COIN-MIXING SERVICE ANALYSIS METHOD BASED ON HEURISTIC TRANSACTION ANALYSIS

Abstract

Disclosed is a coin-mixing service analysis method based on heuristic transaction analysis, including: selecting a target service to be analyzed; firstly, performing security analysis on the target service, and determining whether an API provided thereby contains vulnerability; if the API of the target service contains vulnerability, then obtaining sample transactions directly by means of the API containing the vulnerability; if the API of the target service contains no vulnerability, then obtaining sample transactions by using a small amount of Bitcoin for interaction with the service; using a heuristic transaction analysis method and determination standard to analyze the target service and the sample transaction thereof, and determine a service category to which the target service belongs; and for an obfuscated coin-mixing service, by means of a heuristic method, further using structural defects contained in transactions generated by the coin-mixing service to identify all coin-mixing transactions of the obfuscated coin-mixing service.

Claims

1. A coin-mixing service analysis method based on heuristic transaction analysis, wherein the coin-mixing service analysis method comprises: S1, selecting a target service to be analyzed; S2, firstly, performing security analysis on the target service, and determining whether an API provided thereby contains vulnerability; if the API of the target service contains vulnerability, then obtaining sample transactions directly by means of the API containing the vulnerability; if the API of the target service contains no vulnerability, then obtaining sample transactions by using a small amount of Bitcoin for interaction with the service; each of the sample transactions comprising an input into the service and output from the service, and an original corresponding relationship between the input into the service and output from the service; S3, using a heuristic transaction analysis method and determination standard to analyze the target service and the sample transactions thereof, and determine a service category to which the target service belongs, wherein the service category comprises two categories, one being an switched coin-mixing service, that is, using an output chain as a core coin-mixing process of the service, and the other one being an obfuscated coin-mixing service, that is, using single centralized output transaction and an anonymous set as a core coin-mixing process of the service; and S4, for an obfuscated coin-mixing service, by means of a heuristic method, further using structural defects contained in transactions generated by the coin-mixing service to identify all coin-mixing transactions of the obfuscated coin-mixing service.

2. The coin-mixing service analysis method based on heuristic transaction analysis according to claim 1, wherein the S3 comprises: in a case that the sample transactions having two outputs, determining that if any of the sample transactions is a transaction on an output chain, and the target service corresponding to this sample transaction is a switched coin-mixing service; and in a case that one of the sample transactions has at least three outputs, in which at least two outputs have identical values, determining that this sample transaction is for generating an anonymous set, and the target service corresponding to this sample transaction is an obfuscated coin-mixing service.

3. The coin-mixing service analysis method based on heuristic transaction analysis according to claim 1, wherein the S4 comprises: (4.1) firstly, analyzing all outputs of each of the sample transaction corresponding to the target service, and if there are multiple inputs in one of the transaction using these outputs, further analyzing source transactions of these inputs; and if any of the source transactions also generates an anonymous set, determining that this source transaction also belongs to the target service; and (4.2) repeating the step (4.1), and recording each of the 0ource transactions of the target service obtained from each operation until no new source transaction that generates an anonymous set appears.

Description

BRIEF DESCRIPTION OF DRAWINGS

[0020] FIG. 1 is a flow chart of coin-mixing service analysis using the coin-mixing service analysis method of the present disclosure.

[0021] FIG. 2 is an algorithm flow chart using coin-mixing transaction identification heuristics.

DESCRIPTION OF EMBODIMENTS

[0022] The purpose and effect of the present disclosure will become clearer by describing the present disclosure in detail according to the drawings and preferred embodiments. It should be understood that the specific embodiments described here are only used to explain the present disclosure, and are not used to limit the present disclosure.

[0023] As shown in FIGS. 1-2, the coin-mixing service analysis method based on heuristic transaction analysis of the present disclosure includes the following steps:

[0024] S1, selecting a target service to be analyzed;

[0025] wherein, as one of the implementations, the current coin-mixing service market can be investigated according to the coin-mixing service information and public media reports on BitcoinTalk official forum, omitting false and closed services, and selecting feasible services; for the purpose of criminal investigation, the target service has generally been determined;

[0026] S2, firstly, performing security analysis on the target service, and determining whether an API provided thereby contains vulnerability; if the API of the target service contains vulnerability, then obtaining a sample transaction directly by means of the API containing the vulnerability; if the API of the target service contains no vulnerability, then obtaining sample transaction by using a small amount of Bitcoin for interaction with the service; the sample transaction including a transaction input into the service and output from the service, and an original corresponding relationship between the transaction input into the service and output from the service;

[0027] S3, using a heuristic transaction analysis method and determination standard to analyze the target service and the sample transaction thereof, and determine a service category to which the target service belongs, wherein the service category includes two categories, one being an switched coin-mixing service, that is, using an output chain as a core coin-mixing process of the service, and the other one being an obfuscated coin-mixing service, that is, using a centralized output transaction and an anonymous set as a core coin-mixing process of the service;

[0028] when the sample transaction has two outputs, determining that the sample transaction is a transaction on an output chain, and the target service corresponding to the sample transaction is a switched coin-mixing service; when the sample transaction contains more than three outputs and at least two outputs have identical values, determining that the sample transaction is for generating anonymous sets, and the target service corresponding to the sample transaction is a obfuscated coin-mixing service;

[0029] S4, for an obfuscated coin-mixing service, by means of a heuristic method, further using structural defects contained in transactions generated by the coin-mixing service to identify all coin-mixing transactions of the obfuscated coin-mixing service, as specifically show in FIG. 2, which further includes:

[0030] (4.1) firstly, analyzing all outputs of the sample transactions corresponding to the target service, and if there are multiple inputs in the transaction using these outputs, further analyzing the source transaction of these inputs; and if the source transaction also generates an anonymous set, determining that the source transaction also belongs to the target service; and

[0031] (4.2) repeating the step (4.1), and recording the source transaction of the target service obtained from each operation until no new source transaction that generates an anonymous set appears.

[0032] Those skilled in the art can understand that the above is only a preferred example of the present disclosure, and is not used to limit the present disclosure. Although the present disclosure has been described in detail with reference to the aforementioned examples, for those skilled in the art, they can still modify the technical solutions described in the aforementioned examples, or replace some of the technical features equally. All modifications and equivalent substitutions within the spirit and principles of the present disclosure shall be included in the scope of protection of the present disclosure.

COIN-MIXING SERVICE ANALYSIS METHOD BASED ON HEURISTIC TRANSACTION ANALYSIS

Inventors

Cpc classification

Classification Explorer

G06Q20/381

PHYSICS

Classification Explorer

G06F2221/033

PHYSICS

Classification Explorer

G06Q20/389

PHYSICS

Classification Explorer

G06Q20/383

PHYSICS

Classification Explorer

G06Q20/3678

PHYSICS

Classification Explorer

G06Q2220/00

PHYSICS

Classification Explorer

G06Q20/0655

PHYSICS

Classification Explorer

G06Q20/02

PHYSICS

Classification Explorer

G06F21/577

PHYSICS

International classification

Classification Explorer

G06Q20/38

PHYSICS

Classification Explorer

G06F21/57

PHYSICS

Classification Explorer

G06F9/54

PHYSICS

Classification Explorer

G06Q20/02

PHYSICS

Abstract

Claims

Description