Yufeng Xu,Lun Zhang,Turan Vural,Peng Qian,Yanbin Wang,Yuqing Fan,Ming Li,Xueyan Tang,Zheng Cao

DOI: https://doi.org/10.1145/3650400.3650499

2023-01-01

Abstract:Due to the decentralized and transparent characteristics of the blockchain ecosystem, malicious activities such as phishing scams on the Ethereum platform result in significant financial losses for users. The current methods for detecting phishing largely rely on analyzing original transactions, which makes uncovering hidden transaction patterns challenging. To tackle this limitation, we introduce the Spatio-Temporal Fusion Network (STFN) designed to identify phishing scams on the Ethereum network. Specifically, STFN incorporates two key components: the transactions subgraph encoder for formalizing spatial features, and the transaction sequence BERT encoder for capturing temporal features. By fusing these spatio-temporal features, we facilitate their integration into a machine learning algorithm for classifying phishing accounts. The experimental outcomes underscore the effectiveness of the STFN, achieving an AUC of 93.26% and a Recall of 94.53%, outperforming previous methods for Ethereum phishing detection.

Bowen He,Yuan Chen,Zhuo Chen,Xiaohui Hu,Yufeng Hu,Lei Wu,Rui Chang,Haoyu Wang,Yajin Zhou

DOI: https://doi.org/10.1145/3576915.3623210

2023-01-01

Abstract:The prosperity of Ethereum attracts many users to send transactions and trade crypto assets. However, this has also given rise to a new form of transaction-based phishing scam, named TXPHISH. Specifically, tempted by high profits, users are tricked into visiting fake websites and signing transactions that enable scammers to steal their crypto assets. The past year has witnessed 11 large-scale TXPHISH incidents causing a total loss of more than $70 million. In this paper, we conduct the first empirical study of TXPHISH on Ethereum, encompassing the process of a TXPHISH campaign and details of phishing transactions. To detect TXPHISH websites and extract phishing accounts automatically, we present TxPhishScope, which dynamically visits the suspicious websites, triggers transactions, and simulates results. Between November 25, 2022, and July 31, 2023, we successfully detected and reported 26,333 TXPHISH websites and 3,486 phishing accounts. Among all of documented TXPHISH websites, 78.9% of them were first reported by us, making TxPhishScope the largest TXPHISH website detection system. Moreover, we provided criminal evidence of four phishing accounts and their fund flow totaling $1.5 million to aid in the recovery of funds for the victims. In addition, we identified bugs in six Ethereum projects and received appreciation. Based on the detection results, we perform a comprehensive study of TXPHISH websites and phishing accounts. Our study reveals that TXPHISH websites have a short lifespan, low cost, and fast update frequency. Besides, Our analysis of phishing fund flow demonstrates that 54.0% of phishing funds ($43.7 million) flowed into centralized exchanges, where the identity of owners could be traced. Our research can serve as a valuable reference for Ethereum service providers to safeguard their users against TXPHISH and assist in the recovery of victims' crypto assets.

Qi Yuan,Baoying Huang,Jie Zhang,Jiajing Wu,Haonan Zhang,Xi Zhang

DOI: https://doi.org/10.1109/iscas45731.2020.9180815

2020-01-01

Abstract:With the increasing popularity of blockchain technology, it has also become a hotbed of various cybercrimes. As a traditional way of scam, the phishing scam has new means of scam in the blockchain scenario and swindles a lot of money from users. In order to create a safe environment for investors, an efficient method for phishing detection is urgently needed. In this paper, we propose a three steps framework to detect phishing scams on Ethereum by mining Ethereum transaction records. First, we obtain the labeled phishing accounts and corresponding transaction records from two authorized websites. According to the collected transaction records we build an Ethereum transaction network. Then, a network embedding method node2vec which can extract the latent features of accounts is used for subsequent phishing classification. Finally, to distinguish whether the account is a phishing account, we adopt the one-class support vector machine (SVM) to classify. The experimental result demonstrates that F-score of our phishing detection method can achieve 0.846, which verifies the validity of our model. To the best of our knowledge, this is the first work that investigates the phishing scams on Ethereum based on transaction records.

