Follow the money: Revealing risky nodes in a Ransomware-Bitcoin network
Files
Date
2021-01-05
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Narrator
Transcriber
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
1560
Ending Page
Alternative Title
Abstract
This paper demonstrates the use of network analysis to identify core nodes associated with ransomware attacks in cryptocurrency transaction networks. The method helps trace the cyber entities involved in cryptocurrency attacks and supports intelligence efforts to identify and disrupt cryptocurrency networks. A data corpus is built by the unsupervised machine learning graph algorithm ‘DeepWalk’ [1]. DeepWalk evaluates the position of nodes within networks. It compares the relative position of different nodes (similarity) and identifies those whose removal would most affect the network (riskiness). This method helps identify on the blockchain the key nodes that are involved in the execution of a ransomware attack. When applied to the ransomware “cash out” graph, the method derived “riskiness” scores for specific nodes. Analysing the derived “riskiness” at a community level (groups of nodes in the network) provides an enhanced granularity for identifying and targeting influential nodes. Such insight could potentially support both intelligence and forensics investigations.
Description
Keywords
Machine Learning and Predictive Analytics in Accounting, Finance, and Management, bitcoin, cryptocurrency, graph analytics, machine learning, ransomware, risk
Citation
Extent
13 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 54th Hawaii International Conference on System Sciences
Related To (URI)
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.