, Tor, and I2P, whereas the vertical axis denotes the classification accuracy. The CatBoost classifier, shown in blue, achieved the highest accuracy across all network types, with 0.9474 for I2P, 0.9367 for IPv4, and 0.9294 for Tor. In comparison, the Random Forest classifier, shown in green, achieved slightly better accuracy with 0.9387 for IPv4 and 0.9308 for Tor but fell slightly to 0.9457 for I2P compared to CatBoost. The HistGradientBoosting classifier, shown in purple, demonstrated the lowest accuracy across all network types, with its highest accuracy at 0.9199 for Tor. While the differences were small compared to CatBoost and Random Forest, Random Forest performed better for IPv4 and Tor, whereas CatBoost was quite good at classifying I2P traffic.
Table 2 provides a deeper breakdown of precision, recall, and F1-score. The precision values indicated how well each model minimized false positives, with Catboost ranging from 0.8936 to 0.9143 and Random Forest from 0.8952 to 0.9155. The HistGradientBoosting classifier exhibited lower precision values, with a range from 0.8647 to 0.9165, performing best on Tor traffic. Similarly, the recall values highlighted each model’s ability to correctly identify instances of each network type, where CatBoost achieved up to 0.9293 recall for I2P, compared to 0.9259 for Random Forest. HistGradientBoosting showed a lower recall, where it scored 0.8720, indicating a higher rate of missed detections in this network type.
The F1-score, which balanced precision and recall, remained consistently high across both models, exceeding 0.89 for all networking types. CatBoost achieved its best F1-score (0.9217) for I2P, showing its strength in classifying this network type. In contrast, HistGradientBoosting demonstrated a lower F1-score of 0.8730 for I2P, reflecting its comparatively weaker classification capability for this network type.
Overall, these performance metrics underscore the robustness of the CatBoost and Random Forest classifiers in accurately distinguishing between networking types within cryptocurrency networks. CatBoost outperformed random Forest in I2P classification by a margin of 0.17% in accuracy and 0.34% in recall, demonstrating its superior ability to identify I2P traffic patterns. Conversely, Random Forest performed better for IPv4 and Tor, with an accuracy advantage of 0.2% for IPv4 and 0.14% for Tor. Meanwhile, HistGradientBoosting lagged behind in overall performance, particularly in I2P classification, where it recorded the lowest accuracy and recall values. These differences, though small, suggest that CatBoost is better suited for applications requiring precise I2P detection, Random Forest is preferable for distinguishing IPv4 and Tor traffic, and HistGradientBoosting may not be a good choice for distinguishing between these network types. These findings show the importance of selecting a classification model based on the specific network types that need to be prioritized for accurate detection and monitoring.

7.4. Time Overhead Performance Analysis

While both the CatBoost and Random Forest classifiers achieved comparable accuracy in detecting network types, computational efficiency was an important factor in selecting the model with the best performance. Training and testing speed is particularly important in permissionless networks where rapid classification is necessary to counter spoofing attempts.
Our experimental results are shown in Figure 5, where the horizontal axis represents two categories, “Training” and “Testing”; the vertical axis denotes the time in seconds, and the testing times are scaled for better visibility. The dotted area with the blue border demonstrates the CatBoost classifier, while the diagonal striped area with the orange border focuses on the Random Forest classifier. HistGradientBoosting is represented by a green crosshatch pattern. Error bars at the top of each bar indicate confidence intervals. The length of the error bars shows the range within which the actual time values were expected to fall, providing a visual representation of data reliability.
Our experimental results show that CatBoost required the longest training time, with a mean of 355.19 s and a confidence interval (CI) of ± 8.67 s. In contrast, Random Forest completed training in 241.65 s (CI = ± 1.80 s), demonstrating a significantly lower computational cost. HistGradientBoosting, however, was the most efficient in training, requiring only 6.12 s (CI = ± 0.98 s), making it highly advantageous in resource-constrained environments.
In terms of testing speed, CatBoost significantly outperformed Random Forest, achieving a mean testing time of 0.80 s (CI = ± 0.19 s), whereas Random Forest required 4.07 s (CI = ± 0.11 s). This suggests that CatBoost is more suitable for real-world classification due to its strengthened decision tree structure. HistGradientBoosting maintained a lower testing time of 1.05 s (CI = ± 0.05 s), making it an efficient alternative for fast predictions. Since all three models yielded high accuracy, the selection of the best model depends on computational efficiency. CatBoost is preferable for real-time classification due to its superior testing speed, while Random Forest offers a balance between training time and accuracy. HistGradientBoosting is the best choice for scenarios requiring minimal training times with relatively fast predictions.