Liang Chen,Jiaying Peng,Yang Liu,Jintang Li,Fenfang Xie,Zibin Zheng

DOI: https://doi.org/10.1145/3398071

IF: 5.3

2020-01-01

ACM Transactions on Internet Technology

Abstract:Blockchain has attracted an increasing amount of researches, and there are lots of refreshing implementations in different fields. Cryptocurrency as its representative implementation, suffers the economic loss due to phishing scams. In our work, accounts and transactions are treated as nodes and edges, thus detection of phishing accounts can be modeled as a node classification problem. Correspondingly, we propose a detecting method based on Graph Convolutional Network and autoencoder to precisely distinguish phishing accounts. Experiments on different large-scale real-world datasets from Ethereum show that our proposed model consistently performs promising results compared with related methods.

Panpan Li,Yunyi Xie,Xinyao Xu,Jiajun Zhou,Qi Xuan

DOI: https://doi.org/10.48550/arXiv.2204.08194

2022-04-18

Abstract:Blockchain has widespread applications in the financial field but has also attracted increasing cybercrimes. Recently, phishing fraud has emerged as a major threat to blockchain security, calling for the development of effective regulatory strategies. Nowadays network science has been widely used in modeling Ethereum transaction data, further introducing the network representation learning technology to analyze the transaction patterns. In this paper, we consider phishing detection as a graph classification task and propose an end-to-end Phishing Detection Graph Neural Network framework (PDGNN). Specifically, we first construct a lightweight Ethereum transaction network and extract transaction subgraphs of collected phishing accounts. Then we propose an end-to-end detection model based on Chebyshev-GCN to precisely distinguish between normal and phishing accounts. Extensive experiments on five Ethereum datasets demonstrate that our PDGNN significantly outperforms general phishing detection methods and scales well in large transaction networks.

Social and Information Networks

Zhen Chen,Jia Huang,Shengzheng Liu,Haixia Long

DOI: https://doi.org/10.3390/electronics13061012

IF: 2.9

2024-03-08

Electronics

Abstract:With the emergence of blockchain technology, the cryptocurrency market has experienced significant growth in recent years, simultaneously fostering environments conducive to cybercrimes such as phishing scams. Phishing scams on blockchain platforms like Ethereum have become a grave economic threat. Consequently, there is a pressing demand for effective detection mechanisms for these phishing activities to establish a secure financial transaction environment. However, existing methods typically utilize only the most recent transaction record when constructing features, resulting in the loss of vast amounts of transaction data and failing to adequately reflect the characteristics of nodes. Addressing this need, this study introduces a multiscale feature fusion approach integrated with a graph convolutional network model to detect phishing scams on Ethereum. A node basic feature set comprising 12 features is initially designed based on the Ethereum transaction dataset in the basic feature module. Subsequently, in the edge embedding representation module, all transaction times and amounts between two nodes are sorted, and a gate recurrent unit (GRU) neural network is employed to capture the temporal features within this transaction sequence, generating a fixed-length edge embedding representation from variable-length input. In the time trading feature module, attention weights are allocated to all embedding representations surrounding a node, aggregating the edge embedding representations and structural relationships into the node. Finally, combining basic and time trading features of the node, graph convolutional networks (GCNs), SAGEConv, and graph attention networks (GATs) are utilized to classify phishing nodes. The performance of these three graph convolution-based deep learning models is validated on a real Ethereum phishing scam dataset, demonstrating commendable efficiency. Among these, SAGEConv achieves an F1-score of 0.958, an AUC-ROC value of 0.956, and an AUC-PR value of 0.949, outperforming existing methods and baseline models.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yun Wan,Feng Xiao,Dapeng Zhang

