No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
An Intelligent Blockchain based Framework for secured Cryptocurrency Exchanges to Detect Fraudulent Transactions
... While blockchain offers transparency by recording all transactions on a public ledger, the pseudonymity it provides enables bad actors to mask their identities, facilitating schemes like money laundering, ransomware payments, and fraudulent initial coin offerings (ICOs). Decentralized exchanges (DEXs) and peer-to-peer transactions further exacerbate these risks by bypassing traditional financial oversight [184]- [186]. Additionally, vulnerabilities in smart contracts and blockchain (depicted in Figure 10) bridges are frequently exploited in hacks and scams [187]. ...
The rapid proliferation of digital technologies has revolutionized the global economy and transformed how individuals and businesses interact. However, this digital transformation has also given rise to a surge in online scams and financial frauds, posing significant threats to individuals, organizations, and financial institutions. This review paper explores the evolving landscape of online scams and financial frauds in the digital age, focusing on prevalent schemes such as phishing, identity theft, online payment fraud, cryptocurrency-related scams, and social engineering attacks. It examines the methods employed by cybercriminals, the psychological and technological factors that make victims susceptible, and the socioeconomic impacts of these fraudulent activities. The paper also highlights the roles of legislation, cybersecurity advancements, and public awareness in combating digital fraud. By synthesizing current research, case studies, and global trends, this review provides a comprehensive overview of the challenges posed by online scams and financial frauds and outlines effective strategies to mitigate their impact in an increasingly connected world.
Fault detection is becoming greatly important in protecting cryptographic designs that can suffer from both natural or malicious faults. Finite fields over
are widely used in such designs, since their data are coded in binary form for practical reasons. Among the different finite field arithmetic, multiplication is the bottleneck operation for many cryptosystems due to its complexity. Therefore, in this work, fault detection schemes based on cyclic codes for finite field multipliers using different fields found in traditional and post-quantum cryptography are derived. Moreover, we implement such schemes by embedding them into the original architectures to perform an exhaustive study, benchmark the different overheads obtained, and prove their suitability for deeply constrained embedded systems. These implementations are performed on advanced micro devices (AMD)/Xilinx field-programmable gate array (FPGA) and provide a very high error coverage with acceptable overhead.
Among the National Institute for Standards and Technology (NIST) postquantum cryptography (PQC) standardization Round 3 finalists (announced in 2020 and anticipated to conclude in 2022–2024), SABER and Falcon are efficient key encapsulation mechanism (KEM) and compact signature scheme, respectively. SABER is a simple and flexible cryptographic scheme, highly suitable for thwarting potential attacks in the postquantum era. Implementing SABER can be performed solely in hardware (HW) or on HW/software coprocessors. On the other hand, the compact key size, efficient design, and strong reliability proof in the quantum random oracle model (QROM) make Falcon a highly suitable signature algorithm for PQC. Although Falcon is crucial as a PQC signature scheme, the utilization of the Gaussian sampler makes it vulnerable to malicious attacks, e.g., fault attacks. This is the first work to present error detection schemes embedded efficiently in SABER as well as Falcon’s sampler architectures, which can detect both transient and permanent faults. Moreover, we implement HW design for the ModFalcon signature algorithm as well as the Gaussian sampler. These schemes are implemented on a formerly Xilinx field-programmable gate array (FPGA) family, for both SABER and Falcon variants, where we assess the error coverage and the performance. The proposed schemes incur low overhead (the area, delay, and power overheads being 22.59%, 19.77%, and 10.67%, respectively, in the worst case) while providing a high fault detection rate (99.9975% in the worst case scenario), making them suitable for high efficiency and compact HW implementations of constrained applications.