7.5. ROC–AUC Analysis Across Classifiers

Figure 6 presents the Receiver Operating Characteristic (ROC) curves for classifying the three routing types (IPv4, Tor, and I2P) using the CatBoost, Random Forest, and HistGradientBoosting classifiers. Interestingly, the ROC curves for all three classifiers are nearly identical, showing minimal visual or performance difference. Each model achieved a high true positive rate with a low false positive rate across all thresholds, indicating strong classification capability. The Area Under the Curve (AUC) values were consistently high across all routing types: 0.99 for I2P and 0.98 for both IPv4 and Tor. This consistency suggests that the classification results were not only accurate but also robust across different machine learning models. It also highlights the effectiveness of the selected behavioral features, which enabled the reliable detection of spoofed anonymous routing behaviors regardless of the specific model used. The dashed diagonal line represents the performance of a random classifier (AUC = 0.5), which serves as a baseline; all three models significantly outperform this, indicating effective and meaningful classification.

7.6. Bitcoin Application Implications

Bitcoin provides a degree of application layer anonymity to its users as it utilizes pseudonyms that do not directly reveal its users’ real-world identities. However, Bitcoin’s application layer anonymity is compromised by its lack of network layer anonymity, as anyone can potentially link network layer IP addresses to Bitcoin users’ real-world identities. Hence, Bitcoin users often use anonymous routing protocols like Tor, I2P, and CJDNS, which encrypt internet traffic and route it through multiple relays to obscure users’ IP addresses and enhance privacy. However, the integrity of anonymous routing can be undermined by adversaries, who can falsify their routing type. For instance, a Bitcoin peer node might claim to be using Tor, when it really uses a non-anonymous IP route. Moreover, traditional methods for identifying the network types of Bitcoin nodes often rely on deterministic features or IP addresses, which can be spoofed, leading to inaccurate classifications.
In response to these challenges, in this work, we introduced a machine learning-based approach to network fingerprinting that analyzes the dynamic behaviors of network traffic from Bitcoin nodes. Our findings demonstrate that our ML model can accurately identify the networking types of Bitcoin peer nodes with high precision. For example, it accurately identifies fake claims of Tor usage by nodes employing an IP-based route with 93% accuracy and false claims of I2P usage with 94% accuracy, as detailed in Section 7.3.
Thus, the capability of our ML model enhances the security and integrity of Bitcoin applications by providing reliable networking type detection and counteracts spoofing attempts. By accurately identifying the network types in use, our ML model helps maintain the essential anonymity and censorship resistance that Bitcoin aims to provide.

8. Discussion and Future Direction

While our current work demonstrates strong detection accuracy and model comparisons using data collected from a single Bitcoin node, we acknowledge that further validation under more diverse conditions can strengthen the generalization of our findings.
We do not anticipate the insights to change, e.g., the comparison across the ML models. Our scheme implementation builds on unmodified Bitcoin implementation in active functionalities; the additions were for passive mechanisms for sensing, monitoring, and processing data. However, the values, e.g., performances, may vary, and generalization validation can be helpful.
Additionally, although CJDNS is therorically supported in Bitcoin Core, we observed no active peers using this protocol during our observation period. As a result, CJDNS traffic could not be included in our dataset. In the future, we plan to simulate and collect real CJDNS-based peer connections to futhur expand the scope of anonymous routing analysis.

9. Conclusions

We used supervised machine learning for network fingerprinting in cryptocurrency systems to detect anonymous routing and defend against faking anonymous routing (e.g., profile spoofing to pretend to use anonymous routing). Our research included active Bitcoin implementation, sensing, and experimentation, showing that our approach is practical and provides real-world validation. Using machine learning to classify peer connections between Tor, I2P, or non-anonymous routing groups, our scheme effectively detected fake Tor usage with 93% accuracy and fake I2P usage with 94% accuracy. While CatBoost and Random Forest achieved similar accuracy, CatBoost took an average of 0.80 s for testing, compared to 4.07 s for Random Forest and 1.05 s for HistGradientBoosting, making CatBoost the best choice for real-time classification.

