Ethereum Malicious Account Detection Method Based on LightGBM

doi:10.3969/j.issn.1671-1122.2020.04.009

Abstract

Abstract:

Due to the anonymity of the blockchain, Ethereum has gradually become a platform for malicious accounts to scam through vulnerabilities, phishing, and other methods. An Ethereum malicious account detection method based on LightGBM is proposed. By collecting and annotating 8028 Ethereum accounts, handcrafted features are extracted based on the history of transactions, and statistical features are extracted using featuretools. Finally, the LightGBM classifier is trained to detect malicious accounts in Ethereum through the fusion of two types of features. The experimental results show that the F1-Measure of the proposed method is 94.9%, which is more efficient and accurate than SVM, KNN and other methods. The introduction of handcrafted features can effectively improve the detection performance of malicious accounts.

Key words: blockchain, malicious account detection, Ethereum, LightGBM

CLC Number:

TP309

BIAN Lingyu, ZHANG Linlin, ZHAO Kai, SHI Fei. Ethereum Malicious Account Detection Method Based on LightGBM[J]. Netinfo Security, 2020, 20(4): 73-80.

Figures/Tables 9

References 25

[1]	SHAO Qifeng, JIN Cheqing, ZHANG Zhao, et al.Blockchain: Architecture and Research Progress[J]. Chinese Journal of Computers, 2018, 41(5): 969-988.
	邵奇峰,金澈清,张召,等.区块链技术:架构及进展[J].计算机学报,2018,41(5):969-988.
[2]	GUO Dongchao, DONG Jiaqing, WANG Kai.Graph Structure and Statistical Properties of Ethereum Transaction Relationships[J]. Information Sciences, 2019, 492(2019): 58-71.
[3]	DEEPAK P, NISHA M, MOHANTY S P, et al.Everything You Wanted to Know About the Blockchain: Its Promise, Components, Processes, and Problems[J]. IEEE Consumer Electronics Magazine, 2018, 7(4): 6-14.
[4]	ZHU Liehuang, GAO Feng, SHEN Meng, et al.Survey on Privacy Preserving Techniques for Blockchain Technology[J]. Journal of Computer Research and Development, 2017, 54(10): 2170-2186.
	祝烈煌,高峰,沈蒙,等.区块链隐私保护研究综述[J].计算机研究与发展,2017,54(10):2170-2186.
[5]	ETHERSCAN. Ethereum Block Explorer[EB/OL]. , 2019-9-27.
[6]	YUAN Yong, WANG Feiyue.Blockchain: The State of the Art and Future Trends[J]. Acta Automatica Sinica, 2016, 42(4): 481-494.
	袁勇,王飞跃.区块链技术发展现状与展望[J].自动化学报,2016,42(4):481-494.
[7]	LIU Han, YANG Zhiqiang, JIANG Yu, et al.Enabling Clone Detection for Ethereum via Smart Contract Birthmarks[C]//IEEE/ACM. 27th International Conference on Program Comprehension(ICPC), May 25-31, 2019, Montreal, QC, Canada. New York: ACM, 2019: 105-115.
[8]	SUN Guozi, WANG Jitao, GU Yu.Security Threat Analysis of Blockchain Technology[J]. Journal of Nanjing University of Posts and Telecommunications(Natural Science Edition), 2019, 39(5): 48-62.
	孙国梓,王纪涛,谷宇.区块链技术安全威胁分析[J].南京邮电大学学报(自然科学版),2019,39(5):48-62.
[9]	HUANG Butian, LIU Zhenguang, CHEN Jianhai, et al.Behavior Pattern Clustering in Blockchain Networks[J]. Multimedia Tools and Applications, 2017, 76(19): 20099-20110.
[10]	FEATURE LABS. Featuretools[EB/OL]. , 2019-9-27.
[11]	ZHAO Chen.Graph-Based Forensic Investigation of Bitcoin Transactions[D]. Ames, Jowa: Jowa State University, 2014.
[12]	MONACO J V.Identifying Bitcoin Users by Transaction Behavior[C]//SPIE. 2015 International Society for Optics and Photonics Defense Security and Sensing, April 20-24, 2015, Baltimore, MD, USA. Washington: SPIE, 2015: 33-47.
[13]	ANDROULAKI E, KARAME G O, ROESCHLIN M, et al.Evaluating User Privacy in Bitcoin[C]//Springer. 17th International Conference on Financial Cryptography and Data Security, April 1-5, 2013, Okinawa, Japan. Berlin: Springer, 2013: 34-51.