DOI: https://doi.org/10.1007/s00500-022-07661-0

IF: 3.732

2022-12-06

Soft Computing

Abstract:As cryptocurrency is widely accepted and used, attendant illegal activities have attracted extensive attention, especially phishing scams, which bring great losses to both customers and countries. From the perspective of crime prevention, early warning of such illegal behaviors is of great significance. However, most existing studies focus on detecting phishing scams that have already occurred and been reported. In addition, previous studies ignore the temporal order of users' appearance and thus cannot accurately extract features reflecting users' transaction patterns. In this paper, we propose a framework called early-stage phishing detection to address the problem of early phishing detection. According to the phishing amount, we first divide the process of phishing scams into three stages: early stage, middle stage, and late stage. Then, we develop a feature extraction method to capture features from both the local network structures and the time series of transactions. In experiments, the dataset is strictly partitioned by time series, and experimental results show that our proposed method outperforms existing graph embedding methods on a real-world Ethereum transaction dataset. Finally, we select the ten most important features and analyze the differences between phishing users and normal users on these features, which provide useful insights for regulators and platforms to detect phishing scams in advance.

computer science, artificial intelligence, interdisciplinary applications

Zhen Chen,Sheng-Zheng Liu,Jia Huang,Yu-Han Xiu,Hao Zhang,Hai-Xia Long

DOI: https://doi.org/10.3390/s24124022

IF: 3.9

2024-06-21

Sensors

Abstract:The rapid advancement of blockchain technology has fueled the prosperity of the cryptocurrency market. Unfortunately, it has also facilitated certain criminal activities, particularly the increasing issue of phishing scams on blockchain platforms such as Ethereum. Consequently, developing an efficient phishing detection system is critical for ensuring the security and reliability of cryptocurrency transactions. However, existing methods have shortcomings in dealing with sample imbalance and effective feature extraction. To address these issues, this study proposes an Ethereum phishing scam detection method based on DA-HGNN (Data Augmentation Method and Hybrid Graph Neural Network Model), validated by real Ethereum datasets to prove its effectiveness. Initially, basic node features consisting of 11 attributes were designed. This study applied a sliding window sampling method based on node transactions for data augmentation. Since phishing nodes often initiate numerous transactions, the augmented samples tended to balance. Subsequently, the Temporal Features Extraction Module employed Conv1D (One-Dimensional Convolutional neural network) and GRU-MHA (GRU-Multi-Head Attention) models to uncover intrinsic relationships between features from the time sequences and to mine adequate local features, culminating in the extraction of temporal features. The GAE (Graph Autoencoder) concept was then leveraged, with SAGEConv (Graph SAGE Convolution) as the encoder. In the SAGEConv reconstruction module, by reconstructing the relationships between transaction graph nodes, the structural features of the nodes were learned, obtaining reconstructed node embedding representations. Ultimately, phishing fraud nodes were further identified by integrating temporal features, basic features, and embedding representations. A real Ethereum dataset was collected for evaluation, and the DA-HGNN model achieved an AUC-ROC (Area Under the Receiver Operating Characteristic Curve) of 0.994, a Recall of 0.995, and an F1-score of 0.994, outperforming existing methods and baseline models.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Haojie Sun,Zhaowei Liu,Shenqiang Wang,Haiyang Wang

DOI: https://doi.org/10.1109/tnse.2024.3355089

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:With Ethereum blockchain advancement, the Ethereum platform gathers numerous users. In this context, traditional phishing appears new fraud methods, resulting in significant losses. Currently, network embedding methods are considered effective solutions in the field of phishing detection. However, investigating existing Ethereum phishing node detection algorithms finds they are not optimal and still face two issues. Firstly, the Ethereum network's topology is unsatisfactory, with nodes exhibiting a long-tail distribution in their degree. Current technologies typically allow high-degree nodes to acquire high-quality embeddings, while low-degree nodes, constrained by limited structure, obtain embeddings of lower quality, significantly impacting the detection accuracy of downstream tasks. Secondly, different features of nodes will suffer losses during the fusion process, resulting in the final learned feature embedding being suboptimal. This paper presents an attention-based graphical representation learning approach (ABGRL) to address these problems. ABGRL extracts different feature information by means of multiple channels, and fuses the different feature information using adaptive attention convolution to select the feature information that has the greatest impact on the downstream task. Then the tail node feature information is enhanced by a self-supervised regression model with robust tail node embedding. Finally, the effectiveness of the proposed model was validated through extensive experiments.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Sijia Li,Gaopeng Gou,Chang Liu,Chengshang Hou,Zhenzhen Li,Gang Xiong

