ChainTrail is a research project that exposes a data analytics platform utilizing smart contract identifiers in order to extract and analyze information about Blockchain applications. The Blockchain Research Group (BRG) created a startup from ChainTrail, and has used it for a number of application areas to investigate cybercrimes.
Blockchains enable a decentralized mechanism for recording non-repudiable transactions so that no single entity has control of the data. This is achieved using a distributed consensus algorithm that results in immutable data, making it impossible for data to be tampered with once written. Bitcoin, the first cryptocurrency, has recorded more than half a billion transactions to date. More sophisticated Blockchains, such as Ethereum, have networks of Ethereum Virtual Machine (EVM) nodes, with transactions being specified through the use of Solidity smart contracts that define a data and logic interface to the underlying ledger. Ethereum has processed 650 million transactions with an average daily transaction count of 350,000 rising to more than 1 million daily since June 2019. Along with this impressive technological uptake come problems, such as the illicit activity of Blockchain assets including Money Laundering (ML) and Terrorism Financing (TF) activities.
Since 2018, the BRG has been working in collaboration with the Cybercrime Investigation, Research, and Education Initiative (CIRE), which is a partnership between the University of Notre Dame’s Center for Research Computing, the St. Joseph County Prosecutor’s Office Cyber Crimes Unit, and the Computer and Digital Technologies program at Notre Dame’s College of Arts and Letters.
CIRE has two full-time law enforcement officers and 10 (soon 20) Notre Dame student interns who are sworn investigators working on digital forensics analysis for real criminal cases. The students help with 75% of the criminal cases in the county and help with cases from other states. Recently CIRE has started a partnership with the FBI Indiana Field Office. This partnership allows CIRE to take advantage of considerable resources of the FBI to enhance our investigative, research, and educational goals both in Northern Indiana and nationally. The ultimate goal of this new partnership is to establish a Cybercrime and Cybersecurity Center of Excellence at Notre Dame. On the research side, CIRE currently have seven professors with expertise in Blockchain, cybercrime, digital forensics, and cryptocurrency analysis, three research staff, and access to 20 developers, 10 data scientists, and 15 cloud and advanced computing engineers working full time in the CRC.
Since 2018, the BRG has driven an internal research project named ChainTrail, where much experience on Blockchain analysis has been gained. ChainTrail has developed tools and environments for importing Blockchain data, extracting semantic metadata, and integrating data analytics tools that are capable of offering analytical insights into business and accounts that transact on public and private blockchain networks.
The group has developed an algorithm that can perform blockchain crawling to cache and index its contents into a hybrid data analytics database. Following the data crawling and ingestion process, BRG developed several proof of concepts that showcase the utilization of analytics and machine learning methods to blockchain data. A selection of the statistical and transactional processing, including using machine learning algorithms for the automated detection of nefarious activity from Ethereum accounts, was published in the ICTC conference. In this work, the team used clustering algorithms to detect accounts that display outlier behavior among millions of transactions. In combination with account labels acquired from public Web sources, it was confirm that the detected outliers correspond to well-known cryptocurrency players, like exchanges, popular collectible tokens or gambling services. In another case, the team created a labeled dataset using open Web information annotating fraudulent activity in each account. Using numerical features extracted from each account’s transaction history, the group trained a classifier to distinguish the ones likely to have been involved in fraud. The BRG achieved over 80% correct classification experimentally classifying fraudulent/non-fraudulent accounts. Lastly, BRG researchers attempted to gain insight into the relationships of suspicious accounts by developing an algorithm capable of querying multiple levels of interaction and visualizing those results as a graph. The team applied this approach to visualize the intermediary accounts that the 2018 Bancor exchange hacker used to hide the cryptocurrency asset flow, shown in Figure 1. This shows how the money was split into multiple accounts using smaller transactions to confuse and hide the flow.
A graph showing multiple levels of recursion of transactions to visualize the flow of Cryptocurrency assets. Dots represent accounts and connections represent transactions between accounts.
Among the several important insights learned from these experiments was the need for a data model that is more adequate to analyze interactions as a graph: even in our size-limited dataset, relational database approaches presented limitations, which led us to start experimenting with graph databases. Graph databases store relationships explicitly, as opposed to relational databases, where relationships are indirectly derived from the table definitions and data. More recently, the group has developed an OmniLayer crawling tool, which will allow us to extract information from Bitcoin Omni-based Tokens and ICOs.
Techniques and Applications for Crawling, Ingesting and Analyzing Blockchain Data, Brinckman, Evan; Kuehlkamp, Andrey; Nabrzyski, Jarek; Taylor, Ian J. Proceedings of the 2019 International Conference on Information and Communication Technology Convergence (ICTC), pages 717-722, 2019
Department of Defense
Blockchain applications in the Department of Defense (DoD) are in abundance, with massive supply chains, inventory controls, and other potential uses to improve efficiency and communication across the multitude of DoD entities. The group is currently working on two DoD projects, VIPART and the Craft TSS. Learn more here.
Need more information?
For more information on the Blockchain Research Group, please contact Ian Taylor.