Network anomaly detection plays a crucial role as it provides an effective mechanism to block or stop cyberattacks. With the recent advancement of Artificial Intelligence (AI), there has been a number of Autoencoder (AE) based deep learning approaches for network anomaly detection to improve our posture towards network security. The performance of existing state-of-the-art AE models used for network anomaly detection varies without offering a holistic approach to understand the critical impacts of the core set of important performance indicators of AE models and the detection accuracy. In this study, we propose a novel 5-layer autoencoder (AE)-based model better suited for network anomaly detection tasks. Our proposal is based on the results we obtained through an extensive and rigorous investigation of several performance indicators involved in an AE model. In our proposed model, we use a new data pre-processing methodology that transforms and removes the most affected outliers from the input samples to reduce model bias caused by data imbalance across different data types in the feature set. Our proposed model utilizes the most effective reconstruction error function which plays an essential role for the model to decide whether a network traffic sample is normal or anomalous. These sets of innovative approaches and the optimal model architecture allow our model to be better equipped for feature learning and dimension reduction thus producing better detection accuracy as well as f1-score. We evaluated our proposed model on the NSL-KDD dataset which outperformed other similar methods by achieving the highest accuracy and f1-score at 90.61% and 92.26% respectively in detection.
The Bitcoin cryptocurrency is a worldwide prevalent virtualized digital currency conceptualized in 2008 as a distributed transactions system. Bitcoin transactions make use of peer-to-peer network nodes without a third-party intermediary, and the transactions can be verified by the node. Although Bitcoin networks have exhibited high efficiency in the financial transaction systems, their payment transactions are vulnerable to several ransomware attacks. For that reason, investigators have been working on developing ransomware payment identification techniques for bitcoin transactions’ networks to prevent such harmful cyberattacks. In this paper, we propose a high performance Bitcoin transaction predictive system that investigates the Bitcoin payment transactions to learn data patterns that can recognize and classify ransomware payments for heterogeneous bitcoin networks. Specifically, our system makes use of two supervised machine learning methods to learn the distinguishing patterns in Bitcoin payment transactions, namely, shallow neural networks (SNN) and optimizable decision trees (ODT). To validate the effectiveness of our solution approach, we evaluate our machine learning based predictive models on a recent Bitcoin transactions dataset in terms of classification accuracy as a key performance indicator and other key evaluation metrics such as the confusion matrix, positive predictive value, true positive rate, and the corresponding prediction errors. As a result, our superlative experimental result was registered to the model-based decision trees scoring 99.9% and 99.4% classification detection (two-class classifier) and accuracy (multiclass classifier), respectively. Hence, the obtained model accuracy results are superior as they surpassed many state-of-the-art models developed to identify ransomware payments in bitcoin transactions.
Blockchain constructs a distributed point-to-point system, which is a secure and verifiable mechanism for decentralized transaction validation and is widely used in financial economy, Internet of Things, large data, cloud computing, and edge computing. On the other hand, artificial intelligence technology is gradually promoting the intelligent development of various industries. As two promising technologies today, there is a natural advantage in the convergence between blockchain and artificial intelligence technologies. Blockchain makes artificial intelligence more autonomous and credible, and artificial intelligence can prompt blockchain toward intelligence. In this paper, we analyze the combination of blockchain and artificial intelligence from a more comprehensive and three-dimensional point of view. We first introduce the background of artificial intelligence and the concept, characteristics, and key technologies of blockchain and subsequently analyze the feasibility of combining blockchain with artificial intelligence. Next, we summarize the research work on the convergence of blockchain and artificial intelligence in home and overseas within this category. After that, we list some related application scenarios about the convergence of both technologies and also point out existing problems and challenges. Finally, we discuss the future work.
In this paper, we present different implementations of point multiplication over Curve448. Curve448 has recently been recommended by NIST to provide 224-bit security over elliptic curve cryptography. Although implementing high-security cryptosystems should be considered due to recent improvements in cryptanalysis, hardware implementation of Curve488 has been investigated in a few studies. Hence, in this study, we propose three variable-base-point FPGA-based Curve448 implementations, i.e., lightweight, area-time efficient, and high-performance architectures, which aim to be used for different applications. Synthesized on a Xilinx Zynq 7020 FPGA, our proposed high-performance design increases 12% throughput with executing 1,219 point multiplication per second and increases 40% efficiency in terms of required clock cycles×utilized area compared to the best previous work. Furthermore, the proposed lightweight architecture works in 250 MHz and saves 96% of resources with the same performance. Additionally, our area-time efficient design considers a trade-off between time and required resources, which shows a 48% efficiency improvement with 52% fewer resources. Finally, effective side-channel countermeasures are added to our proposed designs, which also outperform previous works.