Author Contributions

Conceptualization, A.I. and S.-Y.C.; Methodology, A.I. and S.-Y.C.; Validation and Software, S.W.; Writing—Original Draft Preparation, A.I.; Review and Editing, N.S., K.Z. and S.-Y.C.; Supervision and Funding, S.-Y.C. All authors have read and agreed to the published version of the manuscript.

Funding

This material is based upon work supported by the National Science Foundation under Grant No. 1922410.

Data Availability Statement

Data will be made available upon request.

Acknowledgments

This paper builds on but significantly advances and extends the previous conference paper [43]. More specifically, the method described in this paper has greater classification accuracy and can thus better defend against networking-type spoofing. This was achieved by using different ML models and greater features. While the conference paper only used the HistGradientBoosting classifier, in this study, we also tested CatBoost and Random Forest. We make a final recommendation for CatBoost based on accuracy and the testing overhead.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Martin, K.; Rahouti, M.; Ayyash, M.; Alsmadi, I. Anomaly detection in blockchain using network representation and machine learning. Secur. Priv. 2022, 5, e192. [Google Scholar] [CrossRef]
  2. Kim, J.; Nakashima, M.; Fan, W.; Wuthier, S.; Zhou, X.; Kim, I.; Chang, S.Y. A machine learning approach to anomaly detection based on traffic monitoring for secure blockchain networking. IEEE Trans. Netw. Serv. Manag. 2022, 19, 3619–3632. [Google Scholar] [CrossRef]
  3. Kim, J.; Nakashima, M.; Fan, W.; Wuthier, S.; Zhou, X.; Kim, I.; Chang, S.Y. A machine learning approach to peer connectivity estimation for reliable blockchain networking. In Proceedings of the 2021 IEEE 46th Conference on Local Computer Networks (LCN), Edmonton, AB, Canada, 4–7 October 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 319–322. [Google Scholar]
  4. Patel, V.; Rajasegarar, S.; Pan, L.; Liu, J.; Zhu, L. EvAnGCN: Evolving graph deep neural network based anomaly detection in blockchain. In Advanced Data Mining and Applications, Proceedings of the 18th International Conference, ADMA 2022, Brisbane, QLD, Australia, 28–30 November 2022; Springer: Cham, Switzerland, 2022; pp. 444–456. [Google Scholar]
  5. Zhou, Q.; Zheng, K.; Zhang, K.; Hou, L.; Wang, X. Vulnerability analysis of smart contract for blockchain-based IoT applications: A machine learning approach. IEEE Internet Things J. 2022, 9, 24695–24707. [Google Scholar] [CrossRef]
  6. Sakib, N.; Wuthier, S.; Zhang, K.; Zhou, X.; Chang, S.Y. From slow propagation to partition: Analyzing bitcoin over anonymous routing. In Proceedings of the 2024 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), Copenhagen, Denmark, 19–22 August 2024; IEEE: Piscataway, NJ, USA, 2024; pp. 377–385. [Google Scholar]
  7. Fan, W.; Hong, H.J.; Kim, J.; Wuthier, S.; Nakashima, M.; Zhou, X.; Chow, C.H.; Chang, S.Y. Lightweight and identifier-oblivious engine for cryptocurrency networking anomaly detection. IEEE Trans. Dependable Secur. Comput. 2022, 20, 1302–1318. [Google Scholar] [CrossRef]
  8. Hong, H.J.; Fan, W.; Wuthier, S.; Kim, J.; Chow, C.E.; Zhou, X.; Chang, S.Y. Robust P2P networking connectivity estimation engine for permissionless Bitcoin cryptocurrency. Comput. Netw. 2022, 219, 109436. [Google Scholar] [CrossRef]
  9. Biryukov, A.; Khovratovich, D.; Pustogarov, I. Deanonymisation of clients in Bitcoin P2P network. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, 3–7 November 2014; pp. 15–29. [Google Scholar]
  10. Koshy, P.; Koshy, D.; McDaniel, P. An analysis of anonymity in bitcoin using p2p network traffic. In Financial Cryptography and Data Security, Proceedings of the 18th International Conference, FC 2014, Christ Church, Barbados, 3–7 March 2014; Revised Selected Papers 18; Springer: Berlin/Heidelberg, Germany, 2014; pp. 469–485. [Google Scholar]
  11. Raymond, J.F. Traffic analysis: Protocols, attacks, design issues, and open problems. In Designing Privacy Enhancing Technologies, Proceedings of the International Workshop on Design Issues in Anonymity and Unobservability Berkeley, CA, USA, 25–26 July 2000; Springer: Berlin/Heidelberg, Germany, 2001; pp. 10–29. [Google Scholar]
