Phishing attacks on Ethereum have increased with its growing adoption, creating significant challenges as phishing and non-phishing users often display similar behavior. Additionally, while the network as a whole experiences high activity, individual user behavior is typically sparse, making it difficult to detect phishing patterns. Current methods frequently fail to tackle these challenges and often neglect the temporal sequence of transactions, resulting in data leakage and reduced performance. In this paper, we propose a novel approach that addresses these gaps by focusing on the association of two key aspects: (1) local temporal behavior fluctuations of individual users and (2) deviations from global transaction patterns within the network. To aim this, we introduce CATALOG (CApturing joint TemporAl dependencies from LOcal and Global user behaviour), a novel representation learning model that jointly captures the local and global behavioral patterns of a user and their correlations by leveraging a dual cross-attention mechanism paired with a bi-directional Masked Language Modelling (MLM) based pipelined transformer framework. Our proposed model simultaneously learns from local behavioral shifts and global market trends along with a contextually enriched embeddings, effectively distinguishing phishing from non-phishing users, while addressing the existing research gaps. Extensive experiments on real-world Ethereum transaction data show that our framework improves phishing detection by 7-8% in F1-Score compared to existing models. Furthermore, it generalizes effectively across Ethereum versions 1.0 and 2.0, demonstrating the robustness of our approach.
Track: Security and privacy
Keywords: Ethereum, Phishing Scams, Security, Representation Learning
TL;DR: CATALOG: An Enhanced Ethereum Phishing Detector.
Abstract:
Submission Number: 675
Loading