Activity resource analysis is unreliable on the blockchain platform
With the improvement of blockchain 2.0 and later versions, more and more blockchain-based technological solutions began to appear, giving more convenience to human life. However, cybercriminals can take advantage of non-existent blockchain platforms to kill users and perform malicious work. In this article, we propose a heuristic bad behavior research method that identifies activities in the blockchain by analyzing the trajectory of funds. Researchers have found that different types of harassment, such as gambling, phishing and money laundering, have different patterns.
Introduction
The platform does not allow the public blockchain to have the characteristics of decentralization, redundancy and pseudo-anonymity, so it is likely to be adopted in cryptocurrency technology. However, cybercriminals can still take advantage of malicious blockchain platforms and target users through social engineering to perform malicious work. The most advanced technology is often used to identify bad habits based on the exchange of information on personal wallets, but not to identify income.
In this article, we propose a heuristic-based behavioral research method that identifies activities in the blockchain by analyzing the trajectory of funds. Scientists have reported the application of this method using the Ethereum blockchain data exchange. Along the way, scientists find that there are different patterns depending on the type of harassment, such as gambling, phishing, and money laundering. The letter explained that this behavioral detection method is universal and can be applied to any public blockchain platform without the need for authorization, and can be changed according to the circumstances of the platform. The main advantages of this sentence are:
1. By identifying temporary investments using a time cycle, we describe the characteristics of malicious activity such as phishing, gambling and money laundering on the blockchain platform, and comment on a new negative research that uses waste of money. The cycle method determines the volatility of the exchange rate as a function of cycle time.
2. Identify and distribute most attacks on Ethereum. Researchers also found two unreliable real-time currency exchanges along a blockchain platform using financial methods.
3. Currently the most advanced method of researching and analyzing unreliable behavior of blockchain platforms using machine learning or charts. This article provides an update on the existing process of assessing bad behavior and using financial methods to conduct research.
ob,Terrorism that can use blockchain
(is)Phishing
Phishing occurs when cybercriminals attempt to steal digital cryptocurrencies or user credentials using social engineering mETHods (such as creating bogus websites that look like old sites). Web, sending fake emails). In phishing activities, attackers do not take advantage of the absence of physical interference, but rather use the disadvantage of victims to deceive. A well-known phishing attack on the blockchain site is a counterfeit scam encountered in the Bee Token ICO project, in which a hacker attacks a Bee tokens email name and sends How many emails are sent via ETH ( Ethereum). using cryptocurrency).
(of them)gambling
Due to the anonymity and transparency of the cryptocurrency market, blockchain has been widely used in gambling. The benefits of using cryptocurrencies for gambling are due to the inefficiency of the blockchain, the increased risk of fraud, gambling restrictions in certain countries or regions, and legal penalties for gambling. Can be waived for low anonymous rates. . Currently, online gambling platforms such as Las Atlantis Casino and Wild Casino accept cryptocurrencies.
(Three)finance
Money laundering refers to the use of various methods to conceal the location and nature of a crime and to justify the document. The three main stages of cryptocurrency money laundering are:
1. Deposits: Terrorists can use cash or other types of cryptocurrency (altcoins) to buy cryptocurrency on the stock exchange. Violators can take advantage of no exchange when the exchange is unable to take full advantage of financial protection or cannot identify the trader.
2. Exploitation: When using digital resources, terrorists use an anonymous blockchain to hide funds.
3. Money Laundering: The authors claim that the illegal income is the result of company profits or other interest in cryptocurrency for the purpose of violating illegal money.
At the same time, he pointed out that although illegal cryptocurrency transactions are easy due to the anonymity of users in the blockchain, cryptocurrency has less impact on usage. In 2019, only 0.5% of all Bitcoin transactions affect the Bitcoin market on the dark web.
Three,Reconnaissance
(is)Cycle exam
The timely investigation process does not take into account the problems of the time, and scientists have made some adjustments to it. At a given moment, the determination of the edge of a temporal path is limited by their time of occurrence, and can only have one starting node.
(2) Algorithm search time
Search-depth density (DFS) is used to identify time in static images, and scientists use DFS-based methods to find the time.
four,Evaluation
(is)recordings
Currently, the most commonly authorized blockchains are Bitcoin (Bit-coin) and Ethereum (Ethereum). Scientists chose Ethereum blockchain data because Ethereum data is increasingly diverse, and Ethereum counts and exchanges data based on various types of breaches.
There are two types of funds in Ethereum: External Exchange (EOA) and Contract (SC) funds that run on the Ethereum Virtual Machine (EVM). Exchanges between the two SCs are not kept on the list, but these exchanges can be counted on Ethereum virtual machines and called internal exchanges. In a blockchain, this data is transmitted through an Ethereum API, called external commerce.
1.market model
The two sectors have different JSON standards, and the internal and external sectors are shown in Figure 1 and Figure 2, respectively.
