Disrupting Ransomware Actors on the Bitcoin Blockchain: A Graph Embedding Approach

Benjamin Ampel; Kaeli Otto; Sagar Samtani; Hsinchun Chen

doi:10.1109/ISI58743.2023.10297290

Disrupting Ransomware Actors on the Bitcoin Blockchain: A Graph Embedding Approach

Benjamin Ampel, Kaeli Otto, Sagar Samtani, Hsinchun Chen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Scopus citations

Abstract

Ransomware is a growing problem and significant threat to cybersecurity in the United States. One primary vector for ransomware payments is the Bitcoin network. Network science techniques are a potential approach to analyze ransomware payment networks to discover salient ransomware actors. In this study, we propose a design framework for labeling nodes in a ransomware payment network and identifying key ransomware Bitcoin addresses that can be targeted for disruption. By leveraging semi-supervised graph embedding methodology and updating the loss function of a prevailing algorithm, GraphSAGE, to manage dataset imbalance, we identify key wallets in our ransomware network. We demonstrate the utility of our approach with a case study identifying a Bitcoin wallet that has been reported as a ransomware actor as recently as December 2021 and has transferred over $450 million in Bitcoin.

Original language	English (US)
Title of host publication	Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9798350337730
DOIs	https://doi.org/10.1109/ISI58743.2023.10297290
State	Published - 2023
Event	20th IEEE International Conference on Intelligence and Security Informatics, ISI 2023 - Charlotte, United States Duration: Oct 2 2023 → Oct 3 2023

Publication series

Name	Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023

Conference

Conference	20th IEEE International Conference on Intelligence and Security Informatics, ISI 2023
Country/Territory	United States
City	Charlotte
Period	10/2/23 → 10/3/23

Keywords

Bitcoin
Ransomware
blockchain
graph embedding
node labeling
semi-supervised
weighted cross entropy loss

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Computer Science Applications
Information Systems
Safety, Risk, Reliability and Quality

Access to Document

10.1109/ISI58743.2023.10297290

Cite this

Ampel, B., Otto, K., Samtani, S., & Chen, H. (2023). Disrupting Ransomware Actors on the Bitcoin Blockchain: A Graph Embedding Approach. In Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023 (Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISI58743.2023.10297290

Disrupting Ransomware Actors on the Bitcoin Blockchain: A Graph Embedding Approach. / Ampel, Benjamin; Otto, Kaeli; Samtani, Sagar et al.
Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023. Institute of Electrical and Electronics Engineers Inc., 2023. (Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ampel, B, Otto, K, Samtani, S & Chen, H 2023, Disrupting Ransomware Actors on the Bitcoin Blockchain: A Graph Embedding Approach. in Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023. Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023, Institute of Electrical and Electronics Engineers Inc., 20th IEEE International Conference on Intelligence and Security Informatics, ISI 2023, Charlotte, United States, 10/2/23. https://doi.org/10.1109/ISI58743.2023.10297290

Ampel B, Otto K, Samtani S, Chen H. Disrupting Ransomware Actors on the Bitcoin Blockchain: A Graph Embedding Approach. In Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023. Institute of Electrical and Electronics Engineers Inc. 2023. (Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023). doi: 10.1109/ISI58743.2023.10297290

Ampel, Benjamin ; Otto, Kaeli ; Samtani, Sagar et al. / Disrupting Ransomware Actors on the Bitcoin Blockchain : A Graph Embedding Approach. Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023. Institute of Electrical and Electronics Engineers Inc., 2023. (Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023).

@inproceedings{228afe3ea4834995b20ab4d89190e236,

title = "Disrupting Ransomware Actors on the Bitcoin Blockchain: A Graph Embedding Approach",

abstract = "Ransomware is a growing problem and significant threat to cybersecurity in the United States. One primary vector for ransomware payments is the Bitcoin network. Network science techniques are a potential approach to analyze ransomware payment networks to discover salient ransomware actors. In this study, we propose a design framework for labeling nodes in a ransomware payment network and identifying key ransomware Bitcoin addresses that can be targeted for disruption. By leveraging semi-supervised graph embedding methodology and updating the loss function of a prevailing algorithm, GraphSAGE, to manage dataset imbalance, we identify key wallets in our ransomware network. We demonstrate the utility of our approach with a case study identifying a Bitcoin wallet that has been reported as a ransomware actor as recently as December 2021 and has transferred over $450 million in Bitcoin.",

keywords = "Bitcoin, Ransomware, blockchain, graph embedding, node labeling, semi-supervised, weighted cross entropy loss",

author = "Benjamin Ampel and Kaeli Otto and Sagar Samtani and Hsinchun Chen",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 20th IEEE International Conference on Intelligence and Security Informatics, ISI 2023 ; Conference date: 02-10-2023 Through 03-10-2023",

year = "2023",

doi = "10.1109/ISI58743.2023.10297290",

language = "English (US)",

series = "Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023",

}

TY - GEN

T1 - Disrupting Ransomware Actors on the Bitcoin Blockchain

T2 - 20th IEEE International Conference on Intelligence and Security Informatics, ISI 2023

AU - Ampel, Benjamin

AU - Otto, Kaeli

AU - Samtani, Sagar

AU - Chen, Hsinchun

PY - 2023

Y1 - 2023

N2 - Ransomware is a growing problem and significant threat to cybersecurity in the United States. One primary vector for ransomware payments is the Bitcoin network. Network science techniques are a potential approach to analyze ransomware payment networks to discover salient ransomware actors. In this study, we propose a design framework for labeling nodes in a ransomware payment network and identifying key ransomware Bitcoin addresses that can be targeted for disruption. By leveraging semi-supervised graph embedding methodology and updating the loss function of a prevailing algorithm, GraphSAGE, to manage dataset imbalance, we identify key wallets in our ransomware network. We demonstrate the utility of our approach with a case study identifying a Bitcoin wallet that has been reported as a ransomware actor as recently as December 2021 and has transferred over $450 million in Bitcoin.

AB - Ransomware is a growing problem and significant threat to cybersecurity in the United States. One primary vector for ransomware payments is the Bitcoin network. Network science techniques are a potential approach to analyze ransomware payment networks to discover salient ransomware actors. In this study, we propose a design framework for labeling nodes in a ransomware payment network and identifying key ransomware Bitcoin addresses that can be targeted for disruption. By leveraging semi-supervised graph embedding methodology and updating the loss function of a prevailing algorithm, GraphSAGE, to manage dataset imbalance, we identify key wallets in our ransomware network. We demonstrate the utility of our approach with a case study identifying a Bitcoin wallet that has been reported as a ransomware actor as recently as December 2021 and has transferred over $450 million in Bitcoin.

KW - Bitcoin

KW - Ransomware

KW - blockchain

KW - graph embedding

KW - node labeling

KW - semi-supervised

KW - weighted cross entropy loss

UR - http://www.scopus.com/inward/record.url?scp=85178553922&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85178553922&partnerID=8YFLogxK

U2 - 10.1109/ISI58743.2023.10297290

DO - 10.1109/ISI58743.2023.10297290

M3 - Conference contribution

AN - SCOPUS:85178553922

T3 - Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023

BT - Proceedings - 2023 IEEE International Conference on Intelligence and Security Informatics, ISI 2023

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 2 October 2023 through 3 October 2023

ER -

Disrupting Ransomware Actors on the Bitcoin Blockchain: A Graph Embedding Approach

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this