  12. Cuzzocrea, A.; Martinelli, F.; Mercaldo, F.; Vercelli, G. Tor traffic analysis and detection via machine learning techniques. In Proceedings of the 2017 IEEE International Conference on Big Data (Big Data), Boston, MA, USA, 11–14 December 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 4474–4480. [Google Scholar]
  13. Lashkari, A.H.; Gil, G.D.; Mamun, M.S.I.; Ghorbani, A.A. Characterization of tor traffic using time based features. In Proceedings of the International Conference on Information Systems Security and Privacy, Porto, Portugal, 19–21 February 2017; SciTePress: Setúbal, Portugal, 2017; Volume 2, pp. 253–262. [Google Scholar]
  14. Akshobhya, K. Machine learning for anonymous traffic detection and classification. In Proceedings of the 2021 11th International Conference on Cloud Computing, Data Science & Engineering (Confluence), Noida, India, 28–29 January 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 942–947. [Google Scholar]
  15. Jadav, N.; Dutta, N.; Sarma, H.K.D.; Pricop, E.; Tanwar, S. A machine learning approach to classify network traffic. In Proceedings of the 2021 13th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), Pitesti, Romania, 1–3 July 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1–6. [Google Scholar]
  16. Sarkar, D.; Vinod, P.; Yerima, S.Y. Detection of Tor traffic using deep learning. In Proceedings of the 2020 IEEE/ACS 17th International Conference on Computer Systems and Applications (AICCSA), Antalya, Turkey, 2–5 November 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 1–8. [Google Scholar]
  17. Liu, D.; Park, Y. Anonymous traffic detection based on feature engineering and reinforcement learning. Sensors 2024, 24, 2295. [Google Scholar] [CrossRef] [PubMed]
  18. Yao, Z.; Ge, J.; Wu, Y.; Zhang, X.; Li, Q.; Zhang, L.; Zou, Z. Meek-based tor traffic identification with hidden markov model. In Proceedings of the 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), Exeter, UK, 28–30 June 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 335–340. [Google Scholar]
  19. He, Y.; Hu, L.; Gao, R. Detection of tor traffic hiding under obfs4 protocol based on two-level filtering. In Proceedings of the 2019 2nd International Conference on Data Intelligence and Security (ICDIS), South Padre Island, TX, USA, 28–30 June 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 195–200. [Google Scholar]
  20. Juan, W.; Shimin, C.; Jun, Z.; Bin, H.; Lei, S. Identification of tor anonymous network traffic based on machine learning. In Proceedings of the 2021 18th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP), Chengdu, China, 17–19 December 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 150–153. [Google Scholar]
  21. Shahbar, K.; Zincir-Heywood, A.N. How far can we push flow analysis to identify encrypted anonymity network traffic? In Proceedings of the NOMS 2018—2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, Taiwan, 23–27 April 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 1–6. [Google Scholar]
  22. Cai, Z.; Jiang, B.; Lu, Z.; Liu, J.; Ma, P. IsAnon: Flow-based anonymity network traffic identification using extreme gradient boosting. In Proceedings of the 2019 International Joint Conference on Neural Networks (IJCNN), Budapest, Hungary, 14–19 July 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 1–8. [Google Scholar]
  23. Yin, H.; He, Y. I2P anonymous traffic detection and identification. In Proceedings of the 2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS), Coimbatore, India, 15–16 March 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 157–162. [Google Scholar]
  24. Hu, Y.; Zou, F.; Li, L.; Yi, P. Traffic classification of user behaviors in tor, i2p, zeronet, freenet. In Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China, 29 December 2020–1 January 2021; IEEE: Piscataway, NJ, USA, 2020; pp. 418–424. [Google Scholar]
  25. Sun, Y.; Edmundson, A.; Feamster, N.; Chiang, M.; Mittal, P. Counter-RAPTOR: Safeguarding Tor against active routing attacks. In Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, 22–24 May 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 977–992. [Google Scholar]
