Visible to the public Biblio

Found 1012 results

Filters: First Letter Of Title is C  [Clear All Filters]
A B [C] D E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
C
Lee, J..  2020.  CanvasMirror: Secure Integration of Third-Party Libraries in a WebVR Environment. 2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S). :75—76.

Web technology has evolved to offer 360-degree immersive browsing experiences. This new technology, called WebVR, enables virtual reality by rendering a three-dimensional world on an HTML canvas. Unfortunately, there exists no browser-supported way of sharing this canvas between different parties. As a result, third-party library providers with ill intent (e.g., stealing sensitive information from end-users) can easily distort the entire WebVR site. To mitigate the new threats posed in WebVR, we propose CanvasMirror, which allows publishers to specify the behaviors of third-party libraries and enforce this specification. We show that CanvasMirror effectively separates the third-party context from the host origin by leveraging the privilege separation technique and safely integrates VR contents on a shared canvas.

Doğu, S., Alidoustaghdam, H., Dilman, İ, Akıncı, M. N..  2020.  The Capability of Truncated Singular Value Decomposition Method for Through the Wall Microwave Imaging. 2020 IEEE Microwave Theory and Techniques in Wireless Communications (MTTW). 1:76–81.
In this study, a truncated singular value decomposition (TSVD) based computationally efficient through the wall imaging (TWI) is addressed. Mainly, two different scenarios with identical and non-identical multiple scatterers behind the wall have been considered. The scattered data are processed with special scheme in order to improve quality of the results and measurements are performed at four different frequencies. Next, effects of selecting truncation threshold in TSVD methods are analyzed and a detailed quantitative comparison is provided to demonstrate capabilities of these TSVD methods over selection of truncation threshold.
Ferres, E., Immler, V., Utz, A., Stanitzki, A., Lerch, R., Kokozinski, R..  2018.  Capacitive Multi-Channel Security Sensor IC for Tamper-Resistant Enclosures. 2018 IEEE SENSORS. :1–4.
Physical attacks are a serious threat for embedded devices. Since these attacks are based on physical interaction, sensing technology is a key aspect in detecting them. For highest security levels devices in need of protection are placed into tamper-resistant enclosures. In this paper we present a capacitive multi-channel security sensor IC in a 350 nm CMOS technology. This IC measures more than 128 capacitive sensor nodes of such an enclosure with an SNR of 94.6 dB across a 16×16 electrode matrix in just 19.7 ms. The theoretical sensitivity is 35 aF which is practically limited by noise to 460 aF. While this is similar to capacitive touch technology, it outperforms available solutions of this domain with respect to precision and speed.
Le Métayer, Daniel, Rauzy, Pablo.  2018.  Capacity: An Abstract Model of Control over Personal Data. Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. :64-75.

While the control of individuals over their personal data is increasingly seen as an essential component of their privacy, the word "control" is usually used in a very vague way, both by lawyers and by computer scientists. This lack of precision may lead to misunderstandings and makes it difficult to check compliance. To address this issue, we propose a formal framework based on capacities to specify the notion of control over personal data and to reason about control properties. We illustrate our framework with social network systems and show that it makes it possible to characterize the types of control over personal data that they provide to their users and to compare them in a rigorous way.

Shi, Wenxiao, Zhang, Ruidong, Ouyang, Min, Wang, Jihong.  2017.  The Capacity of Hybrid Wireless Mesh Network. Proceedings of the 3rd International Conference on Communication and Information Processing. :332–338.

Wireless mesh network (WMN) consists of mesh gateways, mesh routers and mesh clients. In hybrid WMN, both backbone mesh network and client mesh network are mesh connected. Capacity analysis of multi-hop wireless networks has proven to be an interesting and challenging research topic. The capacity of hybrid WMN depends on several factors such as traffic model, topology, scheduling strategy and bandwidth allocation strategy, etc. In this paper, the capacity of hybrid WMN is studied according to the traffic model and bandwidth allocation. The traffic of hybrid WMN is categorized into internal and external traffic. Then the capacity of each mesh client is deduced according to appropriate bandwidth allocation. The analytical results show that hybrid WMN achieves lower capacity than infrastructure WMN. The results and conclusions can guide for the construction of hybrid WMN.

