Follow the money: Revealing risky nodes in a Ransomware-Bitcoin network

Turner, Adam
Mccombie, Stephen
Uhlmann, Allon
Journal Title
Journal ISSN
Volume Title
This paper demonstrates the use of network analysis to identify core nodes associated with ransomware attacks in cryptocurrency transaction networks. The method helps trace the cyber entities involved in cryptocurrency attacks and supports intelligence efforts to identify and disrupt cryptocurrency networks. A data corpus is built by the unsupervised machine learning graph algorithm ‘DeepWalk’ [1]. DeepWalk evaluates the position of nodes within networks. It compares the relative position of different nodes (similarity) and identifies those whose removal would most affect the network (riskiness). This method helps identify on the blockchain the key nodes that are involved in the execution of a ransomware attack. When applied to the ransomware “cash out” graph, the method derived “riskiness” scores for specific nodes. Analysing the derived “riskiness” at a community level (groups of nodes in the network) provides an enhanced granularity for identifying and targeting influential nodes. Such insight could potentially support both intelligence and forensics investigations.
Machine Learning and Predictive Analytics in Accounting, Finance, and Management, bitcoin, cryptocurrency, graph analytics, machine learning, ransomware, risk
Access Rights
Email if you need this content in ADA-compliant format.