Ransomware is a relatively new type of intrusion attack, and is made with the objective of extorting a ransom from its victim. There are several types of ransomware attacks, but the present paper focuses only upon the crypto-ransomware, because it makes data unrecoverable once the victim’s files have been encrypted. Therefore, in this research, it was proposed that machine learning is used to detect crypto-ransomware before it starts its encryption function, or at the pre-encryption stage. Successful detection at this stage is crucial to enable the attack to be stopped from achieving its objective. Once the victim was aware of the presence of crypto-ransomware, valuable data and files can be backed up to another location, and then an attempt can be made to clean the ransomware with minimum risk. Therefore we proposed a pre-encryption detection algorithm (PEDA) that consisted of two phases. In, PEDA-Phase-I, a Windows application programming interface (API) generated by a suspicious program would be captured and analyzed using the learning algorithm (LA). The LA can determine whether the suspicious program was a crypto-ransomware or not, through API pattern recognition. This approach was used to ensure the most comprehensive detection of both known and unknown crypto-ransomware, but it may have a high false positive rate (FPR). If the prediction was a crypto-ransomware, PEDA would generate a signature of the suspicious program, and store it in the signature repository, which was in Phase-II. In PEDA-Phase-II, the signature repository allows the detection of crypto-ransomware at a much earlier stage, which was at the pre-execution stage through the signature matching method. This method can only detect known crypto-ransomware, and although very rigid, it was accurate and fast. The two phases in PEDA formed two layers of early detection for crypto-ransomware to ensure zero files lost to the user. However in this research, we focused upon Phase-I, which was the LA. Based on our results, the LA had the lowest FPR of 1.56% compared to Naive Bayes (NB), Random Forest (RF), Ensemble (NB and RF) and EldeRan (a machine learning approach to analyze and classify ransomware). Low FPR indicates that LA has a low probability of predicting goodware wrongly.
In the recent gears applications such as personal health care are broadly made use by the diseased individuals for preserving and organizing their medical information over a private, secure and trustful computing. They make use of the service providers as third party environment for interchanging the medical records of the diseased individuals. The cloud computing permits effective management and circulation of private and personal medical related records which always faces challenges in terms of various safety associated characteristics like discovery and existence of vulnerable medical data by the illegal users. To provide safety and confidentiality it is mandatory to accomplish the data before contracting out and only the authorised users are allowed to make use of the data. Hiding the information of the users are important during gaining access to the data present over the network. Moreover for reducing the setbacks in safeguarding the key of the data containers the personal health records are classified into several associated fields. For wrapping the information of the user’s unsigned verification based on the element based encoding (EBE) is employed and fine grained data access control based on the advanced encryption scheme are tailored. The comprehension provides an advanced level of security and confidentiality for the personal health records. The scheme permits autonomous alterations of the admission policies or file entities along with the autonomous user cessation. Additional analyses and evaluations reveals that the designed scheme is effective in terms of safety and secrecy.
Ransomware is a type of advanced malware that has spread rapidly in recent years, causing significant financial losses for a wide range of victims including organizations, healthcare facilities, and individuals. Modern host-based detection methods require the host to be infected first in order to identify anomalies and detect the malware. By the time of infection, it can be too late as some of the system’s assets would have been already exfiltrated or encrypted by the malware. Conversely, network-based methods can be effective in detecting ransomware attacks, as most ransomware families try to connect to command and control servers before their harmful payloads are executed. Therefore, a careful analysis of ransomware network traffic can be one of the key means for early detection. This paper demonstrates a comprehensive behavioral analysis of crypto ransomware network activities, taking Locky, one of the most serious families, as a case study. A dedicated testbed was built, and a set of valuable and informative network features were extracted and classified into multiple types. A network-based intrusion detection system was implemented, employing two independent classifiers working in parallel on different levels: packet and flow levels. Experimental evaluation of the proposed detection system demonstrates that it offers high detection accuracy, low false positive rate, valid extracted features, and is highly effective in tracking ransomware network activities.
The Blockchain technology has recently attracted increasing
interests worldwide because of its potential to disrupt
existing businesses and to revolutionize the way applications will
be built, operated, consumed and marketed in the near future.