[14]	REID F, HARRIGAN M.An Analysis of Anonymity in the Bitcoin System[C]//IEEE. 3rd IEEE International Conference on Privacy, Security, Risk and Trust and 3rd IEEE International Conference on Social Computing, October 9-11, 2011, Boston, MA, USA. NJ: IEEE, 2011: 1318-1326.
[15]	YIN H S, LANGENHELDT K, HARLEV M, et al.Regulating Cryptocurrencies: A Supervised Machine Learning Approach to De-anonymizing the Bitcoin Blockchain[J]. Journal of Management Information Systems, 2019, 36(1): 37-73.
[16]	LIN Yujing, WU Powei, HSU Chenghan, et al.An Evaluation of Bitcoin Address Classification Based on Transaction History Summarization[C]//IEEE. International Conference on Blockchain and Cryptocurrency(ICBC), May 14-17, 2019, Seoul, Korea(South). NJ: IEEE, 2019: 302-310.
[17]	TOYODA K, OHTSUKI T, MATHIOPOULOS P T.Multi-Class Bitcoin-Enabled Service Identification Based on Transaction History Summarization[C]//IEEE. 11th IEEE International Conference on Internet of Things(iThings) and 14th IEEE Green Computing and Communications(GreenCom) and 11th IEEE Cyber, Physical and Social Computing(CPSCom) and 4th IEEE Smart Data(SmartData), July 30-August 3, 2018, Halifax, NS, Canada. NJ: IEEE, 2018: 1153-1160.
[18]	TOYODA K, OHTSUKI T, MATHIOPOULOS P T.Identification of High Yielding Investment Programs in Bitcoin via Transactions Pattern Analysis[C]//IEEE. 60th IEEE Global Communications Conference, June 12-14, 2017, Singapore. NJ: IEEE, 2017: 1-6.
[19]	KANEMURA K, TOYODA K, OHTSUKI T.Identification of Darknet Markets’ Bitcoin Addresses by Voting Per-address Classification Results[C]//IEEE. International Conference on Blockchain and Cryptocurrency(ICBC), May 14-17, 2019, Seoul, Korea(South). NJ: IEEE, 2019: 154-158.
[20]	CHEN Weili, ZHENG Zibin, NGAI E C, et al.Exploiting Blockchain Data to Detect Smart Ponzi Schemes on Ethereum[J]. IEEE Access, 2019, 7(2019): 37575-37586.
[21]	LIAO K, ZHAO Ziming, DOUPE A, et al.Behind Closed Doors: Measurement and Analysis of CryptoLocker Ransoms in Bitcoin[C]//IEEE. 11th APWG Symposium on Electronic Crime Research(eCrime), June 1-3, 2016, Toronto, Canada. NJ: IEEE, 2016: 1-13.
[22]	KE Guolin, MENG Qi, THOMAS F, et al.LightGBM: A Highly Efﬁcient Gradient Boosting Decision Tree[C]//NIPS. 31st Conference on Neural Information Processing Systems, December 4-9, 2017, Long Beach, CA, USA. New York: Curran Associates, 2017: 3146-3154.
[23]	YUN Ju, SUN Guangyu, CHEN Quanhe, et al.A Model Combining Convolutional Neural Network and LightGBM Algorithm for Ultra-Short-Term Wind Power Forecasting[J]. IEEE Access, 2019, 7(2019): 28309-28318.
[24]	JOURDAN M, BLANDIN S, WYNTER L, et al.Characterizing Entities in the Bitcoin Blockchain[C]//IEEE. 18th IEEE International Conference on Data Mining(ICDM), November 17-19, 2018, Singapore. NJ: IEEE, 2018: 55-62.
[25]	LEE D, KWON T.Automated Classification of Unknown Smart Contracts of Ethereum Using Machine Learning[J]. Journal of the Korea Institute of Information Security & Cryptology, 2018, 28(6): 1319-1328.

Send/ Receive Account	发送/接收交易账户	Transaction Fee	交易手续费
NTS/NTR	交易数量	TETF	手续费总额（ETH）
STV/RTV	交易总额	AETF	平均手续费（ETH）
SAV/RAV	交易平均价值	TUTF	手续费总额（USD）
(max/min) STI/RTI	（最大/最小）时间间隔	AUTF	平均手续费（USD）

聚合原语	含义
SUM	关联特征求和
MAX	关联特征求最大值
MIN	关联特征求最小值
MEAN	关联特征求平均值
MODE	关联特征求众数
NUM_UNIQUE	确定关联特征的数量

模型	P	R	F1
KNN	89.5	91.4	90.4
LR	89.8	91.7	90.7
SVM	89.6	92.0	90.8
RF	92.8	91.7	92.2
AdaBoost	92.6	92.9	92.7
LightGBM	94.3	95.6	94.9

模型	运行时间/s
RF	1.674
AdaBoost	15.805
LightGBM	1.759

特征	P	R	F1
手工特征	91.3	96.5	93.8
统计特征	87.7	93.4	90.5
本文方法（统计特征+手工特征）	94.3	95.6	94.9