An Accurate Blockchain Anomaly Detection Mechanism Built on Approximate Sketch Algorithms

Blockchain suffers from network dynamics and management difficulties, making the anomalies such as DDoS attacks and account takeovers possible. Existing approaches that detect anomalies in blockchains extract features, such as historical transaction information and transaction frequencies, from blockchain accounts to identify anomalies. However, the increasing scale of blockchain data results in the challenge of high memory consumption and low detection accuracy in the feature extraction of existing approaches. To address this challenge, we propose a blockchain anomaly detection mechanism that achieves detection accuracy and reduces resource footprints. This mechanism embraces approximate sketching algorithms to transform the detection of blockchain anomalies into that of malicious accounts, including intra-block accounts and inter-block accounts. For intra-block accounts, i.e., the malicious accounts that occur inside a single block and the mechanism uses sketching algorithms to collectively filter out those accounts with high precision. For inter-block accounts, malicious accounts can be hardly detected by analyzing the information of a single block, it aggregates multi-block information to accurately detect those accounts. We evaluate our mechanism with real Ethereum block data comprising of 88847 blocks. Our results indicate that compared with typical existing approaches, our mechanism improves the recall of detecting blockchain anomalies by up to 6.3 times and the F1 score by up to 4.4 times. Therefore, our proposed blockchain anomaly detection mechanism can bring benefits to regulating blockchain transaction behaviors and maintain system security.