Bartolini, Davide B., Miedl, Philipp, Thiele, Lothar.  2016.  On the Capacity of Thermal Covert Channels in Multicores. Proceedings of the Eleventh European Conference on Computer Systems. :24:1–24:16.

Modern multicore processors feature easily accessible temperature sensors that provide useful information for dynamic thermal management. These sensors were recently shown to be a potential security threat, since otherwise isolated applications can exploit them to establish a thermal covert channel and leak restricted information. Previous research showed experiments that document the feasibility of (low-rate) communication over this channel, but did not further analyze its fundamental characteristics. For this reason, the important questions of quantifying the channel capacity and achievable rates remain unanswered. To address these questions, we devise and exploit a new methodology that leverages both theoretical results from information theory and experimental data to study these thermal covert channels on modern multicores. We use spectral techniques to analyze data from two representative platforms and estimate the capacity of the channels from a source application to temperature sensors on the same or different cores. We estimate the capacity to be in the order of 300 bits per second (bps) for the same-core channel, i.e., when reading the temperature on the same core where the source application runs, and in the order of 50 bps for the 1-hop channel, i.e., when reading the temperature of the core physically next to the one where the source application runs. Moreover, we show a communication scheme that achieves rates of more than 45 bps on the same-core channel and more than 5 bps on the 1-hop channel, with less than 1% error probability. The highest rate shown in previous work was 1.33 bps on the 1-hop channel with 11% error probability.

Reijers, Niels, Shih, Chi-Sheng.  2018.  CapeVM: A Safe and Fast Virtual Machine for Resource-Constrained Internet-of-Things Devices. Proceedings of the 16th ACM Conference on Embedded Networked Sensor Systems. :250-263.

This paper presents CapeVM, a sensor node virtual machine aimed at delivering both high performance and a sandboxed execution environment that ensures malicious code cannot corrupt the VM's internal state or perform actions not allowed by the VM. CapeVM uses Ahead-of-Time compilation and introduces a range of optimisations to eliminate most of the overhead present in previous work on sensor node AOT compilers. A sandboxed execution environment is guaranteed by a set of checks. The structured nature of the VM's instruction set allows the VM to perform most checks at load time, reducing the need for expensive run-time checks compared to native code approaches. While some overhead from using a VM and adding sandbox checks cannot be avoided, CapeVM's optimisations reduce this overhead dramatically. We evaluate CapeVM using a set of IoT applications and show this results in a performance just 2.1x slower than unsandboxed native code. Thus, CapeVM combines the desirable properties ofexisting work on both sandboxed execution and virtual machines for sensor nodes, with significantly improved performance.

Jadidi, Mahya Soleimani, Zaborski, Mariusz, Kidney, Brian, Anderson, Jonathan.  2019.  CapExec: Towards Transparently-Sandboxed Services. 2019 15th International Conference on Network and Service Management (CNSM). :1–5.
Network services are among the riskiest programs executed by production systems. Such services execute large quantities of complex code and process data from arbitrary — and untrusted — network sources, often with high levels of system privilege. It is desirable to confine system services to a least-privileged environment so that the potential damage from a malicious attacker can be limited, but existing mechanisms for sandboxing services require invasive and system-specific code changes and are insufficient to confine broad classes of network services. Rather than sandboxing one service at a time, we propose that the best place to add sandboxing to network services is in the service manager that starts those services. As a first step towards this vision, we propose CapExec, a process supervisor that can execute a single service within a sandbox based on a service declaration file in which, required resources whose limited access to are supported by Caper services, are specified. Using the Capsicum compartmentalization framework and its Casper service framework, CapExec provides robust application sandboxing without requiring any modifications to the application itself. We believe that this is the first step towards ubiquitous sandboxing of network services without the costs of virtualization.
Almashaqbeh, Ghada, Kelley, Kevin, Bishop, Allison, Cappos, Justin.  2019.  CAPnet: A Defense Against Cache Accounting Attacks on Content Distribution Networks. 2019 IEEE Conference on Communications and Network Security (CNS). :250—258.

