A Framework for Anomaly Detection in Blockchain Networks With Sketches

A blockchain is a distributed ledger composed of immutable blocks of data that often refer to money transfers. As blockchain networks gain popularity, there is a rising concern for security against malicious and hacking users. Detection anomalies and unusual account activities can be based on comparing upcoming activity with recent and historical data. However, the size and rapid growth of the complete blockchain history can result in slow and expensive processing. This paper proposes a solution to this challenge by analyzing summarized block data structures, known as sketches, instead of the entire blockchain. Sketches are commonly used in computer systems and blockchain networks to provide efficient query executions while maintaining a compact data representation. This study explores the use of sketches, such as Bloom Filter and HyperLogLog, to identify suspicious accounts without requiring the examination of the entire blockchain data. We design solutions for anomaly detection of certain goals that may be indications of known attacks. We develop methods to identify accounts with high transaction volume, frequency, and node degree. Furthermore, the innovation of this paper lies in the generalization of sketch-based anomaly detection through a generic solution capable of addressing diverse queries. We conduct experiments based on real Ethereum data and compare the accuracy, time complexity, and memory usage of our algorithms with traditional detection algorithms that rely on the complete blockchain data. Our results indicate that sketch-based anomaly detection methods can provide a practical and scalable solution for detecting anomalies in transactions on blockchain networks. We managed to reduce the amount of memory used by the detection process by 90%-96% and reduce the time complexity by 86% while maintaining high accuracy.