  26. Sun, Y.; Edmundson, A.; Vanbever, L.; Li, O.; Rexford, J.; Chiang, M.; Mittal, P. {RAPTOR}: Routing attacks on privacy in tor. In Proceedings of the 24th USENIX Security Symposium (USENIX Security 15), Washington, DC, USA, 12–14 August 2015; pp. 271–286. [Google Scholar]
  27. Apostolaki, M.; Marti, G.; Muller, J.; Vanbever, L. Sabre: Protecting bitcoin against routing attacks. arXiv 2018, arXiv:1808.06254. [Google Scholar]
  28. Bhardwaj, S.; Dave, M. Crypto-preserving investigation framework for deep learning based malware attack detection for network forensics. Wirel. Pers. Commun. 2022, 122, 2701–2722. [Google Scholar] [CrossRef]
  29. Keshk, M.; Turnbull, B.; Moustafa, N.; Vatsalan, D.; Choo, K.K.R. A privacy-preserving-framework-based blockchain and deep learning for protecting smart power networks. IEEE Trans. Ind. Inform. 2019, 16, 5110–5118. [Google Scholar] [CrossRef]
  30. Kumar, R.; Kumar, P.; Tripathi, R.; Gupta, G.P.; Kumar, N.; Hassan, M.M. A privacy-preserving-based secure framework using blockchain-enabled deep-learning in cooperative intelligent transport system. IEEE Trans. Intell. Transp. Syst. 2021, 23, 16492–16503. [Google Scholar] [CrossRef]
  31. Nakamoto, S. Bitcoin: A Peer-to-Peer Electronic Cash System. 2008. Available online: https://bitcoin.org/bitcoin.pdf (accessed on 25 March 2025).
  32. Dingledine, R.; Mathewson, N.; Syverson, P. Tor: The second-generation onion router. In Proceedings of the USENIX Security Symposium, San Diego, CA, USA, 9–13 August 2004; Volume 4, pp. 303–320. [Google Scholar]
  33. I2P Project. The Invisible Internet Project (I2P). Available online: https://geti2p.net/en/about/intro (accessed on 25 March 2025).
  34. Tor Project. Protocol Outline. Available online: https://spec.torproject.org/control-spec/protocol-outline.html?highlight=bidirectional#protocol-outline (accessed on 25 March 2025).
  35. Tor Project. Hidden Services: Overview and Preliminaries. Available online: https://spec.torproject.org/rend-spec/overview.html?highlight=bidirectional#hidden-services-overview-and-preliminaries (accessed on 25 March 2025).
  36. Liu, P.; Wang, L.; Tan, Q.; Li, Q.; Wang, X.; Shi, J. Empirical measurement and analysis of I2P routers. J. Netw. 2014, 9, 2269. [Google Scholar] [CrossRef]
  37. Platzer, F.; Schäfer, M.; Steinebach, M. Critical traffic analysis on the tor network. In Proceedings of the 15th International Conference on Availability, Reliability and Security, Virtual, 25–28 August 2020; pp. 1–10. [Google Scholar]
  38. I2P Project. Hidden Services: Overview and Preliminaries. Available online: https://geti2p.net/en/faq (accessed on 25 March 2025).
  39. Patton, S.; Yurcik, W.; Doss, D. An Achilles’ heel in signature-based IDS: Squealing false positives in SNORT. In Proceedings of the RAID. Citeseer, Davis, CA, USA, 10–12 October 2001; Volume 2001. [Google Scholar]
  40. Sayadi, S.; Rejeb, S.B.; Choukair, Z. Anomaly detection model over blockchain electronic transactions. In Proceedings of the 2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC), Tangier, Morocco, 24–28 June 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 895–900. [Google Scholar]
  41. Di Battista, G.; Di Donato, V.; Patrignani, M.; Pizzonia, M.; Roselli, V.; Tamassia, R. Bitconeview: Visualization of flows in the bitcoin transaction graph. In Proceedings of the 2015 IEEE Symposium on Visualization for Cyber Security (VizSec), Chicago, IL, USA, 26 October 2015; IEEE: Piscataway, NJ, USA, 2015; pp. 1–8. [Google Scholar]
  42. Nan, L.; Tao, D. Bitcoin mixing detection using deep autoencoder. In Proceedings of the 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), Guangzhou, China, 18–21 June 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 280–287. [Google Scholar]
  43. Islam, A.; Sakib, N.; Zhang, K.; Wuthier, S.; Chang, S.Y. Network Fingerprinting Using Machine Learning for Anonymous Networking Detection in Cryptocurrency. In Proceedings of the 2025 IEEE 22nd Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 10–13 January 2025; pp. 1–6. [Google Scholar]
Electronics 14 02101 g001