Figure 1 Example of Ethereum's internal activity
Figure 2 Example of an external company in Ethereum
2. Statistics of the dataset
Offenses like gambling, phishing, and money laundering on Ethereum contain enough numbers and marketing tools for researchers to understand the revenue stream.
(ob)preliminary information
Scientists only use complete internal and external transaction data and weed out transactions that send 0 Eth (the cryptocurrency used by Ethereum). Such a transaction would result in a loss of investment of 100%. The scientist's goal is to find the many loopholes in the process. questionable cycle. Also, if account A sends money to account B multiple times in the same block, the scientist puts them in an exchange.
One of the ways of money laundering on the Ethereum blockchain is money laundering carried out by Upbit hackers using cryptocurrency exchanges. Some insiders have been accused of improper money laundering while transferring money from gold wallets to cold wallets. In this case, when scientists learned about money laundering methods, they used an account marked “UpBit Hack” from the Ethereum blockchain as a money laundering account.
(Three) Experimental results
1.gambling
Scientists used methods designed to make money like gambling on Etherscan (an Ethereum-certified browser blockchain), only to determine the emerging market for gambling-only money. Scientists believe that the money involved in gambling keeps their money in the blockchain deposit or exchange, and when they win, those funds can get their money back.
The study found that out of 42 tagged gaming accounts (4 EOA and 38 SC), only 2 SC had one at a time, and one of the SC accounts benefited. Also, if the scientist's correction time detection procedure is not used, the total number of cycles is 136,958, and if correction is used, the total number of cycles will be reduced to 346. All this time is two long jumps.
Since then, the researcher has added funds and transactions that aren't marked as a gambling den, and times haven't changed. Scientists have added four more neighbors, but the number of episodes remains unchanged at each level. This shows that most game funds do not have the same behavior time with other game funds.
Also, this study found that a gaming account did not transfer money to another gaming account during the cycle process, while the gaming account made money with other unrelated funds. to the game, and almost no surprises in transferring money over time. cycle path.ua. .
2. Phishing
A total of 4,769 numbers were considered phishing (4076 EOA, 693 SC), of which 103 were involved in business transactions and 55 were the start of one or more cycles. Most phishing scams have some sort of change, limiting how the money will appear at that time. The total number of cycles is 1682 if the scientific modification cycle is not used, and if the correction is applied, the total number of cycles will be reduced to 164. the maximum circle is 2 hops, with a maximum of 3 jumps in a circle. Scientists have found that some of these contagions exhibit suspicious behavior.
The scientist added a neighbor to the phishing number (the phishing account the account was sent to), which is similar to the phishing number and does not change the search number. Scientists added more money, and when they identified the money on the phishing website, they discovered a vicious cycle with bad money as the path, indicating that the phishing money was flowing to them.
3. Laundry money
There are 815 numbers marked "UpBit Hack", 2 of which are SC accounts. The researcher keeps the domestic and foreign trade data of these funds, but does not consider the domestic market because all the domestic markets have the error "= true" (which means business failure). Most of these funds only have 3-5 trades, so they rarely show up in a timely manner. The total number of cycles is 83 if the scientist search cycle correction is not used, and the total cycle will be reduced to 40 if the correction is used.
In that study, 69 accounting numbers participated in the time cycle, indicating that more money spent on laundry was involved in the currency market over time. The scientist added foreign money to the neighbors of the total money and money laundering cases, and using the study modification, the total time cycle is 90 and the maximum number of jumps for this circle is 6. The number of circles does not increase much, but in the trading circle according to the time method, the circle with a capital loss of less than 10% increases.
4.other ailments
The researchers found that 113 of the 214 scammers are identified as phishing scams and that these scams do not involve money laundering as a means to an end. Although scientists later added a neighbor's money (this money has been identified as fraud and phishing), there is no time cycle for just two EOAs. As a result, phishing scams, also considered to be fraudulent numbers, behave more strangely than other phishing schemes, and phishing scams can be divided into several groups.
Five points
With the development of blockchain 2.0 or later, people's interest in blockchain technology grew rapidly, and blockchain-based technology solutions such as blockchain-based medical data electricity began to appear. more and more. But at the same time, more and more times this technology and its users are getting used to doing bad things. Most of these atrocities have resulted in social engineering attacks through the use of previously unknown loopholes in the tech community and the use of malicious means to deceive users. Such attacks can lead to disruption and the loss of a large portion of digital assets, and digital assets fall as the loss of public blockchain platforms that do not need to be published.
Over the past few years, scientists have developed a number of advanced techniques to combat malicious attacks and identify malicious applications on the blockchain. Most of these procedures are based on machine learning and do not distinguish between different types of harassment, while others focus only on certain types of harassment. Moreover, this technology does not follow the path of cryptocurrency flows.
In this article, the researcher has a way to track income to collect behavioral data related to various types of harassment, and to use work time to determine active time and track income in a timely manner. Researchers have found that harassment can be divided into four categories based on travel time and loss of money. While it is difficult to identify blockchain violations, scientists believe this work is in demand by law enforcement, regulators, and blockchain stakeholders. .
Scan QR code with WeChat