While this technology was initially designed as an immutable
and distributed ledger for preventing the double spending of
cryptocurrencies, it is now foreseen as the core backbone of enterprises
by enabling the interoperability and collaboration between
organizations. In this context, consortium blockchains emerged
as an interesting architecture concept that benefits from the
transactions’ efficiency and privacy of private blockchains, while
leveraging the decentralized governance of public blockchains.
Although many studies have been made on the blockchain
technology in general, the concept of consortium blockchains has
been very little addressed in the literature. To bridge this gap, this
article provides a detailed analysis of consortium blockchains,
in terms of architectures, technological components and applications.
In particular, the underlying consensus algorithms are
analyzed in details, and a general taxonomy is discussed. Then,
a practical case study that focuses on the consortium blockchain
technology Ethermint is performed in order to highlight its main
advantages and limitations. Finally, various research challenges
and opportunities are discussed.
Bitcoin has enjoyed wider adoption than any previous cryptocurrency; yet its success has also attracted the attention of fraudsters who have taken advantage of operational insecurity and transaction irreversibility. We study the risk that investors face from the closure of Bitcoin exchanges, which convert between Bitcoins and hard currency. We examine the track record of 80 Bitcoin exchanges established between 2010 and 2015. We find that nearly half (38) have since closed, with customer account balances sometimes wiped out. Fraudsters are sometimes to blame, but not always. Twenty-five exchanges suffered security breaches, 15 of which subsequently closed. We present logistic regressions using longitudinal data on Bitcoin exchanges aggregated quarterly. We find that experiencing a breach is correlated with a 13 times greater odds that an exchange will close in that same quarter. We find that higher-volume exchanges are less likely to close (each doubling in trade volume corresponds to a 12% decrease in the odds of closure). We also find that exchanges that derive most of their business from trading less popular (fiat) currencies, which are offered by at most one competitor, are less likely to close.
We investigate how distributed denial-of-service (DDoS) attacks and other disruptions affect the Bitcoin ecosystem. In particular, we investigate the impact of shocks on trading activity at the leading Mt. Gox exchange between April 2011 and November 2013. We find that following DDoS attacks on Mt. Gox, the number of large trades on the exchange fell sharply. In particular, the distribution of the daily trading volume becomes less skewed (fewer big trades) and had smaller kurtosis on days following DDoS attacks. The results are robust to alternative specifications, as well as to restricting the data to activity prior to March 2013, i.e., the period before the first large appreciation in the price of and attention paid to Bitcoin.
We present the first measurement study of JoinMarket, a growing marketplace for more anonymous transfers in the Bitcoin ecosystem. Our study reveals that this market is funded with multiple thousand bitcoins and generated a turnover of almost 29.5 million USD over the course of 13 months. Assessing the resilience of the market against a well-funded attacker, we discover that in a typical scenario, a selective attack with a 90% success rate requires an investment of 14 000–54 000 USD (which is recoverable after the attack). We present economic arguments to explain the existence of this novel market for anonymity and underpin the hypothesis of heterogeneous time preference with empirical data.
Key words: economics of privacy; measurement; anonymity; Bitcoin; CoinJoin
Bitcoin, a decentralized cryptographic currency that has experienced proliferating popularity over the past few years, is the common denominator in a wide variety of cybercrime. We perform a measurement analysis of CryptoLocker, a family of ransomware that encrypts a victim's files until a ransom is paid, within the Bitcoin ecosystem from September 5, 2013 through January 31, 2014. Using information collected from online fora, such as reddit and BitcoinTalk, as an initial starting point, we generate a cluster of 968 Bitcoin addresses belonging to CryptoLocker. We provide a lower bound for CryptoLocker's economy in Bitcoin and identify 795 ransom payments totalling 1,128.40 BTC (1.1 million at peak valuation. By analyzing ransom payment timestamps both longitudinally across CryptoLocker's operating period and transversely across times of day, we detect changes in distributions and form conjectures on CryptoLocker that corroborate information from previous efforts. Additionally, we construct a network topology to detail CryptoLocker's financial infrastructure and obtain auxiliary information on the CryptoLocker operation. Most notably, we find evidence that suggests connections to popular Bitcoin services, such as Bitcoin Fog and BTC-e, and subtle links to other cybercrimes surrounding Bitcoin, such as the Sheep Marketplace scam of 2013. We use our study to underscore the value of measurement analyses and threat intelligence in understanding the erratic cybercrime landscape.
