以太坊非法交易检测方法综述

李梦; 梁广俊; 印杰; 马卓; 张祎

引用本文：

李梦,梁广俊,印杰,马卓,张祎.以太坊非法交易检测方法综述[J].信息安全学报,2024,9(5):189-216 [点击复制]
LI Meng,LIANG Guangjun,YIN Jie,MA Zhuo,ZHANG Yi.A Survey of Ethereum Illegal Detection Methods[J].Journal of Cyber Security,2024,9(5):189-216 [点击复制]

本文已被：浏览 183次下载 125次	码上扫一扫！
以太坊非法交易检测方法综述
李梦¹, 梁广俊², 印杰², 马卓², 张祎³
0 字体:加大+\|默认\|缩小-
(1.江苏警官学院基础课教研部南京中国 210031;2.江苏警官学院计算机信息与网络安全系南京中国 210031;3.江苏省公安厅南京中国 210024)

摘要:

以太坊基于智能合约创造了一个交易生态系统,参与者可以通过部署智能合约实现交易多元化。然而交易实体的隐蔽性为非法交易提供“便利”,诸如传销、诈骗、蜜罐合约、洗钱、赌博和恐怖主义等违法犯罪活动频发。其中前三种是犯罪分子对正常用户单方面实施违法行为,相较后三种而言辐射范围更广、潜在危险性更强,故本文针对前三种非法交易行为展开研究。全文从通用检测和特殊检测两个角度对其交易特点、检测方法进行总结。首先进行通用检测研究,通用检测关注从数据角度整理以太坊非法交易的检测方法,发现采用监督算法(用于用户地址分类)+无监督算法(发现潜在非法用户)可实现高精度检测。然后进行特殊检测研究,特殊检测关注特定的非法交易类型,针对以网络钓鱼为代表的诈骗、以庞氏骗局为代表的传销和蜜罐合约交易,分别总结其在以太坊平台上体现出的“新特点”与“新方法”。再从数据收集、特征提取、异常检测3个阶段综述检测技术的研究进展,借助准确率、精度、召回率、F1-score等评价指标进行交易类型内部和类间的比较分析,发现在数据收集阶段采用混合采样等数据增强技术、在特征提取阶段采用图嵌入和深度学习等机器学习算法、在异常检测阶段采用集成方法等现代机器学习算法可有效提高检测精度。最后,将视角扩展到区块链平台,进行区块链间非法交易检测技术比较分析,进一步给出以太坊非法交易检测未来的研究方向。

关键词: 以太坊非法检测机器学习庞氏骗局蜜罐合约网络钓鱼诈骗

DOI：10.19363/J.cnki.cn10-1380/tn.2024.09.10

投稿时间：2022-11-16修订日期：2023-03-28

基金项目:本课题得到国家自然科学基金青年基金(No.62202209),南京邮电大学射频集成与微组装技术国家地方联合工程实验室开放课题(No.KFJJ20200201),江苏省教育厅科研项目(No.2021SJA0497,No.2023SJYB0467),2022年江苏高校“青蓝工程”优秀青年骨干教师项目,江苏警官学院科研项目(No.2020SJYZR02,No.2023A06)资助。

A Survey of Ethereum Illegal Detection Methods

LI Meng¹, LIANG Guangjun², YIN Jie², MA Zhuo², ZHANG Yi³

(1.Department of Basic Course Teaching, Jiangsu Police Institute, Nanjing 210031, China;2.Department of Computer Information and Network Security, Jiangsu Police Institute, Nanjing 210031, China;3.Department of Jiangsu Provincial Public Security, Nanjing 210024, China)

Abstract:

Ethereum has created a trading ecosystem based on smart contracts, where participants can diversify their transactions by deploying smart contracts. However, the concealment of trading entities provides “convenience” for illegal transactions, such as pyramid schemes, fraud, honeypot contracts, money laundering, gambling, and terrorism. Among them, the first three are unilateral illegal acts committed by criminals against normal users, which have a wider radiation range and greater potential danger compared to the latter three. Therefore, this paper focuses on the first three illegal trading acts. The paper summarizes its transaction characteristics and detection methods from two perspectives: general detection and special detection. Firstly, we conduct research on general detection, which focuses on the detection methods for sorting out illegal transactions in Ethereum from a data perspective. We found that using supervised algorithms (used for user address classification) +unsupervised algorithms (found potential illegal users) can achieve high-precision detection. Then we conduct special detection research, focusing on specific types of illegal transactions. For fraud represented by phishing, pyramid schemes represented by Ponzi schemes, and honeypot contract transactions, summarize the “new features” and “new methods” embodied on the Ethereum platform. Then, it summarizes the research progress of detection technology from three stages: data collection, feature extraction, and anomaly detection. By using evaluation indicators such as accuracy, precision, recall and F1 score, it is found that data enhancement techniques such as mixed sampling are used in the data collection stage, machine learning algorithms such as graph embedding and deep learning are used in the feature extraction stage, and modern machine learning algorithms such as integrated methods are used in the anomaly detection phase can effectively improve detection accuracy. Finally, we expand the perspective to the blockchain platform, conduct a comparative analysis of illegal transaction detection technologies between blockchains, and further provide future research directions for Ethereum illegal transaction detection.

Key words: ethereum illegal detection machine learning ponzi scheme honeypot contract phishing fraud