Open Access Open Access  Restricted Access Subscription Access

The BitcoinHeist: Classifications of Ransomware Crime Families


Affiliations
1 Marymount University, VA, United States
 

Ransomware attacks are on the rise and attackers are hijacking valuable information from different critical infrastructures and businesses requiring ransom payments to release the encrypted files. Payments in cryptocurrencies are designed to evade tracing the transactions and the recipients. With anonymity being paramount, tracing cryptocurrencies payments due to malicious activity and criminal transactions is a complicated process. Therefore, the need to identify these transactions and label them is crucial to categorize them as legitimate digital currency trade and exchange or malicious activity operations. Machine learning techniques are utilized to train the machine to recognize specific transactions and trace them back to malicious transactions or benign ones. I propose to work on the Bitcoin Heist data set to classify the different malicious transactions. The different transactions features are analyzed to predict a classifier label among the classifiers that have been identified as ransomware or associated with malicious activity. I use decision tree classifiers and ensemble learning to implement a random forest classifier. Results are assessed to evaluate accuracy, precision, and recall. I limit the study design to known ransomware identified previously and made available under the Bitcoin transaction graph from January 2009 to December 2018.

Keywords

Ransomware, Classification, Decision Tree, Random Forest, Ensemble Learning, Bitcoin, Blockchain, BitcoinHeist, Machine Learning.
User
Notifications
Font Size

  • Nakamoto, S., (2008) “Bitcoin: A Peer-to-Peer Electronic Cash System”, http:// bitcoin.org/bitcoin.pdf
  • Soska, K. & Christin, N ., (2015) “Measuring the longitudinal evolution of the online anonymous marketplace ecosystem”, in 24th{USENIX} Security Symposium ({USENIX}Security 15), 33–48.
  • Elliptic.co, (2019) ” Bitcoin Money Laundering: How Criminals Use Crypto” (elliptic.co)
  • Fbi.gov, (2014) Dozens of Online „Dark Markets‟ Seized Pursuant to Forfeiture Complaint Filed in Manhattan Federal Court in Conjunction with the Arrest of the Operator of Silk Road 2.0, https://www.fbi.gov/contact-us/field-offices/newyork/news/press-releases/dozens-of-online-darkmarketsseized-pursuant-to-forfeiture-complaint-filed-in-manhattan-federal-court-in-conjunctionwiththe-arrest-of-the-operator-of-silk-road-2.0
  • Cisa.gov, (2020) Ransomware Activity Targeting the Healthcare and Public Health Sector | CISA
  • Smith, M., (2016) “Another huge bitcoin heist: Bitcoin worth $72 million stolen from bitfinex”, Network World (Online)
  • U.S. Department of The Treasury, (2018) Cyber Activity and for the First Time Identifies Associated Digital Currency Addresses, https://home.treasury.gov/news/press-releases/sm556
  • Akcora, C., Li, Y., Gel, Y., & Kantarcioglu, M., (2019) “BitcoinHeist: Topological Data Analysis for Ransomware Detection on the Bitcoin Blockchain”, https://arxiv.org/abs/1906.07852
  • Goldsmith, D., Grauer, K. & Shmalo, Y., (2019) “Analyzing Hack Subnetworks in the Bitcoin Transaction Graph”, arXiv:1910.13415v1 [physics.soc-ph]
  • Rivera-Castro, R., Moustafa, S., Pilyugina, P., & Burnaev, E., (2020) “Topologically-based Variational Autoencoder for Time Series Classification” (latinxinai.org)
  • Bitcoin.org, (n.d.) https://bitcoin.org/en/vocabulary#bitcoin
  • Paquet-Clouston, M., Haslhofer, B., Dupont, B., (2018) “Ransomware payments in the bitcoin ecosystem”, arXiv preprint arXiv:1804.04080
  • Conti, M., Gangwal, A., Ruj, S., (2018) “On the economic significance of ransomware campaigns: A bitcoin transactions perspective”, Computers & Security
  • Huang, D., McCoy, D., Aliapoulios, M., Li, V., Invernizzi, L., Bursztein, E., McRoberts, K., Levin, J., Levchenko, K., Snoeren, A., (2018) “Tracking ransomware end-to-end”, IEEE, pp. 1–12.
  • Ho, T., (1995) “Random Decision Forests”, in the Third International Conference 1995 on Document Analysis and Recognition (Volume 1) - (acm.org).

Abstract Views: 373

PDF Views: 232




  • The BitcoinHeist: Classifications of Ransomware Crime Families

Abstract Views: 373  |  PDF Views: 232

Authors

Micheline Al Harrac
Marymount University, VA, United States

Abstract


Ransomware attacks are on the rise and attackers are hijacking valuable information from different critical infrastructures and businesses requiring ransom payments to release the encrypted files. Payments in cryptocurrencies are designed to evade tracing the transactions and the recipients. With anonymity being paramount, tracing cryptocurrencies payments due to malicious activity and criminal transactions is a complicated process. Therefore, the need to identify these transactions and label them is crucial to categorize them as legitimate digital currency trade and exchange or malicious activity operations. Machine learning techniques are utilized to train the machine to recognize specific transactions and trace them back to malicious transactions or benign ones. I propose to work on the Bitcoin Heist data set to classify the different malicious transactions. The different transactions features are analyzed to predict a classifier label among the classifiers that have been identified as ransomware or associated with malicious activity. I use decision tree classifiers and ensemble learning to implement a random forest classifier. Results are assessed to evaluate accuracy, precision, and recall. I limit the study design to known ransomware identified previously and made available under the Bitcoin transaction graph from January 2009 to December 2018.

Keywords


Ransomware, Classification, Decision Tree, Random Forest, Ensemble Learning, Bitcoin, Blockchain, BitcoinHeist, Machine Learning.

References