Quantum computers are expected to break modern public key cryptography owing to Shor’s algorithm. As a result, these cryptosystems need to be replaced by quantum-resistant algorithms, also known as post-quantum cryptography (PQC) algorithms. The PQC research field has flourished over the past two decades, leading to the creation of a large variety of algorithms that are expected to be resistant to quantum attacks. These PQC algorithms are being selected and standardized by several standardization bodies. However, even with the guidance from these important efforts, the danger is not gone: there are billions of old and new devices that need to transition to the PQC suite of algorithms, leading to a multidecade transition process that has to account for aspects such as security, algorithm performance, ease of secure implementation, compliance and more. Here we present an organizational perspective of the PQC transition. We discuss transition timelines, leading strategies to protect systems against quantum attacks, and approaches for combining pre-quantum cryptography with PQC to minimize transition risks. We suggest standards to start experimenting with now and provide a series of other recommendations to allow organizations to achieve a smooth and timely PQC transition. Standards and recommendations for transitioning organizations to quantum-secure cryptographic protocols are outlined, including a discussion of transition timelines and the leading strategies to protect systems against quantum attacks.
Bitcoin has attracted a lot of attentions from both researchers and investors since it was first proposed in 2008. One of the key characteristics of Bitcoin is anonymity, which makes the Bitcoin market unregulated and a large number of criminal and illicit activities are associated with bitcoin transactions. Therefore, it’s necessary to identify the illicit addresses in the Bitcoin network for safeguarding financial systems and protecting user’s assets. To identify the illicit addresses in the Bitcoin network, first, we collect a large dataset of illicit addresses. The illicit addresses come mainly from some specific websites, public forums, and research papers. Second, we make a careful design of the features of illicit addresses. The features include basic features that refer to the related papers and the novel proposed features (topological features and temporal features). Third, we apply various machine learning algorithms (RF, SVM, XGB, ANN) to evaluate our features, which indicates that the proposed features are discriminating and robust. Besides, the paper discusses the class imbalance problem and achieves a better enhancement when using the cost-sensitive approach. Moreover, the paper proposes a model that incorporates LSTM into auto-encoder to generate temporal features. Results show that the generated features are helpful for the illicit addresses identification. Finally, the dataset and code are released in Github.
The guaranteed loan is a debt obligation promise that if one corporation gets trapped in risks, its guarantors will back the loan. When more and more companies involve, they subsequently form complex networks. Detecting and predicting risk guarantee in these networked-loans is important for the loan issuer. Therefore, in this paper, we propose a dynamic graph-based attention neural network for risk guarantee relationship prediction (DGANN). In particular, each guarantee is represented as an edge in dynamic loan networks, while companies are denoted as nodes. We present an attention-based graph neural network to encode the edges that preserve the financial status as well as network structures. The experimental result shows that DGANN could significantly improve the risk prediction accuracy in both the precision and recall compared with state-of-the-art baselines. We also conduct empirical studies to uncover the risk guarantee patterns from the learned attentional network features. The result provides an alternative way for loan risk management, which may inspire more work in the future.
In spite of the increasing popularity of Ethereum, market analysis of the corresponding cryptocurrencies Ether is relatively unexplored until now. This paper is devoted to filling in the research gap of Ether market analysis, the purpose being to provide useful insights on Ether investment. In particular, we first employ the detrended fluctuation analysis and the asymmetric multifractal detrended fluctuation analysis to investigate the properties of long-range dependence, multifractality, and its asymmetry. After that, we study the causality between returns and volume of Ether to find how the activity of investors influences returns based on a nonparametric causality-in-quantiles test. Besides, by making a comparison with the Bitcoin market, we further uncover some unique properties of the Ether market.
Industry's dreams and fears for this new technology.
