Topological Data Analysis for Ransomware Detection on the Bitcoin Blockchain

Presented by Cuneyt Akcora as a part of the 2020 Serene-risc Workshop on The State of Canadian Cybersecurity Conference: Human-Centric Cybersecurity.

About the presentation

Proliferation of cryptocurrencies (e.g., Bitcoin) that allow pseudo-anonymous transactions, has made it easier for ransomware developers to demand ransom by encrypting sensitive user data. The recently revealed strikes of ransomware attacks have already resulted in significant economic losses and societal harm across different sectors, ranging from local governments to health care.

Most modern ransomware use Bitcoin for payments. However, although Bitcoin transactions are permanently recorded and publicly available, current approaches for detecting ransomware depend only on a couple of heuristics and/or tedious information gathering steps (e.g., running ransomware to collect ransomware related Bitcoin addresses). To our knowledge, none of the previous approaches have employed advanced data analytics techniques to automatically detect ransomware related transactions and malicious Bitcoin addresses. By capitalizing on the recent advances in topological data analysis, we propose an efficient and tractable data analytics framework to automatically detect new malicious addresses in a ransomware family, given only a limited records of previous transactions. Furthermore, our proposed techniques exhibit high utility to detect the emergence of new ransomware families, that is, ransomware with no previous records of transactions. Using the existing known ransomware data sets, we show that our proposed methodology provides significant improvements in precision and recall for ransomware transaction detection, compared to existing heuristic based approaches, and can be utilized to automate ransomware detection.

About the speaker

Cuneyt Gurcan Akcora is an Assistant Professor of Computer Science and Statistics at the University of Manitoba, Canada. Before that, he was a fellow in the Departments of Statistics and Computer Science at the University of Texas at Dallas. He has worked at Yahoo! Research Barcelona, Qatar Computing Research Institute and Huawei Research, Istanbul.

He received his Ph.D. from University of Insubria, Italy and his M.S. from State University of New York at Buffalo, USA. His primary research interests are Explainable Artificial Intelligence, Data Science on complex networks and large scale graph analysis, with applications in social, biological, IoT and Blockchain networks. He is a Fulbright Scholarship recipient, and his research works have been published in leading conferences and journals including TKDE, VLDB, IJCAI, ICDM and ICDE.