From: Blockchain abnormal behavior awareness methods: a survey
Subject behavior | Awareness purpose | Awareness difficulty | Awareness methods | Technical details | Applicable scene | Awareness accuracy | Awareness speed | Advantage | Disadvantage | Precision | Recall | F1 | Data using |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Transaction behavior | Fraud behavior detection | Easy | Based on unsupervised learning | Multivariate cluster analysis based on trimmed k-means algorithm (Monamo et al. 2016) | More types needs for abnormal behavior classification | Low | Fast | High rubustness | Unsatisfactory precision | Efficient cluster number: 8 malicious detection rate: 16.67% | Bitcoin partial transaction dataset | ||
Based on unsupervised learning | Cluster analysis based on k-means algorithm after finding outliers (Sayadi et al. 2019) | Less types needs for abnormal behavior classification | High | Fast | High recognition accuracy for a small number of abnormal types | Fewer types of abnormal behavior can be detected | 90.00% | 99.70% | 94.00% | ||||
Based on rule inference | Anomaly behavior recognition based on transaction motivation (Shen et al. 2021) | Targeted awareness needs for specific abnormal | Medium | Medium | Strong pertinence | Weak robustness | Airdrop candy: 43.62% greedy injection: 54.32% | Airdrop candy: 85.71% greedy injection: 81.35% | Airdrop candy: 57.79% greedy injection: 65.11% | ||||
Account behavior | Suspicious account behavior detection | Medium | Based on unsupervised learning | Cluster analysis based on account behavior graph (Pham and Lee 2016) | More types needs for abnormal behavior classification | Low | Fast | High rubustness | Unsatisfactory precision and recall rate | Efficient cluster number: 7 Significant attack events: 2 | Bitcoin partial transaction dataset | ||
Based on unsupervised learning | Account behavior analysis based on graph mining method combining event information and account high-level interaction information (Ao et al. 2021) | Fine-grained requirements for account behavior description | Medium | Medium | Highly fine-graied awareness | Unsatisfactory speed and accuracy | Average modularity: 0.801 | Ethereum on-chain data | |||||
Node behavior pattern classification | Hard | Based on unsupervised learning | Blockchain behavior clustering algorithm BPC analysis and verification (Huang et al. 2017) | Less types needs for abnormal behavior classification | Medium | Fast | High recognition accuracy for a small number of abnormal types | Low fine-grained awareness | Efficient cluster number: 2 Precision: 74.26% | Transaction data of a real blockchain application on stock trading | |||
Fraud account detection | Easy | Based on supervised learning | Using XGBoost to identify large scale fraudulent accounts and features sensitivity analysis (Ostapowicz and Żbikowski 2020) | Needs for fraud prediction on the account | High | Fast | High accuracy | Low fine- grained awareness | Random forest: 85.71% XGBoost: 78.03% | Random forest: 23.67% XGBoost: 31.32% | Random Forest: 37.09% XGBoost: 44.70% | Ethereum On-chain Data with phishing labels | |
Identity inference | Medium | Based on unsupervised learning | Identity analysis based on GNN (Shen et al. 2021) | Deanonymization for abnormal behavior | High | Fast | High recognition accuracy with effectively large-scale graphed computation avoidance | Label dependency | 99.17% | 99.83% | 99.50% | Ethereum phishing transaction network | |
Contract behavior | Vulnerability detection | Easy | Based on automated exploit | Provide a universal definition of contract vulnerability and exploitation tools (Krupp and Rossow 2018) | All blockchains that support smart contracts | High | Fast | Can be implement on a large scale with a high degree of automation | Limited to contract internal behavior | Successful exploit contract rate: 88.41% | Ethereum on-chain contracts | ||
Honeypot detection | Medium | Based on symbol execution | Propose honeypot contract classification and construct heuristic honeypot contract search tool (Torres et al. 2019) | All blockchains that support smart contracts | High | Fast | High accuracy and fast perception speed | Limited to contract internal behavior and requires open source smart contract | 94.38% | – | – | ||
Attack detection and classification | Medium | Based on supervised learning | Use neural network to train the interaction graphs between contracts to automatically discover the stage of new attacks (Su et al. 2021) | Needs for attack stages identification | High | Fast | Can be implement on a large scale with strong robustness | Attacks limited to the use of smart contract transactions | 95.07% | 94.73% | 94.83% | DEFIER extended DApp event dataset |