Peer-assisted content distribution networks (CDNs)have emerged to improve performance and reduce deployment costs of traditional, infrastructure-based content delivery networks. This is done by employing peer-to-peer data transfers to supplement the resources of the network infrastructure. However, these hybrid systems are vulnerable to accounting attacks in which the peers, or caches, collude with clients in order to report that content was transferred when it was not. This is a particular issue in systems that incentivize cache participation, because malicious caches may collect rewards from the content publishers operating the CDN without doing any useful work. In this paper, we introduce CAPnet, the first technique that lets untrusted caches join a peer-assisted CDN while providing a bound on the effectiveness of accounting attacks. At its heart is a lightweight cache accountability puzzle that clients must solve before caches are given credit. This puzzle requires colocating the data a client has requested, so its solution confirms that the content has actually been retrieved. We analyze the security and overhead of our scheme in realistic scenarios. The results show that a modest client machine using a single core can solve puzzles at a rate sufficient to simultaneously watch dozens of 1080p videos. The technique is designed to be even more scalable on the server side. In our experiments, one core of a single low-end machine is able to generate puzzles for 4.26 Tbps of bandwidth - enabling 870,000 clients to concurrently view the same 1080p video. This demonstrates that our scheme can ensure cache accountability without degrading system productivity.

Estes, Tanya, Finocchiaro, James, Blair, Jean, Robison, Johnathan, Dalme, Justin, Emana, Michael, Jenkins, Luke, Sobiesk, Edward.  2016.  A Capstone Design Project for Teaching Cybersecurity to Non-technical Users. Proceedings of the 17th Annual Conference on Information Technology Education. :142–147.

This paper presents a multi-year undergraduate computing capstone project that holistically contributes to the development of cybersecurity knowledge and skills in non-computing high school and college students. We describe the student-built Vulnerable Web Server application, which is a system that packages instructional materials and pre-built virtual machines to provide lessons on cybersecurity to non-technical students. The Vulnerable Web Server learning materials have been piloted at several high schools and are now integrated into multiple security lessons in an intermediate, general education information technology course at the United States Military Academy. Our paper interweaves a description of the Vulnerable Web Server materials with the senior capstone design process that allowed it to be built by undergraduate information technology and computer science students, resulting in a valuable capstone learning experience. Throughout the paper, a call is made for greater emphasis on educating the non-technical user.