Ransomware is a malware category that exploits security mechanisms such as cryptography in order to hijack user files and related resources and demands money in exchange for the locked data. Therefore, ransomware has become a lucrative business that has gained increasing popularity among attackers. Unlike traditional malware, even after removal, ransomware's effect is irreversible and difficult to mitigate without the help of its creator. In addition to the downtime costs and the money that individuals and business entities could pay as a ransom, those victims could incur other damage such as loss of data, reputation, and life. To date, several studies have been conducted to address this unique, challenging threat and have tried to provide detection and prevention solutions. However, there is a lack of survey articles that explore the research endeavors in ransomware and highlight the challenges and issues faced by existing solutions. This survey fills the gap and provides a holistic state-of-the-art review of the research on ransomware and its detection and prevention techniques. The survey puts forward a novel ransomware taxonomy, from several perspectives. It then elaborates on the factors that lead to a successful ransomware attacks before discussing in detail the research into counteracting ransomware, including analysis, prevention, detection and prediction solutions. The survey concludes with a brief discussion on the open issues and potential research directions in the near future.
Bitcoin is a popular "cryptocurrency" that records all transactions in an distributed append-only public ledger called "blockchain". The security of Bitcoin heavily relies on the incentive-compatible distributed consensus protocol which is run by participants called "miners". In exchange of the incentive, the miners are expected to honestly maintain the blockchain. Since its launch in 2009, Bitcoin economy has grown at an enormous rate is now worth about 40 billions of dollars. This exponential growth in the market value of Bitcoin motivates adversaries to exploit weaknesses for profit, and researchers to identify vulnerabilities in the system, propose countermeasures, and predict upcoming trends. In this paper, we present a systematic survey on security and privacy aspects of Bitcoin. We start by presenting an overview of the Bitcoin protocol and discuss its major components with their functionality and interactions. We review the existing vulnerabilities in Bitcoin which leads to the execution of various security threats in Bitcoin system. We discuss the feasibility and robustness of the state-of-the-art security solutions. We present privacy and anonymity considerations, and discuss the threats to enabling user privacy along with the analysis of existing privacy preserving solutions. Finally, we summarize the critical open challenges, and suggest directions for future research towards provisioning stringent security and privacy techniques for Bitcoin.
Bitcoin is quickly emerging as a popular digital payment system. However, in spite of its reliance on pseudonyms, Bitcoin raises a number of privacy concerns due to the fact that all of the transactions that take place are publicly announced in the system. In this paper, we investigate the privacy provisions in Bitcoin when it is used as a primary currency to support the daily transactions of individuals in a university setting. More specifically, we evaluate the privacy that is provided by Bitcoin (i) by analyzing the genuine Bitcoin system and (ii) through a simulator that faithfully mimics the use of Bitcoin within a university. In this setting, our results show that the profiles of almost 40% of the users can be, to a large extent, recovered even when users adopt privacy measures recommended by Bitcoin. To the best of our knowledge, this is the first work that comprehensively analyzes, and evaluates the privacy implications of Bitcoin.
Due to the strength of bitcoin including the convenient payment and transfer, exchange into legal tender, low transfer fee, and others, its usage is increasing dramatically. Bitcoin is an e-money and virtual currency currently used as a means of payment in about 20,000 online companies and 1,000 offline stores as of Feb. 2014. Different from previous e-money, there is no issuing institution and it has trait of no regulation by countries or companies. However, as there is an increase in value of bitcoin followed by Cyprus financial crisis in past March, issues regarding the security breach on the rise. Since the exchange between legal tender and virtual currency is free in case of bitcoin, direct damage caused by security breach is very large. Also, as there is no governing institution, the user is responsible for all loss in case of damage occurrence. Therefore, the purpose of this study is to look into transaction method and security breach trend of bitcoin and its countermeasures.
Ethereum Fraud Detection Dataset
- Aliyev
BitcoinHeist: Topological Data Analysis for Ransomware Detection on the Bitcoin Blockchain
- C G Akcora
- Y Li
- Y R Gel
- M Kantarcioglu
The analysis and countermeasures on security breach of bitcoin
- I.-K Lim
- Y.-H Kim
- J.-G Lee
- J.-P Lee
- H Nam-Gung
- J.-K Lee
Multidisciplinary approaches and challenges in integrating emerging medical devices security research and education
- M Kermani
- R Azarderakhsh
- M Mirakhorli
Algorithmic security is insufficient: A comprehensive survey on implementation attacks haunting post-quantum security
- A C Canto
- J Kaur
- M M Kermani
- R Azarderakhsh
Algorithmic security is insufficient: A comprehensive survey on implementation attacks haunting post-quantum security
- Canto