BitConduite: Visualizing and Analyzing Activity on the Bitcoin Network

International audienceBitConduite is a system we are developing for the visual exploration of financial activity on the Bitcoin network. Bitcoin is the largest digital pseudo-currency worldwide and its study is of increasing interest and importance to economists, bankers, policymakers, and law enforcement authorities. All financial transactions in Bitcoin are available in an openly accessible online ledger—the (Bitcoin) blockchain. Yet, the open data does not lend itself easily to an analysis of how different individuals and institutions—or entities on the network—actually use Bitcoin. Our system BitConduite offers a data transformation back end that gives us an entity-based access to the blockchain data and a visualization front end that supports a novel high-level view on transactions over time. In particular, it facilitates the exploration of activity through filtering and clustering interactions. We are developing our system with experts in economics and will conduct a formal user study to assess our approach of Bitcoin activity analysis

Pattern Analysis of Money Flow in the Bitcoin Blockchain

Bitcoin is the first and highest valued cryptocurrency that stores transactions in a publicly distributed ledger called the blockchain. Understanding the activity and behavior of Bitcoin actors is a crucial research topic as they are pseudonymous in the transaction network. In this article, we propose a method based on taint analysis to extract taint flows --dynamic networks representing the sequence of Bitcoins transferred from an initial source to other actors until dissolution. Then, we apply graph embedding methods to characterize taint flows. We evaluate our embedding method with taint flows from top mining pools and show that it can classify mining pools with high accuracy. We also found that taint flows from the same period show high similarity. Our work proves that tracing the money flows can be a promising approach to classifying source actors and characterizing different money flow pattern

Exploring Blockchain Data Analysis and Its Communications Architecture: Achievements, Challenges, and Future Directions: A Review Article

Blockchain technology is relatively young but has the potential to disrupt several industries. Since the emergence of Bitcoin, also known as Blockchain 1.0, there has been significant interest in this technology. The introduction of Ethereum, or Blockchain 2.0, has expanded the types of data that can be stored on blockchain networks. The increasing popularity of blockchain technology has given rise to new challenges, such as user privacy and illicit financial activities, but has also facilitated technical advancements. Blockchain technology utilizes cryptographic hashes of user input to record transactions. The public availability of blockchain data presents a unique opportunity for academics to analyze it and gain a better understanding of the challenges in blockchain communications. Researchers have never had access to such an opportunity before. Therefore, it is crucial to highlight the research problems, accomplishments, and potential trends and challenges in blockchain network data analysis and communications. This article aims to examine and summarize the field of blockchain data analysis and communications. The review encompasses the fundamental data types, analytical techniques, architecture, and operations related to blockchain networks. Seven research challenges are addressed: entity recognition, privacy, risk analysis, network visualization, network structure, market impact, and transaction pattern recognition. The latter half of this section discusses future research directions, opportunities, and challenges based on previous research limitations

Visualizing Provenance In A Supply chain Using Ethereum Blockchain

Visualization is a widely used in different fields of studies such as supply chain management when there is a need to communicate information to general users. However, there are multiple limitations and problems with visualizing information within traditional systems. In traditional systems, data is in control of one single authority; so data is mutable and there is no guarantee that system administer does not change the data to achieve a desired result. Besides, such systems are not transparent and users do not have any access to the data flow. In this thesis, the main goal was to visualize information that has been saved on top of a new technology named blockchain to overcome the aforementioned problems. All the records in the system are saved on the blockchain and data is pulled out from blockchain to be used in visualization. To have a better insight, a review has been done on relevant studies about blockchain, supply chain and visualization. After identifying the gap in literature review, an architecture was proposed that was used in the implementation. The implementation contains, a system on top of ethereum blockchain and front-end which allows users to interact with the system. In the system, all the information about products and all the transactions that ever happened in the system, are recorded on the blockchain. Then, data was retrieved from the blockchain and used to visualize provenance of products on Google Map API. After implementing the system, the performance was evaluated to make sure that it can handle different situations where various number of clients sending request to the system simultaneously. The performance was as expected in which system responds longer when number of clients sending requests were growing. The proposed solution fill the gap that was identified in the literature review. By adding provenance visualization users can explore previous owners and locations of a product in a trustable manner. Future research can focus on analysis of data which will allow organizations to make informed decisions on choosing popular products to sell

Behavioral analysis in cybersecurity using machine learning: a study based on graph representation, class imbalance and temporal dissection

The main goal of this thesis is to improve behavioral cybersecurity analysis using machine learning, exploiting graph structures, temporal dissection, and addressing imbalance problems.This main objective is divided into four specific goals: OBJ1: To study the influence of the temporal resolution on highlighting micro-dynamics in the entity behavior classification problem. In real use cases, time-series information could be not enough for describing the entity behavior classification. For this reason, we plan to exploit graph structures for integrating both structured and unstructured data in a representation of entities and their relationships. In this way, it will be possible to appreciate not only the single temporal communication but the whole behavior of these entities. Nevertheless, entity behaviors evolve over time and therefore, a static graph may not be enoughto describe all these changes. For this reason, we propose to use a temporal dissection for creating temporal subgraphs and therefore, analyze the influence of the temporal resolution on the graph creation and the entity behaviors within. Furthermore, we propose to study how the temporal granularity should be used for highlighting network micro-dynamics and short-term behavioral changes which can be a hint of suspicious activities. OBJ2: To develop novel sampling methods that work with disconnected graphs for addressing imbalanced problems avoiding component topology changes. Graph imbalance problem is a very common and challenging task and traditional graph sampling techniques that work directly on these structures cannot be used without modifying the graph’s intrinsic information or introducing bias. Furthermore, existing techniques have shown to be limited when disconnected graphs are used. For this reason, novel resampling methods for balancing the number of nodes that can be directly applied over disconnected graphs, without altering component topologies, need to be introduced. In particular, we propose to take advantage of the existence of disconnected graphs to detect and replicate the most relevant graph components without changing their topology, while considering traditional data-level strategies for handling the entity behaviors within. OBJ3: To study the usefulness of the generative adversarial networks for addressing the class imbalance problem in cybersecurity applications. Although traditional data-level pre-processing techniques have shown to be effective for addressing class imbalance problems, they have also shown downside effects when highly variable datasets are used, as it happens in cybersecurity. For this reason, new techniques that can exploit the overall data distribution for learning highly variable behaviors should be investigated. In this sense, GANs have shown promising results in the image and video domain, however, their extension to tabular data is not trivial. For this reason, we propose to adapt GANs for working with cybersecurity data and exploit their ability in learning and reproducing the input distribution for addressing the class imbalance problem (as an oversampling technique). Furthermore, since it is not possible to find a unique GAN solution that works for every scenario, we propose to study several GAN architectures with several training configurations to detect which is the best option for a cybersecurity application. OBJ4: To analyze temporal data trends and performance drift for enhancing cyber threat analysis. Temporal dynamics and incoming new data can affect the quality of the predictions compromising the model reliability. This phenomenon makes models get outdated without noticing. In this sense, it is very important to be able to extract more insightful information from the application domain analyzing data trends, learning processes, and performance drifts over time. For this reason, we propose to develop a systematic approach for analyzing how the data quality and their amount affect the learning process. Moreover, in the contextof CTI, we propose to study the relations between temporal performance drifts and the input data distribution for detecting possible model limitations, enhancing cyber threat analysis.Programa de Doctorado en Ciencias y Tecnologías Industriales (RD 99/2011) Industria Zientzietako eta Teknologietako Doktoretza Programa (ED 99/2011