Real-time threat detection is crucial for blockchain security. ZettaBlock offers two robust methods for identifying malicious contracts and transactions. This document outlines the steps for each method.
Disclaimer: This document presupposes you already have built an external ML model and are only concerned with what kind of data and how to feed the data to the model.
An example of an open-source model includes Forta’s bot.
Method 1 focuses on Contract-Level Threat Detection, identifying malicious contracts at the point of their creation. This proactive approach minimizes risks by isolating harmful contracts before they interact with legitimate ones.
Method 2, on the other hand, zeroes in on Transaction-Level Threat Detection. It provides granular insights into real-time transactions, allowing for immediate action against suspicious activities - even if the associated contract isn't necessarily flagged. You can train your ML model to detect threats based on any kind of suspicious activity, whether this is transferring large sums back and forth or interacting with various suspicious protocols, such as Tornado Cash etc.
Collect historical blockchain data. This pool of static data (transactions, transfers, contract creations data) will be used to train your Machine Learning model. The more data is provided, the better the training will be.
Note: Keep in mind that scanning big pools of historical data will require a large number of compute units - run your queries wisely!
Integrate private labels that identify malicious contracts. Then, update the ML model with this new data.
Fine-tune the model for accuracy and efficiency, and test it rigorously.
First, deploy a real-time API, fetching the latest contract creations.
Then, integrate the API with the ML model to identify malicious contracts or contracts associated with suspicious past interactions.
SELECT "transaction_hash", "block_number", "block_time", "creator_address", "creator_address_tx", "address", "bytecode", "data_creation_date" FROM ethereum_mainnet.contract_creations ORDER BY "block_time" DESC LIMIT 1000;
Detecting threats on the contract level allows for proactive security measures, minimizing the risk of fraudulent activities: saving user’s funds and . By identifying malicious contracts at the point of creation, you can isolate them before they interact with legitimate contracts or execute harmful transactions.
Similar to Method 1, collect and train your ML model with historical data.
Below is an example of a query that will fetch all ETH transfers from the past year.
SELECT date_trunc('month', data_creation_date) AS data_creation_date, from_address, to_address, SUM(CAST(VALUE AS DOUBLE) / POW(10, decimals)) AS sum_value_eth, MAX(CAST(VALUE AS DOUBLE) / POW(10, decimals)) AS max_value_eth, COUNT(VALUE) AS txns FROM ethereum_mainnet.eth_transfers WHERE block_time >= CURRENT_TIMESTAMP - INTERVAL '12' MONTH GROUP BY from_address, to_address, date_trunc('month', data_creation_date)
Integrate private labels, tag wallets that have interacted with malicious contracts. Fine-tune the ML model.
Deploy a real-time GraphQL API focused on transactions.
Detecting threats at the transaction level provides granular insights into real-time activities. This allows for immediate action against suspicious transactions, even if the associated contract is not flagged as malicious. The result is a more dynamic and responsive security framework that adapts to emerging threats.
Both methods offer robust solutions for real-time threat detection. Choose the one that best fits your needs.
For further assistance, reach out to our support team!
Updated 2 months ago