GasTrace: Detecting Sandwich Attack Malicious Accounts in Ethereum

TL;DR

GasTrace is a cascade classification framework that effectively detects sandwich attack malicious accounts in Ethereum by analyzing transaction and behavior features, achieving over 96% accuracy.

Contribution

The paper introduces GasTrace, a novel cascade classification approach combining SVM and GAT to detect sandwich attack accounts in Ethereum.

Findings

Achieves 96.73% detection accuracy.

F1 score of 95.71% in identifying malicious accounts.

Demonstrates effectiveness of combined feature analysis.

Abstract

The openness and transparency of Ethereum transaction data make it easy to be exploited by any entities, executing malicious attacks. The sandwich attack manipulates the Automated Market Maker (AMM) mechanism, profiting from manipulating the market price through front or after-running transactions. To identify and prevent sandwich attacks, we propose a cascade classification framework GasTrace. GasTrace analyzes various transaction features to detect malicious accounts, notably through the analysis and modeling of Gas features. In the initial classification, we utilize the Support Vector Machine (SVM) with the Radial Basis Function (RBF) kernel to generate the predicted probabilities of accounts, further constructing a detailed transaction network. Subsequently, the behavior features are captured by the Graph Attention Network (GAT) technique in the second classification. Through cascade classification, GasTrace can analyze and classify the sandwich attacks. Our experimental results demonstrate that GasTrace achieves a remarkable detection and generation capability, performing an accuracy of 96.73% and an F1 score of 95.71% for identifying sandwich attack accounts.