DOI: https://doi.org/10.48550/arXiv.2204.13442

2022-04-28

Cryptography and Security

Abstract:In recent years, phishing scams have become the most serious type of crime involved in Ethereum, the second-largest blockchain platform. The existing phishing scams detection technology on Ethereum mostly uses traditional machine learning or network representation learning to mine the key information from the transaction network to identify phishing addresses. However, these methods adopt the last transaction record or even completely ignore these records, and only manual-designed features are taken for the node representation. In this paper, we propose a Temporal Transaction Aggregation Graph Network (TTAGN) to enhance phishing scams detection performance on Ethereum. Specifically, in the temporal edges representation module, we model the temporal relationship of historical transaction records between nodes to construct the edge representation of the Ethereum transaction network. Moreover, the edge representations around the node are aggregated to fuse topological interactive relationships into its representation, also named as trading features, in the edge2node module. We further combine trading features with common statistical and structural features obtained by graph neural networks to identify phishing addresses. Evaluated on real-world Ethereum phishing scams datasets, our TTAGN (92.8% AUC, and 81.6% F1score) outperforms the state-of-the-art methods, and the effectiveness of temporal edges representation and edge2node module is also demonstrated.

Siftee Ratra,Mohona Ghosh,Niyati Baliyan,Jinka Rashmitha Mohan,Sanjana Singh

DOI: https://doi.org/10.1093/comjnl/bxae079

2024-08-31

The Computer Journal

Abstract:Abstract In recent years, the widespread adoption of Ethereum-based transactions, such as cryptocurrencies and blockchain technologies, have revolutionized the way financial transactions are conducted. These decentralized and transparent systems offer numerous advantages, including enhanced security, immutability, and reduced transaction costs. However, alongside their benefits, Ethereum-based transactions have also attracted the attention of malicious actors seeking to exploit unsuspecting users through phishing scams. Phishing scams have thus become frequent in this scenario. Therefore, it is required to implement an effective and reliable phishing scam detection method. In this paper, we present the implementation of a highly efficient detection method by carrying out a graph-like data network formation, over which we then apply models that are based on graph neural networks like Magnet Link Prediction and Graph AutoEncoder Pathfinder Discovery Network Algorithm (GAE_PDNA). This helps in extracting useful information from the nodes of the graph. After relevant embeddings have been obtained, the classification of the phishing account is performed using AdaBoost classifier that helps in complex decision-making and detects the accounts related to the phishing scams. Our best model attains a precision of 0.99 and an F1 score of 0.99. Highlights

computer science, information systems, theory & methods, software engineering, hardware & architecture

