Follow the money: Revealing risky nodes in a Ransomware-Bitcoin network

Date
2021-01-05
Authors
Turner, Adam
Mccombie, Stephen
Uhlmann, Allon
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
This paper demonstrates the use of network analysis to identify core nodes associated with ransomware attacks in cryptocurrency transaction networks. The method helps trace the cyber entities involved in cryptocurrency attacks and supports intelligence efforts to identify and disrupt cryptocurrency networks. A data corpus is built by the unsupervised machine learning graph algorithm ‘DeepWalk’ [1]. DeepWalk evaluates the position of nodes within networks. It compares the relative position of different nodes (similarity) and identifies those whose removal would most affect the network (riskiness). This method helps identify on the blockchain the key nodes that are involved in the execution of a ransomware attack. When applied to the ransomware “cash out” graph, the method derived “riskiness” scores for specific nodes. Analysing the derived “riskiness” at a community level (groups of nodes in the network) provides an enhanced granularity for identifying and targeting influential nodes. Such insight could potentially support both intelligence and forensics investigations.
Description
Keywords
Machine Learning and Predictive Analytics in Accounting, Finance, and Management, bitcoin, cryptocurrency, graph analytics, machine learning, ransomware, risk
Citation
Rights
Access Rights
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.