{"title":"基于动态图学习的以太坊细粒度和类增量恶意账户检测","authors":"Hanbiao Du;Meng Shen;Yang Liu;Zheng Che;Jinhe Wu;Wei Wang;Liehuang Zhu","doi":"10.1109/TIFS.2025.3612194","DOIUrl":null,"url":null,"abstract":"Ethereum serves as the cornerstone for value transfer in Web 3.0, providing a decentralized and efficient trust mechanism for global connectivity. However, the anonymity of Ethereum undermines market regulatory capabilities, leading to frequent malicious behaviors such as Ponzi Scheme, Money Laundering, and Phishing. Therefore, in the face of the diverse and continuously emerging malicious behaviors, implementing fine-grained detection is crucial for maintaining the prosperous development of the blockchain ecosystem. In this paper, we propose FiMAD, a fine-grained and class-incremental malicious account detection framework based on dynamic graph learning. Specifically, we first propose a general graph structure called Dynamic Account Relation Graph (DARG), which dynamically models Ethereum accounts from a continuous-time perspective. Then, we design a cascade graph feature extraction method to capture deep temporal evolution patterns and neighbor interaction features in DARG. Next, we construct a pre-training universal encoder to transform account features into high-dimensional embeddings, followed by fine-tuning the model classifier with a few labeled samples, enabling accurate fine-grained detection and rapid updates for incremental classes. We conduct extensive experiments using real Ethereum data. The results demonstrate that FiMAD outperforms state-of-the-art (SOTA) methods in fine-grained detection across five typical scenarios: class-incremental, full data, new malicious accounts, imbalanced data, and binary classification. In the class-incremental scenario, FiMAD improves the Macro-F1 by up to 26.4% compared to SOTA methods.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10130-10145"},"PeriodicalIF":8.0000,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Fine-Grained and Class-Incremental Malicious Account Detection in Ethereum via Dynamic Graph Learning\",\"authors\":\"Hanbiao Du;Meng Shen;Yang Liu;Zheng Che;Jinhe Wu;Wei Wang;Liehuang Zhu\",\"doi\":\"10.1109/TIFS.2025.3612194\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Ethereum serves as the cornerstone for value transfer in Web 3.0, providing a decentralized and efficient trust mechanism for global connectivity. However, the anonymity of Ethereum undermines market regulatory capabilities, leading to frequent malicious behaviors such as Ponzi Scheme, Money Laundering, and Phishing. Therefore, in the face of the diverse and continuously emerging malicious behaviors, implementing fine-grained detection is crucial for maintaining the prosperous development of the blockchain ecosystem. In this paper, we propose FiMAD, a fine-grained and class-incremental malicious account detection framework based on dynamic graph learning. Specifically, we first propose a general graph structure called Dynamic Account Relation Graph (DARG), which dynamically models Ethereum accounts from a continuous-time perspective. Then, we design a cascade graph feature extraction method to capture deep temporal evolution patterns and neighbor interaction features in DARG. Next, we construct a pre-training universal encoder to transform account features into high-dimensional embeddings, followed by fine-tuning the model classifier with a few labeled samples, enabling accurate fine-grained detection and rapid updates for incremental classes. We conduct extensive experiments using real Ethereum data. The results demonstrate that FiMAD outperforms state-of-the-art (SOTA) methods in fine-grained detection across five typical scenarios: class-incremental, full data, new malicious accounts, imbalanced data, and binary classification. In the class-incremental scenario, FiMAD improves the Macro-F1 by up to 26.4% compared to SOTA methods.\",\"PeriodicalId\":13492,\"journal\":{\"name\":\"IEEE Transactions on Information Forensics and Security\",\"volume\":\"20 \",\"pages\":\"10130-10145\"},\"PeriodicalIF\":8.0000,\"publicationDate\":\"2025-09-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Information Forensics and Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/11173689/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11173689/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
Fine-Grained and Class-Incremental Malicious Account Detection in Ethereum via Dynamic Graph Learning
Ethereum serves as the cornerstone for value transfer in Web 3.0, providing a decentralized and efficient trust mechanism for global connectivity. However, the anonymity of Ethereum undermines market regulatory capabilities, leading to frequent malicious behaviors such as Ponzi Scheme, Money Laundering, and Phishing. Therefore, in the face of the diverse and continuously emerging malicious behaviors, implementing fine-grained detection is crucial for maintaining the prosperous development of the blockchain ecosystem. In this paper, we propose FiMAD, a fine-grained and class-incremental malicious account detection framework based on dynamic graph learning. Specifically, we first propose a general graph structure called Dynamic Account Relation Graph (DARG), which dynamically models Ethereum accounts from a continuous-time perspective. Then, we design a cascade graph feature extraction method to capture deep temporal evolution patterns and neighbor interaction features in DARG. Next, we construct a pre-training universal encoder to transform account features into high-dimensional embeddings, followed by fine-tuning the model classifier with a few labeled samples, enabling accurate fine-grained detection and rapid updates for incremental classes. We conduct extensive experiments using real Ethereum data. The results demonstrate that FiMAD outperforms state-of-the-art (SOTA) methods in fine-grained detection across five typical scenarios: class-incremental, full data, new malicious accounts, imbalanced data, and binary classification. In the class-incremental scenario, FiMAD improves the Macro-F1 by up to 26.4% compared to SOTA methods.
期刊介绍:
The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features