Jingjing Yang,Wenjia Yu,Jiajing Wu,Dan Lin,Zhiying Wu,Zibin Zheng

DOI: https://doi.org/10.1109/tifs.2024.3484296

IF: 7.231

2024-11-02

IEEE Transactions on Information Forensics and Security

Abstract:In recent years, phishing scams have emerged as one of the most serious crimes on Ethereum. Existing phishing scam detection methods typically model public transaction records on the blockchain as a graph, and then identify phishing addresses through manual feature extraction or graph learning frameworks. Meanwhile, these methods model transactions within a period as a static network for analysis. Therefore, these methods lack the ability to capture fine-grained time dynamics, and on the other hand, they cannot handle the large-scale and continuously growing transaction data on the Ethereum blockchain, resulting in lower scalability and efficiency. In this paper, we propose a two-dimensional streaming framework 2DynEthNet for Ethereum phishing scam detection. First, we cast the transaction series into 6 slices according to block numbers, treating each as a separate task. In the first dimension, we treat transaction features as edge features instead of node features within one task, allowing each transaction to be streamed in 2DynEthNet, aiming to capture the evolutionary features of the Ethereum transaction network at a fine-grained level in continuous time. In the second dimension, we adopt the strategy of incremental information training between tasks, which utilizes meta-learning to quickly update the model parameters under new slices, thus effectively improving the scalability of the model. Finally, experimental results on large-scale real Ethereum phishing scam datasets show that our 2DynEthNet outperforms the state-of-the-art methods with 28.44% average Recall and achieves the most efficient training speed, proving the effectiveness of both temporal edge representation and meta-learning. In addition, we provide an Ethereum large-scale dynamic graph transaction dataset, ETGraph, which aligns with the data distribution in real transaction scenarios without sampling and filtering unlabeled accounts.

computer science, theory & methods,engineering, electrical & electronic

Zhuo Chen,Yufeng Hu,Bowen He,Dong Luo,Lei Wu,Yajin Zhou

2024-09-04

Abstract:In recent years, a more advanced form of phishing has arisen on Ethereum, surpassing early-stage, simple transaction phishing. This new form, which we refer to as payload-based transaction phishing (PTXPHISH), manipulates smart contract interactions through the execution of malicious payloads to deceive users. PTXPHISH has rapidly emerged as a significant threat, leading to incidents that caused losses exceeding \$70 million in 2023 reports. Despite its substantial impact, no previous studies have systematically explored PTXPHISH In this paper, we present the first comprehensive study of the PTXPHISH on Ethereum. Firstly, we conduct a long-term data collection and put considerable effort into establishing the first ground-truth PTXPHISH dataset, consisting of 5,000 phishing transactions. Based on the dataset, we dissect PTXPHISH, categorizing phishing tactics into four primary categories and eleven sub-categories. Secondly, we propose a rule-based multi-dimensional detection approach to identify PTXPHISH, achieving over 99% accuracy in the ground-truth dataset. Finally, we conducted a large-scale detection spanning 300 days and discovered a total of 130,637 phishing transactions on Ethereum, resulting in losses exceeding $341.9 million. Our in-depth analysis of these phishing transactions yielded valuable and insightful findings. Furthermore, our work has made significant contributions to mitigating real-world threats. We have reported 1,726 phishing addresses to the community, accounting for 42.7% of total community contributions during the same period. Additionally, we have sent 2,539 on-chain alert messages, assisting 1,980 victims. This research serves as a valuable reference in combating the emerging PTXPHISH and safeguarding users' assets.

Cryptography and Security,Software Engineering

Sijia Li,Gaopeng Gou,Chang Liu,Gang Xiong,Zhen Li,Junchao Xiao,Xinyu Xing

DOI: https://doi.org/10.1145/3627106.3627109

2023-01-01

Abstract:Phishing scams have become the most serious type of crime involved in Ethereum. However, existing methods ignore the natural camouflage and sparse distribution of phishing scams in Ethereum leading to unsatisfactory performance, and they are also limited by the data scale which cannot be applied to real-world dynamic scenarios. In this paper, we propose a Transaction Graph Contrast network (TGC) to enhance phishing scam detection performance on Ethereum. TGC inputs subgraphs instead of the entire graph for training, which eases the model’s requirements for machine configuration and data connectivity. Motivated by phishing nodes are surrounded by normal nodes, we design the comparison between node-level to help phishing nodes learn the unique properties of themselves different from their neighbors. Observing the small number and sparse distribution of phishing nodes, we narrow the distance between phishing nodes by comparing node context-level structures, so as to learn universal transaction patterns. We further combine the obtained features with common statistics to identify phishing addresses. Evaluated on real-world Ethereum phishing scams datasets, our TGC outperforms the state-of-the-art methods in detecting phishing addresses and has obvious advantages in large-scale and dynamic scenarios.