Ren, Wenyu, Yu, Tuo, Yardley, Timothy, Nahrstedt, Klara.  2019.  CAPTAR: Causal-Polytree-based Anomaly Reasoning for SCADA Networks. 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). :1–7.
The Supervisory Control and Data Acquisition (SCADA) system is the most commonly used industrial control system but is subject to a wide range of serious threats. Intrusion detection systems are deployed to promote the security of SCADA systems, but they continuously generate tremendous number of alerts without further comprehending them. There is a need for an efficient system to correlate alerts and discover attack strategies to provide explainable situational awareness to SCADA operators. In this paper, we present a causal-polytree-based anomaly reasoning framework for SCADA networks, named CAPTAR. CAPTAR takes the meta-alerts from our previous anomaly detection framework EDMAND, correlates the them using a naive Bayes classifier, and matches them to predefined causal polytrees. Utilizing Bayesian inference on the causal polytrees, CAPTAR can produces a high-level view of the security state of the protected SCADA network. Experiments on a prototype of CAPTAR proves its anomaly reasoning ability and its capabilities of satisfying the real-time reasoning requirement.
Wang, M., Yang, Y., Zhu, M., Liu, J..  2018.  CAPTCHA Identification Based on Convolution Neural Network. 2018 2nd IEEE Advanced Information Management,Communicates,Electronic and Automation Control Conference (IMCEC). :364–368.
The CAPTCHA is an effective method commonly used in live interactive proofs on the Internet. The widely used CAPTCHAs are text-based schemes. In this paper, we document how we have broken such text-based scheme used by a website CAPTCHA. We use the sliding window to segment 1001 pieces of CAPTCHA to get 5900 images with single-character useful information, a total of 25 categories. In order to make the convolution neural network learn more image features, we augmented the data set to get 129924 pictures. The data set is trained and tested in AlexNet and GoogLeNet to get the accuracy of 87.45% and 98.92%, respectively. The experiment shows that the optimized network parameters can make the accuracy rate up to 92.7% in AlexNet and 98.96% in GoogLeNet.
Li, Z., Liao, Q..  2018.  CAPTCHA: Machine or Human Solvers? A Game-Theoretical Analysis 2018 5th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2018 4th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :18–23.
CAPTCHAs have become an ubiquitous defense used to protect open web resources from being exploited at scale. Traditionally, attackers have developed automatic programs known as CAPTCHA solvers to bypass the mechanism. With the presence of cheap labor in developing countries, hackers now have options to use human solvers. In this research, we develop a game theoretical framework to model the interactions between the defender and the attacker regarding the design and countermeasure of CAPTCHA system. With the result of equilibrium analysis, both parties can determine the optimal allocation of software-based or human-based CAPTCHA solvers. Counterintuitively, instead of the traditional wisdom of making CAPTCHA harder and harder, it may be of best interest of the defender to make CAPTCHA easier. We further suggest a welfare-improving CAPTCHA business model by involving decentralized cryptocurrency computation.
An, G., Yu, W..  2017.  CAPTCHA Recognition Algorithm Based on the Relative Shape Context and Point Pattern Matching. 2017 9th International Conference on Measuring Technology and Mechatronics Automation (ICMTMA). :168–172.
Using shape context descriptors in the distance uneven grouping and its more extensive description of the shape feature, so this descriptor has the target contour point set deformation invariance. However, the twisted adhesions verification code have more outliers and more serious noise, the above-mentioned invariance of the shape context will become very bad, in order to solve the above descriptors' limitations, this article raise a new algorithm based on the relative shape context and point pattern matching to identify codes. And also experimented on the CSDN site's verification code, the result is that the recognition rate is higher than the traditional shape context and the response time is shorter.
Hu, Y., Chen, L., Cheng, J..  2018.  A CAPTCHA recognition technology based on deep learning. 2018 13th IEEE Conference on Industrial Electronics and Applications (ICIEA). :617–620.
Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) is an important human-machine distinction technology for website to prevent the automatic malicious program attack. CAPTCHA recognition studies can find security breaches in CAPTCHA, improve CAPTCHA technology, it can also promote the technologies of license plate recognition and handwriting recognition. This paper proposed a method based on Convolutional Neural Network (CNN) model to identify CAPTCHA and avoid the traditional image processing technology such as location and segmentation. The adaptive learning rate is introduced to accelerate the convergence rate of the model, and the problem of over-fitting and local optimal solution has been solved. The multi task joint training model is used to improve the accuracy and generalization ability of model recognition. The experimental results show that the model has a good recognition effect on CAPTCHA with background noise and character adhesion distortion.
Khan, A., Chefranov, A. G..  2020.  A Captcha-Based Graphical Password With Strong Password Space and Usability Study. 2020 International Conference on Electrical, Communication, and Computer Engineering (ICECCE). :1—6.

Security for authentication is required to give a superlative secure users' personal information. This paper presents a model of the Graphical password scheme under the impact of security and ease of use for user authentication. We integrate the concept of recognition with re-called and cued-recall based schemes to offer superior security compared to existing schemes. Click Symbols (CS) Alphabet combine into one entity: Alphanumeric (A) and Visual (V) symbols (CS-AV) is Captcha-based password scheme, we integrate it with recall-based n ×n grid points, where a user can draw the shape or pattern by the intersection of the grid points as a way to enter a graphical password. Next scheme, the combination of CS-AV with grid cells allows very large password space ( 2.4 ×104 bits of entropy) and provides reasonable usability results by determining an empirical study of memorable password space. Proposed schemes support most applicable platform for input devices and promising strong resistance to shoulder surfing attacks on a mobile device which can be occurred during unlocking (pattern) the smartphone.

Nieto, A., Acien, A., Lopez, J..  2018.  Capture the RAT: Proximity-Based Attacks in 5G Using the Routine Activity Theory. 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech). :520-527.

The fifth generation of cellular networks (5G) will enable different use cases where security will be more critical than ever before (e.g. autonomous vehicles and critical IoT devices). Unfortunately, the new networks are being built on the certainty that security problems cannot be solved in the short term. Far from reinventing the wheel, one of our goals is to allow security software developers to implement and test their reactive solutions for the capillary network of 5G devices. Therefore, in this paper a solution for analysing proximity-based attacks in 5G environments is modelled and tested using OMNET++. The solution, named CRAT, is able to decouple the security analysis from the hardware of the device with the aim to extend the analysis of proximity-based attacks to different use-cases in 5G. We follow a high-level approach, in which the devices can take the role of victim, offender and guardian following the principles of the routine activity theory.

