GrabPhisher: Phishing Scams Detection in Ethereum via Temporally Evolving GNNs

IF 5.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS IEEE Transactions on Services Computing Pub Date : 2024-06-07 DOI:10.1109/TSC.2024.3411449

Jiale Zhang;Hao Sui;Xiaobing Sun;Chunpeng Ge;Lu Zhou;Willy Susilo

{"title":"GrabPhisher: Phishing Scams Detection in Ethereum via Temporally Evolving GNNs","authors":"Jiale Zhang;Hao Sui;Xiaobing Sun;Chunpeng Ge;Lu Zhou;Willy Susilo","doi":"10.1109/TSC.2024.3411449","DOIUrl":null,"url":null,"abstract":"Phishing scams are one of Ethereum's most representative security risks that can defraud many transactions in a short period and severely threaten network security. Existing deep learning-based phishing scam detection methods mainly rely on constructing static transaction graphs which are assumed to be accessible before model training. However, static methods that have a high false positive rate to detect newly generated phishing scams by adding this newly generated data to existing algorithms for execution, due to new accounts and transactions constantly appearing in the real-world Ethereum network. Therefore, this article, for the first time, proposes a novel evolve-based phishing scams detection method (named GrabPhisher) that extracts temporal features of accounts and captures information about the dynamic topology of the graph as it evolves. Specifically, GrabPhisher can build the evolutionary pattern of accounts trading on Ethereum as a diffusion network graph in continuous time. It can continue to capture new transaction features based on existing transactions, which facilitates the identification of phishing accounts. Additionally, we implement GrabPhisher on the real-world Ethereum phishing scams datasets. Extensive experimental results demonstrate that GrabPhisher can effectively extract dynamic temporal features and outperform state-of-the-art methods (95% Recall, and 88% F1-score).","PeriodicalId":13255,"journal":{"name":"IEEE Transactions on Services Computing","volume":"17 6","pages":"3727-3741"},"PeriodicalIF":5.8000,"publicationDate":"2024-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Services Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10552120/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Phishing scams are one of Ethereum's most representative security risks that can defraud many transactions in a short period and severely threaten network security. Existing deep learning-based phishing scam detection methods mainly rely on constructing static transaction graphs which are assumed to be accessible before model training. However, static methods that have a high false positive rate to detect newly generated phishing scams by adding this newly generated data to existing algorithms for execution, due to new accounts and transactions constantly appearing in the real-world Ethereum network. Therefore, this article, for the first time, proposes a novel evolve-based phishing scams detection method (named GrabPhisher) that extracts temporal features of accounts and captures information about the dynamic topology of the graph as it evolves. Specifically, GrabPhisher can build the evolutionary pattern of accounts trading on Ethereum as a diffusion network graph in continuous time. It can continue to capture new transaction features based on existing transactions, which facilitates the identification of phishing accounts. Additionally, we implement GrabPhisher on the real-world Ethereum phishing scams datasets. Extensive experimental results demonstrate that GrabPhisher can effectively extract dynamic temporal features and outperform state-of-the-art methods (95% Recall, and 88% F1-score).

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

GrabPhisher：通过时间演化的 GNN 在以太坊中检测网络钓鱼骗局

网络钓鱼诈骗是以太坊最具代表性的安全风险之一，可以在短时间内骗取许多交易，严重威胁网络安全。现有的基于深度学习的网络钓鱼诈骗检测方法主要依赖于构造静态交易图，在模型训练之前假定交易图是可访问的。然而，由于新的账户和交易不断出现在现实世界的以太坊网络中，静态方法通过将新生成的数据添加到现有算法中来检测新生成的网络钓鱼骗局，其假阳性率很高。因此，本文首次提出了一种新的基于进化的网络钓鱼诈骗检测方法（命名为GrabPhisher），该方法提取账户的时间特征，并捕获图在进化过程中的动态拓扑信息。具体来说，GrabPhisher可以将以太坊账户交易的演化模式构建为连续时间内的扩散网络图。它可以在现有交易的基础上继续捕捉新的交易特征，这有助于识别钓鱼账户。此外，我们在真实的以太坊网络钓鱼诈骗数据集上实现了GrabPhisher。大量的实验结果表明，GrabPhisher可以有效地提取动态时间特征，并且优于最先进的方法（召回率为95%，f1得分为88%）。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Transactions on Services Computing COMPUTER SCIENCE, INFORMATION SYSTEMS-COMPUTER SCIENCE, SOFTWARE ENGINEERING

CiteScore

11.50

自引率

6.20%

发文量

278

审稿时长

>12 weeks

期刊介绍： IEEE Transactions on Services Computing encompasses the computing and software aspects of the science and technology of services innovation research and development. It places emphasis on algorithmic, mathematical, statistical, and computational methods central to services computing. Topics covered include Service Oriented Architecture, Web Services, Business Process Integration, Solution Performance Management, and Services Operations and Management. The transactions address mathematical foundations, security, privacy, agreement, contract, discovery, negotiation, collaboration, and quality of service for web services. It also covers areas like composite web service creation, business and scientific applications, standards, utility models, business process modeling, integration, collaboration, and more in the realm of Services Computing.