高级检索

    基于近似测量算法Sketch的高精度区块链异常检测机制

    An Accurate Blockchain Anomaly Detection Mechanism Built on Approximate Sketch Algorithms

    • 摘要: 区块链存在网络动态性强和其管理困难等问题,使得区块链普遍存在DDoS 攻击和账户接管等异常现象. 现有区块链异常检测方法多从所有区块链账户中提取历史交易信息和交易频率等特征加以分析以甄别异常. 然而,随着区块链数据规模的不断扩大,现有方法在提取特征时面临内存消耗高、检测精度低的挑战. 为此,提出了一种高检测精度、低内存开销的区块链异常检测机制,该机制采用近似测量算法将区块链异常检测转化为异常交易账户检测,包括区块内异常账户和跨区块异常账户. 对于区块内异常账户,即仅存在于单个区块内的异常账户,使用Sketch算法进行账户识别,精度高. 而对于存在于多个区块且难以通过单个区块信息检测到的跨区块异常账户,则通过聚合和分析多区块信息进行账户的准确检测. 使用包含88 847个区块的真实区块链数据评估上述机制. 实验结果表明,与现有代表性方法对比,所提出的机制将区块链异常检测的召回率最高提升了6.3倍,F1分数最高提升了4.4倍. 因此,提出的高精度区块链异常检测机制对于规范区块链交易行为、维护系统安全性具有意义.

       

      Abstract: Blockchain suffers from network dynamics and management difficulties, making the anomalies such as DDoS attacks and account takeovers possible. Existing approaches that detect anomalies in blockchains extract features, such as historical transaction information and transaction frequencies, from blockchain accounts to identify anomalies. However, the increasing scale of blockchain data results in the challenge of high memory consumption and low detection accuracy in the feature extraction of existing approaches. To address this challenge, we propose a blockchain anomaly detection mechanism that achieves detection accuracy and reduces resource footprints. This mechanism embraces approximate sketching algorithms to transform the detection of blockchain anomalies into that of malicious accounts, including intra-block accounts and inter-block accounts. For intra-block accounts, i.e., the malicious accounts that occur inside a single block and the mechanism uses sketching algorithms to collectively filter out those accounts with high precision. For inter-block accounts, malicious accounts can be hardly detected by analyzing the information of a single block, it aggregates multi-block information to accurately detect those accounts. We evaluate our mechanism with real Ethereum block data comprising of 88847 blocks. Our results indicate that compared with typical existing approaches, our mechanism improves the recall of detecting blockchain anomalies by up to 6.3 times and the F1 score by up to 4.4 times. Therefore, our proposed blockchain anomaly detection mechanism can bring benefits to regulating blockchain transaction behaviors and maintain system security.

       

    /

    返回文章
    返回