Real-Time Threat Detection Use case

Real-time threat detection is crucial for blockchain security. ZettaBlock offers two robust methods for identifying malicious contracts and transactions. This document outlines the steps for each method.

πŸ“˜

Disclaimer: This document presupposes you already have built an external ML model and are only concerned with what kind of data and how to feed the data to the model.

An example of an open-source model includes Forta’s bot.

Method 1 focuses on Contract-Level Threat Detection, identifying malicious contracts at the point of their creation. This proactive approach minimizes risks by isolating harmful contracts before they interact with legitimate ones.

Method 2, on the other hand, zeroes in on Transaction-Level Threat Detection. It provides granular insights into real-time transactions, allowing for immediate action against suspicious activities - even if the associated contract isn't necessarily flagged. You can train your ML model to detect threats based on any kind of suspicious activity, whether this is transferring large sums back and forth or interacting with various suspicious protocols, such as Tornado Cash etc.

Method 1: Contract-Level Threat Detection

Step 1: Historical Data Training

Collect historical blockchain data. This pool of static data (transactions, transfers, contract creations data) will be used to train your Machine Learning model. The more data is provided, the better the training will be.

🚧

Note: Keep in mind that scanning big pools of historical data will require a large number of compute units - run your queries wisely!

Step 2: Joining with Private Labels

Integrate private labels that identify malicious contracts. Then, update the ML model with this new data.

Step 3: Tuning the ML Model

Fine-tune the model for accuracy and efficiency, and test it rigorously.

Step 4: Real-Time API

First, deploy a real-time API, fetching the latest contract creations.
Then, integrate the API with the ML model to identify malicious contracts or contracts associated with suspicious past interactions.

SELECT
  "transaction_hash",
  "block_number",
  "block_time",
  "creator_address",
  "creator_address_tx",
  "address",
  "bytecode",
  "data_creation_date"
FROM
  ethereum_mainnet.contract_creations
ORDER BY 
  "block_time" DESC
LIMIT
  1000;

Outcome: Benefits of Contract-Level Threat Detection

Detecting threats on the contract level allows for proactive security measures, minimizing the risk of fraudulent activities: saving user’s funds and . By identifying malicious contracts at the point of creation, you can isolate them before they interact with legitimate contracts or execute harmful transactions.

Method 2: Transaction-Level Threat Detection

Step 1: Historical Data Training

Similar to Method 1, collect and train your ML model with historical data.

Below is an example of a query that will fetch all ETH transfers from the past year.

SELECT
  date_trunc('month', data_creation_date) AS data_creation_date,
  from_address,
  to_address,
  SUM(CAST(VALUE AS DOUBLE) / POW(10, decimals)) AS sum_value_eth,
  MAX(CAST(VALUE AS DOUBLE) / POW(10, decimals)) AS max_value_eth,
  COUNT(VALUE) AS txns
FROM
  ethereum_mainnet.eth_transfers
WHERE
  block_time >= CURRENT_TIMESTAMP - INTERVAL '12' MONTH
GROUP BY
  from_address,
  to_address,
  date_trunc('month', data_creation_date) 

Step 2: Joining with Private Labels

Integrate private labels, tag wallets that have interacted with malicious contracts. Fine-tune the ML model.

Step 3: Real-Time API for Transactions

Deploy a real-time GraphQL API focused on transactions.

Outcome: Benefits of Transaction-Level Threat Detection

Detecting threats at the transaction level provides granular insights into real-time activities. This allows for immediate action against suspicious transactions, even if the associated contract is not flagged as malicious. The result is a more dynamic and responsive security framework that adapts to emerging threats.

Conclusion

Both methods offer robust solutions for real-time threat detection. Choose the one that best fits your needs.

For further assistance, reach out to our support team!