Korczynski, David, Yin, Heng.  2017.  Capturing Malware Propagations with Code Injections and Code-Reuse Attacks. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. :1691–1708.
Defending against malware involves analysing large amounts of suspicious samples. To deal with such quantities we rely heavily on automatic approaches to determine whether a sample is malicious or not. Unfortunately, complete and precise automatic analysis of malware is far from an easy task. This is because malware is often designed to contain several techniques and countermeasures specifically to hinder analysis. One of these techniques is for the malware to propagate through the operating system so as to execute in the context of benign processes. The malware does this by writing memory to a given process and then proceeds to have this memory execute. In some cases these propagations are trivial to capture because they rely on well-known techniques. However, in the cases where malware deploys novel code injection techniques, rely on code-reuse attacks and potentially deploy dynamically generated code, the problem of capturing a complete and precise view of the malware execution is non-trivial. In this paper we present a unified approach to tracing malware propagations inside the host in the context of code injections and code-reuse attacks. We also present, to the knowledge of the authors, the first approach to identifying dynamically generated code based on information-flow analysis. We implement our techniques in a system called Tartarus and match Tartarus with both synthetic applications and real-world malware. We compare Tartarus to previous works and show that our techniques substantially improve the precision for collecting malware execution traces, and that our approach can capture intrinsic characteristics of novel code injection techniques.
Gleissenthall, Klaus v., Bjørner, Nikolaj, Rybalchenko, Andrey.  2016.  Cardinalities and Universal Quantifiers for Verifying Parameterized Systems. Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation. :599–613.

Parallel and distributed systems rely on intricate protocols to manage shared resources and synchronize, i.e., to manage how many processes are in a particular state. Effective verification of such systems requires universally quantification to reason about parameterized state and cardinalities tracking sets of processes, messages, failures to adequately capture protocol logic. In this paper we present Tool, an automatic invariant synthesis method that integrates cardinality-based reasoning and universal quantification. The resulting increase of expressiveness allows Tool to verify, for the first time, a representative collection of intricate parameterized protocols.

Berkowsky, J., Rana, N., Hayajneh, T..  2017.  CAre: Certificate Authority Rescue Engine for Proactive Security. 2017 14th International Symposium on Pervasive Systems, Algorithms and Networks 2017 11th International Conference on Frontier of Computer Science and Technology 2017 Third International Symposium of Creative Computing (ISPAN-FCST-ISCC). :79–86.

Cryptography and encryption is a topic that is blurred by its complexity making it difficult for the majority of the public to easily grasp. The focus of our research is based on SSL technology involving CAs, a centralized system that manages and issues certificates to web servers and computers for validation of identity. We first explain how the certificate provides a secure connection creating a trust between two parties looking to communicate with one another over the internet. Then the paper goes into what happens when trust is compromised and how information that is being transmitted could possibly go into the hands of the wrong person. We are proposing a browser plugin, Certificate Authority Rescue Engine (CAre), to serve as an added source of security with simplicity and visibility. In order to see why CAre will be an added benefit to average and technical users of the internet, one must understand what website security entails. Therefore, this paper will dive deep into website security through the use of public key infrastructure and its core components; certificates, certificate authorities, and their relationship with web browsers.

Poulsen, A., Burmeister, O. K., Tien, D..  2018.  Care Robot Transparency Isn't Enough for Trust. 2018 IEEE Region Ten Symposium (Tensymp). :293—297.

A recent study featuring a new kind of care robot indicated that participants expect a robot's ethical decision-making to be transparent to develop trust, even though the same type of `inspection of thoughts' isn't expected of a human carer. At first glance, this might suggest that robot transparency mechanisms are required for users to develop trust in robot-made ethical decisions. But the participants were found to desire transparency only when they didn't know the specifics of a human-robot social interaction. Humans trust others without observing their thoughts, which implies other means of determining trustworthiness. The study reported here suggests that the method is social interaction and observation, signifying that trust is a social construct. Moreover, that `social determinants of trust' are the transparent elements. This socially determined behaviour draws on notions of virtue ethics. If a caregiver (nurse or robot) consistently provides good, ethical care, then patients can trust that caregiver to do so often. The same social determinants may apply to care robots and thus it ought to be possible to trust them without the ability to see their thoughts. This study suggests why transparency mechanisms may not be effective in helping to develop trust in care robot ethical decision-making. It suggests that roboticists need to build sociable elements into care robots to help patients to develop patient trust in the care robot's ethical decision-making.