Zhutian Lin,Xi Xiao,Guangwu Hu,Bin Zhang,Qixu Liu,Xiapu Luo

DOI: https://doi.org/10.1109/secon58729.2023.10287480

2023-01-01

Abstract:The exponential growth of Ethereum transactions has resulted in a significant increase in phishing scams, leading to substantial financial losses in recent years. Current machine/deep learning-based approaches for classification have been found to be inadequate for large-scale and label-imbalanced Ethereum scenarios. To address this issue, we propose Phish2vec, a novel network embedding approach that takes into account the transaction temporality and heterogeneity in detecting phishing scams on Ethereum. Our approach begins by producing a transaction sub-network through data collection and preprocessing, which includes a novel Statistics-Based Sampling (SBS) method to address label leakage. To generate sequences that contain more comprehensive information, we then utilize two different types of sequences generators: Temporal-based Sequences Generator (TSG) and Heterogeneous-based Sequences Generator (HSG). By concatenating the sequences generated by TSG and HSG together, and feeding them into Word2vec and Fully Connected neural network (FC), our approach can identify phishing accounts with an Fl-score as high as 82.05%, which significantly outperforms classic schemes such as DeepWalk (67.29%), Trans2vec (74.78%), and Node2vec (70.91%).

Shucheng Li,Runchuan Wang,Hao Wu,Sheng Zhong,Fengyuan Xu

DOI: https://doi.org/10.1145/3581783.3612461

2023-01-01

Abstract:The phishing scams pose a serious threat to the ecosystem of Ethereum which is one of the largest blockchains in the world. Such a type of cyberattack recently has caused losses of millions of dollars. In this paper, we propose a Self-supervised IncrEmental deep Graph lEarning (SIEGE) model, for the phishing scam detection problem on Ethereum. To overcome the data scalability challenge, we propose splitting the original Ethereum transaction data and constructing transaction graphs for each split. Confronted with the minimal labeled data available, we resort to graph-based self-supervised learning. We design a spatial pretext task to learn high-quality node embeddings inside a single graph split, as well as an incremental learning paradigm and a temporal pretext task to facilitate information flow between different graph splits. To evaluate the effectiveness of SIEGE, we gather a real-world dataset consisting of six-month Ethereum transaction records. The results demonstrate that our model consistently outperforms baseline approaches in both transductive and inductive settings.

Jingjing Yang,Jieli Liu,Dan Lin,Jiajing Wu,Baoying Huang,Quanzhong Li,Zibin Zheng

DOI: https://doi.org/10.1109/tifs.2024.3463541

IF: 7.231

2024-10-11

IEEE Transactions on Information Forensics and Security

Abstract:With the popularity of Non-Fungible Tokens (NFTs), the high value of NFTs makes them a target for phishing scammers, which harms the security and reliability of the Web3 NFT ecosystem. Despite the significance of this issue, there is a lack of systematic research in the area of emerging NFT phishing scams. To address this gap, we are the first to conduct a case retrospective analysis and empirical measurement study of real-world historical NFT phishing scams on Ethereum. We collect and publicly release the first NFT phishing dataset which includes 1,625 NFT phishing accounts and transaction records as of August 2023. We further categorize the existing scams into four phishing patterns and investigate their distinguishable behaviors. Then, we reveal the modus operandi preferences and economic impacts to characterize NFT phishing scams. We find that NFT phishers stole 67,188 NFTs, with a total direct selling profit of 20.92 million. We also observe that scammers favor certain categories and collections of NFTs, coupled with signs of gang theft. Furthermore, we design a variety of account features for the classification task of NFT phishers based on empirical conclusions. Experimental results on real-world NFT transaction data demonstrate the effectiveness of these features in detecting NFT phishing accounts, and outperform traditional phishing detection methods with 41% average Precision and 44% average Recall.

computer science, theory & methods,engineering, electrical & electronic

Jiaqi Dong,Zishu Qin,Zhou Fang,Xuan Chen,Zengfeng Huang,Haoyun Guo,Richen Liu,Cagatay Turkay,Siming Chen

