Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

ART: A Graph-based Framework for Investigating Illicit Activity in Monero via Address-Ring-Transaction Structures

Andrea Venturi, Imanol Jerico-Yoldi, Francesco Zola, Raul Orduna

TL;DR

The paper addresses the challenge of tracing illicit activity on Monero by proposing a graph-based framework that models the privacy-preserving transaction ecosystem with Address-Ring-Transaction (ART) graphs. It extracts both structural and temporal features from $n$-hop ART-graphs around seed transactions and trains binary classifiers to detect similar modus operandi, using SMOTE to handle class imbalance. A case study on WannaCry 2.0 transactions attributed to the Lazarus Group demonstrates the approach's feasibility, achieving perfect precision and strong F1-score despite a small dataset, while acknowledging limitations in generalizability and data availability. Overall, the work contributes a novel behavioral analytics tool for privacy-preserving blockchains and lays groundwork for future investigative capabilities outside protocol-level vulnerabilities.

Abstract

As Law Enforcement Agencies advance in cryptocurrency forensics, criminal actors aiming to conceal illicit fund movements increasingly turn to "mixin" services or privacy-based cryptocurrencies. Monero stands out as a leading choice due to its strong privacy preserving and untraceability properties, making conventional blockchain analysis ineffective. Understanding the behavior and operational patterns of criminal actors within Monero is therefore challenging and it is essential to support future investigative strategies and disrupt illicit activities. In this work, we propose a case study in which we leverage a novel graph-based methodology to extract structural and temporal patterns from Monero transactions linked to already discovered criminal activities. By building Address-Ring-Transaction graphs from flagged transactions, we extract structural and temporal features and use them to train Machine Learning models capable of detecting similar behavioral patterns that could highlight criminal modus operandi. This represents a first partial step toward developing analytical tools that support investigative efforts in privacy-preserving blockchain ecosystems

ART: A Graph-based Framework for Investigating Illicit Activity in Monero via Address-Ring-Transaction Structures

TL;DR

The paper addresses the challenge of tracing illicit activity on Monero by proposing a graph-based framework that models the privacy-preserving transaction ecosystem with Address-Ring-Transaction (ART) graphs. It extracts both structural and temporal features from -hop ART-graphs around seed transactions and trains binary classifiers to detect similar modus operandi, using SMOTE to handle class imbalance. A case study on WannaCry 2.0 transactions attributed to the Lazarus Group demonstrates the approach's feasibility, achieving perfect precision and strong F1-score despite a small dataset, while acknowledging limitations in generalizability and data availability. Overall, the work contributes a novel behavioral analytics tool for privacy-preserving blockchains and lays groundwork for future investigative capabilities outside protocol-level vulnerabilities.

Abstract

As Law Enforcement Agencies advance in cryptocurrency forensics, criminal actors aiming to conceal illicit fund movements increasingly turn to "mixin" services or privacy-based cryptocurrencies. Monero stands out as a leading choice due to its strong privacy preserving and untraceability properties, making conventional blockchain analysis ineffective. Understanding the behavior and operational patterns of criminal actors within Monero is therefore challenging and it is essential to support future investigative strategies and disrupt illicit activities. In this work, we propose a case study in which we leverage a novel graph-based methodology to extract structural and temporal patterns from Monero transactions linked to already discovered criminal activities. By building Address-Ring-Transaction graphs from flagged transactions, we extract structural and temporal features and use them to train Machine Learning models capable of detecting similar behavioral patterns that could highlight criminal modus operandi. This represents a first partial step toward developing analytical tools that support investigative efforts in privacy-preserving blockchain ecosystems

Paper Structure

This paper contains 14 sections, 3 equations, 1 figure.

Table of Contents

  1. Introduction
  2. Background and Problem Statement
  3. Related Work
  4. Behavior Detection Method
  5. Data Acquisition
  6. ART-graph
  7. Feature extraction
  8. Classification
  9. Case Study
  10. Dataset and features
  11. Model implementation and training
  12. Results
  13. Results analysis
  14. Conclusion

Figures (1)

  • Figure 1: Example of ART-graph