Gao, Fengjuan, Chen, Tianjiao, Wang, Yu, Situ, Lingyun, Wang, Linzhang, Li, Xuandong.  2016.  Carraybound: Static Array Bounds Checking in C Programs Based on Taint Analysis. Proceedings of the 8th Asia-Pacific Symposium on Internetware. :81–90.

C programming language never performs automatic bounds checking in order to speed up execution. But bounds checking is absolutely necessary in any program. Because if a variable is out-of-bounds, some serious errors may occur during execution, such as endless loop or buffer overflows. When there are arrays used in a program, the index of an array must be within the boundary of the array. But programmers always miss the array bounds checking or do not perform a correct array bounds checking. In this paper, we perform static analysis based on taint analysis and data flow analysis to detect which arrays do not have correct array bounds checking in the program. And we implement an automatic static tool, Carraybound. And the experimental results show that Carraybound can work effectively and efficiently.

Min, Byungho, Varadharajan, Vijay.  2016.  Cascading Attacks Against Smart Grid Using Control Command Disaggregation and Services. Proceedings of the 31st Annual ACM Symposium on Applied Computing. :2142–2147.

In this paper, we propose new types of cascading attacks against smart grid that use control command disaggregation and core smart grid services. Although there have been tremendous research efforts in injection attacks against the smart grid, to our knowledge most studies focus on false meter data injection, and false command and false feedback injection attacks have been scarcely investigated. In addition, control command disaggregation has not been addressed from a security point of view, in spite of the fact that it is becoming one of core concepts in the smart grid and hence analysing its security implications is crucial to the smart grid security. Our cascading attacks use false control command, false feedback or false meter data injection, and cascade the effects of such injections throughout the smart grid subsystems and components. Our analysis and evaluation results show that the proposed attacks can cause serious service disruptions in the smart grid. The evaluation has been performed on a widely used smart grid simulation platform.

Chen, L., Yue, D., Dou, C., Ge, H., Lu, J., Yang, X..  2017.  Cascading Failure Initially from Power Grid in Interdependent Networks. 2017 IEEE Conference on Energy Internet and Energy System Integration (EI2). :1–5.

The previous consideration of power grid focuses on the power system itself, however, the recent work is aiming at both power grid and communication network, this coupling networks are firstly called as interdependent networks. Prior study on modeling interdependent networks always extracts main features from real networks, the model of network A and network B are completely symmetrical, both degree distribution in intranetwork and support pattern in inter-network, but in reality this circumstance is hard to attain. In this paper, we deliberately set both networks with same topology in order to specialized research the support pattern between networks. In terms of initial failure from power grid or communication network, we find the remaining survival fraction is greatly disparate, and the failure initially from power grid is more harmful than failure initially from communication network, which all show the vulnerability of interdependency and meantime guide us to pay more attention to the protection measures for power grid.

Zola, Francesco, Eguimendia, Maria, Bruse, Jan Lukas, Orduna Urrutia, Raul.  2019.  Cascading Machine Learning to Attack Bitcoin Anonymity. 2019 IEEE International Conference on Blockchain (Blockchain). :10—17.

Bitcoin is a decentralized, pseudonymous cryptocurrency that is one of the most used digital assets to date. Its unregulated nature and inherent anonymity of users have led to a dramatic increase in its use for illicit activities. This calls for the development of novel methods capable of characterizing different entities in the Bitcoin network. In this paper, a method to attack Bitcoin anonymity is presented, leveraging a novel cascading machine learning approach that requires only a few features directly extracted from Bitcoin blockchain data. Cascading, used to enrich entities information with data from previous classifications, led to considerably improved multi-class classification performance with excellent values of Precision close to 1.0 for each considered class. Final models were implemented and compared using different machine learning models and showed significantly higher accuracy compared to their baseline implementation. Our approach can contribute to the development of effective tools for Bitcoin entity characterization, which may assist in uncovering illegal activities.