DOI: https://doi.org/10.1145/3615522.3615540

2023-01-01

Abstract:The phishing scam is a major kind of fraudulence in blockchain. And it has become an urgent issue to discern and prevent the fraudulent behaviors. However, the large-scale and dynamic nature of transaction network imposes great challenges on the identification and analysis. While there have been many sophisticated machine learning approaches providing predictive capability in terms of detecting such cases, they usually offer little insight into the essence of those behaviors and the occasion when phishing scam activities happen. Motivated by these shortcomings and bottlenecks, this paper proposes a suite of visual analytical methods for interpretable and explorable fraudulence identification in large-scale blockchain transaction networks, incorporating an anomaly detection model based on multiple feature extraction manners. In this paper, we adopt two types of graph embedding methods and variable derivation to generate features from transaction data. Then we use machine learning classification approaches to fit the three sets of features. Evaluations show that all kinds of features perform well in classification. Besides, we design an interactive visualization system displaying the transaction networks and classification models, which allows users better explore the data and understand the models. Furthermore, we demonstrate two cases through the visualization system to unearth fraudulent patterns and interpret classification results. Finally, we close with discussions for further improvements of our models and system.

Jinhuan Wang,Pengtao Chen,Xinyao Xu,Jiajing Wu,Meng Shen,Qi Xuan,Xiaoniu Yang

DOI: https://doi.org/10.48550/arxiv.2208.12938

2022-01-01

Abstract: Due to the decentralized and public nature of the Blockchain ecosystem, the malicious activities on the Ethereum platform impose immeasurable losses for the users. Existing phishing scam detection methods mostly rely only on the analysis of original transaction networks, which is difficult to dig deeply into the transaction patterns hidden in the network structure of transaction interaction. In this paper, we propose a \underline{T}ransaction \underline{S}ub\underline{G}raph \underline{N}etwork (TSGN) based phishing accounts identification framework for Ethereum. We first extract transaction subgraphs for target accounts and then expand these subgraphs into corresponding TSGNs based on the different mapping mechanisms. In order to make our model incorporate more important information about real transactions, we encode the transaction attributes into the modeling process of TSGNs, yielding two variants of TSGN, i.e., Directed-TSGN and Temporal-TSGN, which can be applied to the different attributed networks. Especially, by introducing TSGN into multi-edge transaction networks, the Multiple-TSGN model proposed is able to preserve the temporal transaction flow information and capture the significant topological pattern of phishing scams, while reducing the time complexity of modeling large-scale networks. Extensive experimental results show that TSGN models can provide more potential information to improve the performance of phishing detection by incorporating graph representation learning.

Runnan Tan,Qingfeng Tan,Qin Zhang,Peng Zhang,Yushun Xie,Zhao Li

DOI: https://doi.org/10.1007/s00607-023-01177-7

2023-01-01

Computing

Abstract:Since Bitcoin was first conceived in 2008, blockchain technology has attracted a large amount of researchers’ attention. At the same time, it has also facilitated a variety of cybercrimes. For example, Ethereum frauds, due to the potential for huge profits, occur frequently and pose a serious threat to the financial security of the Ethereum network. To create healthy financial environments, methods for automatically detecting and identifying Ethereum frauds are urgently needed in Ethereum system governance. To this end, this paper proposes a new framework to detect fraudulent transactions in Ethereum by mining Ethereum transaction records. Specifically, we obtain Ethereum addresses with fraud/legitimate labels through Web crawlers and then construct a transaction network according to the public transaction ledger. Then, a transaction behavior-based network embedding algorithm is proposed to extract node features for subsequent fraudulent transaction identification. Finally, we adopt the Graph Convolutional Neural Network model (GCN) to classify addresses into legal and fraudulent addresses. The experimental results show that the fraudulent transaction detection system can achieve an accuracy of 96% on fraud/legitimate record classification, which proves the effectiveness of the framework in the detection of Ethereum fraudulent transactions.