Figure 1. An overview of our implementation involving an active Bitcoin node connected to the real-world Bitcoin Mainnet. We implemented the network sensor and logger, data collection, and machine-learning processing.
Figure 1. An overview of our implementation involving an active Bitcoin node connected to the real-world Bitcoin Mainnet. We implemented the network sensor and logger, data collection, and machine-learning processing.
Electronics 14 02101 g001
Electronics 14 02101 g002
Figure 2. Important features for our detection classification.
Figure 2. Important features for our detection classification.
Electronics 14 02101 g002
Electronics 14 02101 g003
Figure 3. Comparison of confusion matrices for CatBoost, Random Forest, and HistGradientBoosting classifiers. (a) CatBoost. (b) Random Forest. (c) HistGradientBoosting.
Figure 3. Comparison of confusion matrices for CatBoost, Random Forest, and HistGradientBoosting classifiers. (a) CatBoost. (b) Random Forest. (c) HistGradientBoosting.
Electronics 14 02101 g003
Electronics 14 02101 g004
Figure 4. Accuracy performance of different classifiers.
Figure 4. Accuracy performance of different classifiers.
Electronics 14 02101 g004
Electronics 14 02101 g005
Figure 5. Comparison of training and testing time for different classifiers with confidence intervals.
Figure 5. Comparison of training and testing time for different classifiers with confidence intervals.
Electronics 14 02101 g005
Electronics 14 02101 g006
Figure 6. ROC curves for IPv4, Tor, and I2P classification across CatBoost, Random Forest, and HistGradientBoosting classifiers. The curves are nearly identical, with AUC values ranging from 0.98 to 0.99.
Figure 6. ROC curves for IPv4, Tor, and I2P classification across CatBoost, Random Forest, and HistGradientBoosting classifiers. The curves are nearly identical, with AUC values ranging from 0.98 to 0.99.
Electronics 14 02101 g006
Table 1. Deterministic features for anonymous routing. The regular, non-anonymous IP network does not have the feature constraints or distinguishing deterministic features and is thus omitted. Tor and I2P are built on the IP protocol.
Table 1. Deterministic features for anonymous routing. The regular, non-anonymous IP network does not have the feature constraints or distinguishing deterministic features and is thus omitted. Tor and I2P are built on the IP protocol.
TorI2P
Traffic directionBidirectional [34,35]Unidirectional [33]
IP exposureRelays’ IPs are public [32]Floodfill router can collect IPs [36]
Packet size (bytes)512 cell length [37]288-304-464-64 packet sequence [23]
PortsORPort 9001, DirPort 9030Random from 9000 to 31,000 [38]
Table 2. Accuracy performance results for different classifiers.
Table 2. Accuracy performance results for different classifiers.
ClassifierNetworkingAccuracyPrecisionRecallF1 Score
CatBoostIPv40.93670.91240.89600.9041
Tor0.92940.89360.89500.8943
I2P0.94740.91430.92930.9217
Random ForestIPv40.93870.91550.89890.9071
Tor0.93080.89520.89810.8966
I2P0.94570.91230.92590.9290
HistGradientBoostingIPv40.90140.86470.88410.8743
Tor0.91990.91650.86970.8925
I2P0.87200.87300.87200.8730
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Islam, A.; Sakib, N.; Zhang, K.; Wuthier, S.; Chang, S.-Y. Anonymous Networking Detection in Cryptocurrency Using Network Fingerprinting and Machine Learning. Electronics 2025, 14, 2101. https://doi.org/10.3390/electronics14112101

AMA Style

Islam A, Sakib N, Zhang K, Wuthier S, Chang S-Y. Anonymous Networking Detection in Cryptocurrency Using Network Fingerprinting and Machine Learning. Electronics. 2025; 14(11):2101. https://doi.org/10.3390/electronics14112101

Chicago/Turabian Style

Islam, Amanul, Nazmus Sakib, Kelei Zhang, Simeon Wuthier, and Sang-Yoon Chang. 2025. "Anonymous Networking Detection in Cryptocurrency Using Network Fingerprinting and Machine Learning" Electronics 14, no. 11: 2101. https://doi.org/10.3390/electronics14112101

APA Style

Islam, A., Sakib, N., Zhang, K., Wuthier, S., & Chang, S.-Y. (2025). Anonymous Networking Detection in Cryptocurrency Using Network Fingerprinting and Machine Learning. Electronics, 14(11), 2101. https://doi.org/10.3390/electronics14112101

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop