The Blockchain is largely considered an e ective solution able to ensure security and trustworthiness. Nevertheless, it can be prone to attacks and security threats, as discussed in [ 21 ]. In particular, Ethereum Classic (ETC), a permissionless (public) blockchain-based decentralized platform for smart contracts [ 5 ], has recently experienced two signi cant attacks which compromised the functionality of the network [ 1 ].

Roughly, the blockchain is characterized by a global ledger that can record transactions e ciently and permanently through a timed sequence of blocks, called chain. Blocks contain information about the transactions, and each block is added to the chain after a validation process, based on a distributed consensus mechanism. Consensus is reached whenever a sufcient number of nodes validates the block, that is then considered trustworthy. This whole process is logged and it is possible to collect information characterizing the activities within the underlying ledger. It is natural to ask whether such information can be exploited to monitor the process and provide early analysis and detection mechanisms capable of reporting anomalous situations and prospective attacks.

Historically, data analysis techniques have been extensively exploited in the cyber security domain [ 4 ], and the recent di usion of advanced machine learning techniques has allowed to accurately identify cyber-attacks and detect threats, both real-time and in post-incident analysis [ 20, 15 ]. Notably, both supervised and unsupervised machine learning algorithms have been successfully employed to support intrusion detection and prevention systems, as well as to detect system misuses and security breaches. The scenarios of interest are usually characterized by a continuous stream of data (such as packet-level or application-level data) summarizing the behavior of the underlying network or system. The role of the machine learning algorithms consists either in identifying known attacks (supervised approach), or anomalous behavior (unsupervised approach). Anomaly-based techniques are able to t normal system operating status, isolating and identifying anomalies as unexpected behavioral deviations. For this reason, anomaly detection approaches result to be appealing for their ability to detect zero-day attacks, i.e., attacks exploiting unknown vulnerabilities.

In this paper, we propose an encoder-decoder model that exploits the information collected by the activities within a blockchain, to highlight anomalies in the underlying network activity, that can represent a potential symptom of a forthcoming or current attack on the system integrity. The contribution of the paper is twofold:

We identify a set of properties to be computed from the blockchain logs, which describe the status of the system at every time step.

Next, we devise an unsupervised neural architecture, which takes as input a time series representing the status of the blockchain network for a time window, able to compute a score representing the degree of anomaly exhibited by the time series.

Experiments on the historical logs of the ETC network show that the system is e ective in detecting the reported attacks. To the best of our knowledge, our approach is the rst one that provides a comprehensive and feasible solution to monitor the security of blockchain transactions.

The paper is organized as follows. In section 2 we review the architecture of the ETC network and describe the attacks that exposed its potential vulnerabilities. We also review how machine learning and blockchain technology have been combined in the current literature. Section 3 provides two contributions: rst, it gives details about the structure of the ETC logs and the preprocessing steps applied to engineer the relevant features describing the blockchain status. Next, we discuss about the details of the Encoder/Decoder architecture. Section 4 describes the experiments that demonstrate the e ectiveness of the proposed architecture, and nally in section 5 we discuss open problems and pointers to future directions. 2

The blockchain is a Distributed Ledger Technology [ 9 ], i.e. a system that allows to store exchanges and information in a secure and permanent way. Given the structure and protocol, blockchain removes the need to have intermediaries, who were previously required to act as trusted third parties to verify, register and coordinate data.

From a technical perspective, a blockchain is a distributed database shared into a peer-topeer network: data are stored under the form of transactions within speci c structures named blocks. Each block is the collection of all transactions performed in a time window and di erent blocks may contain a di erent number of transactions. Blocks are connected by a cryptographic bond in the chain: a hash function is computed on the concatenation of the signature of the current block with the hash computed on the previous one. By repeating this step for each block the chain is created and the references to the previous block are maintained, as shown in

The security is guaranteed by a consensus mechanism that allows to con rm transactions and produce new blocks. The most popular consensus algorithm is named "Proof-of-Work" (PoW), rst adopted in the Bitcoin blockchain [ 16 ]: special nodes in the network, called miners, compete in validating the blocks, and only one will produce the nal validation.

PoW is considered a robust method, able to reach the Byzantine-fault-tolerant consensus [ 14 ] and to minimize the risk for a Double Spending attack [ 18 ]. In fact, any modi cation to the ledger would require to re-validate all the blocks between the altered block and the current one, before any other validation: the con rmation is achieved when at least 51% miners agree about the validation.

Originally, blockchain was proposed as a technology to support cryptocurrencies. It later evolved with smart contracts, i.e. computer programs performed in decentralized way on Blockchain so that they can be executed and veri ed automatically. ETC implements such a technology, by providing a platform for decentralized applications that run and are regulated on a distributed ledger. Each contract is composed of a sequence of operations whose cost is expressed as gas, i.e., the amount of cryptocurrency that is deemed necessary to execute them. Actually, ETC implements a priority mechanism of the transaction execution. The priority depends on the provided gas, that corresponds to the fee received by the rst miner able to compute the solution for the puzzle associated to a block: the higher the provided gas, the higher the priority.

Blockchain is not immune to attacks. The ETC network exhibits some vulnerabilities [ 7 ] and has experienced several attacks in the recent years. In particular, [ 1 ] reports an attack on 18 June 2016 (referred as DAO from now on), where a vulnerability of the transaction protocol was exploited. More recently, in January 2019 researchers con rmed a successful 51% attack 1 on the ETC blockchain, where hackers were able to roll back transactions. Besides a detailed analysis of the vulnerabilities and countermeasures to improve the robustness of the overall architecture, it is natural to ask whether it is possible to devise an Intrusion or Anomaly detection systems capable of detecting signals of malicious behaviors and issue early warnings. However, to the best of our knowledge, only a limited number of approaches have been proposed in the current literature.

Signorini et al.[ 19 ] propose BAD, a blockchain anomaly detection system that collects information from blocks in the main chain as well as orphan blocks (i.e., blocks contained within pruned branches). There are two issues with this approach: rst of all the amount of considered information could be infeasible to handle, as they aim at storing data about each branch occurring on the blockchain; second, it would require nevertheless a modi cation of the protocol, as 1See http://cointelegraph.com/news/ethereum-classic-51-attack-the-reality-of-proof-of-work information concerning the orphan blocks is not currently stored according to the blockchain protocol speci cs.

More similar to our approach is the study proposed in [ 3 ]. Here, the authors propose a visual analytical approach where statistics are collected from Ethereum public blockchain and visualized through a chronological dashboard. The authors show that the collected statistics allow to detect the DAO attack, by highlighting an anomalous peak close to the corresponding date. Our method extends this approach by proposing a fully automatic and accurate architecture based on deep neural networks. 3

In this section we devise a machine learning approach to identify anomalies in the usage of Blockchain-based systems. As discussed before, the approach we propose is essentially unsupervised, due to the lack of labeled data: successful attacks represent very rare events and typically they don't share common patterns. As a consequence, supervised models exhibit poor detection performances.

The proposed anomaly detection system builds a neural encoder-decoder model, capable of summarizing the information about the status of the ledger within a latent space and then to rebuild the original information from this space. The underlying intuition is that, whenever the current status is consistent, the encoding/decoding operation preserves the basic properties of the data. By contrast, anomalous situations exhibit inconsistent values that ultimately result in a failing reconstruction. This happens, for example, when the amount of ether (the cryptocurrency of the ETC blockchain) is anomalously high compared to all the remaining parameters of the system. An encoder-decoder would interpret this quantity as noise and consequently would ignore such a value in the reconstruction. As a consequence, the di erence between the original and the reconstructed values would highlight the anomalous situation and consequently trigger the alert.

The model works on sequences of temporally-sorted events. Formally, we assume that the data is organized as a sequence X = f~x1; : : : ; ~xN g relative to a period of observation, where ~xt is a vector of features describing the t-th event in chronological order within X. An anomaly is an unexpected event in X, i.e. a vector ~xt signi cantly di erent from its neighbors ~xt w; : : : ; ~xt 1; ~xt+1; : : : ; ~xt+v (for a given window [t w; t + v] to be determined). Thus, the model should be capable of summarizing all the regularities in the data that characterize the sequence ~xt w; : : : ; ~xt+v.

Autoencoders [ 11, 2 ] represent an e ective solution to the unsupervised task of learning a compact representation of the latent features characterizing a piece of information. An autoencoder is a neural architecture trained to reproduce as output a duplicate of its input. It is composed by two elements, as shown in Figure 2a.

The encoder , a neural network whose goal is to map an input ~x to a latent compact representation (~x) = ~z 2 RK . This mapping produces an embedding of the original input into a latent vector of size K.

A decoder , another neural networks that, given a K-dimensional vector ~z, aims at producing an output (~z) = ~y that is as close as possible to the original input.

In the above description, the components , , ~x and ~y are unspeci ed. In our framework, we consider the input and output ~x; ~y of the autoencoder to be temporally marked events. As a consequence and can be speci ed as recurrent networks (RNNs) [ 10 ]. An RNN naturally ts ~x ~z

~y (a) General autoencoder structure.

(b) Recurrent Autoencoder (RAE). sequential data, since, iterating over the sequence, it saves (partial) memory of each event. In our implementation we decided to instantiate the RNNs as Long short-term memory networks (LSTM, see [ 13 ] for a detailed description).

The resulting architecture is a sequence to sequence recurrent autoencoder (RAE) model [ 8 ] shown in Figure 2b. In short, the objective of RAE is to: (i) read all the events in the sequence, (ii) extract a compact representation of all the events within the sequence; (iii) generate a new sequence that is a copy of (or close to) the input one, by exploiting the representation. Mathematically, this can be speci ed as follows: given an input sequence I = f~x1; : : : ; ~xng, we compute an output sequence O = f~y1; : : : ; ~yng where: (1) (2) ~h(d) = LSTM (~z; ~h(d) ) t t 1 ~yt = mlp'(~ht(d))

n 1 X `(I; O) = n t=1 k~xt ~ytk2 where LSTM and mlp# represent the encoder, with internal state ~h(e) given the t-th event; t symmetrically, LSTM and mlp' represent the decoder, with inner state ~ht(d). Further, mlp# and mlp' represent multilayer networks parameterized by and , respectively.

Since the main purpose of RAE is to reconstruct the input from a compact representation, the model can be trained by considering a reconstruction loss:

Input subsequences are obtained from X through a sliding window mechanism. Each timestep within X is associated with a subsequence Wt = f~xt m+1; : : : ; : : : ; ~xtg, where m is the window size. Thus, RAE is trained on the set fWm; : : : ; WN g of subsequences that can obtained from X, as illustrated in Figure 2, by learning to reconstruct them in a way that minimizes the speci ed loss.

RAE will learn to model normal behavior, by mapping input data to compact representations that can capture all the relevant features characterizing it. An anomalous event will compromise this reconstruction capability. Thus, the distance between the input and the output can be exploited as a score to measure the outlierness of the analyzed sequence. Since each event can be included within several overlapping windows, its nal score is computed as the average of the outlierness scores of all the involved windows: where W~ i = dec(enc(Wi)) is the output of the RAE with input Wi. 4

The model proposed in the previous section represents a general approach to anomaly detection on sequential data. In this section, we apply our model to the ETC network to identify abnormal situations that can be symptoms of incoming attacks. As discussed in section 2, ETC has experienced two (known) successful attacks: the DAO attack (18 June 2016) and the 51% attack. The latter is scarcely documented and the reports state that it happened in a period within the interval 5-8 January 2019. Hence, our objective is to adopt the RAE model to check whether these events exhibit an anomaly score signi cantly higher than the other ones. 4.1

In this work, we de ne an encoder-decoder deep learning model to detect anomalies in the usage of blockchain systems. In this scenario, the main problem is the rarity of the events to identify (i.e. the attacks), therefore, an unsupervised solution is adopted to address this issue. Speci cally, the contribution of the paper is twofold: (i) we identi ed a relevant set of features computed on blockchain logs describing network status in determined time steps; (ii) a sequence-to-sequence neural network model is used to recognize anomalous changes in the blockchain network. Experiments on the complete historical logs of Ethereum Classic prove our model capability to e ectively detect security attacks.

As future works, we plan to study the usage of hybrid architectures based on the combination of RNNs with Convolutional Neural Networks [ 17 ] to obtain an automatic feature engineering and evaluate eventual improvements. On the other hand, we are interested in de ning models able to predict attacks before they happen, improving the network security.

This work has been partially supported by MIUR - PON Research and Innovation 2014-2020 under project Secure Open Nets.