Our AI Detects Your AI — Revealing the Secret Blockchain DApp World of Bots (Part 1 — EOS)

Abstract

Key Insights

Figure 1: Model Prediction Results For Bot Prevalence in Top 10 EOS DApps — Unique Accounts (left), Transaction Volume (right)
Figure 2: Bot vs. Human Accounts (left) and Transaction Activity (right)
  1. In terms of unique accounts, the most active DApp (DApp-1) has only a small percentage of bot activity.
  2. The remaining Top 10 DApps (DApps-2–10) all have substantial bot activity.
  3. With 4500+ unique accounts, DApp-2 attracted the most bots (~1900) while its organic human generated traffic is lower than that of DApp-1. This dynamic hints at the competitive nature of the DApp world, in which the runner-ups are leveraging bots in order to augment overall ecosystem usage metrics.
  4. Without the use of our sophisticated prediction models, DApp leaderboard websites, ratings agencies, investors, developers, and enthusiasts alike will be fooled into believing DApp-2’s significant 200K+ transactions (roughly 4x that of DApp-1 transactions) signals more popularity, value, and usage. Meanwhile the reality is that DApp-1 has the most authentic human accounts and it did not employ a bot army to augment its numbers.

Why does blockchain bot detection matter ?

Figure 3: Internet Bot Research Report — Distill Networks, 2019 [1]
Figure 4: Bitwise‘s report shows trading bots found in several crypto exchanges [2].

Background: Blockchain Ecosystem and DApp

  • EOS is the #1 DApp blockchain with $480 million in weekly transaction volume.
  • Gambling DApps dominate 65% of all EOS DApp ecosystem transaction volume. Games account for 12%, Marketplaces for 7%, with various uses for the remaining 16%.
  • Out of the 1.2 million total EOS addresses, the Top 20 EOS DApp addresses contribute $114 million in weekly transaction value, equivalent to 24% of all ecosystem volume.
  • Utilizing our AnChain.AI Platform we analyzed the millions of transactions from the Top 10 EOS Gambling DApps, which represent the majority of overall ecosystem activity.
Figure 5: Comparison of Top 3 DApp-Friendly Blockchains (EOS, TRON, ETH). April 2019 Dapp.Review — Full Version in Appendix
Figure 6: TokenInsight’s Q1 2019 DApp Report
Figure 7: DApp Hot 20 EOS Board. March 2019, TokenInsight.

Blockchain Bot vs. Human Behaviors

Figure 8: EOS DApp Bot Blockchain Transactions (addresses made anonymous)
Figure 9: Typical Blockchain DApp Bot Behavior
Figure 10: Typical Human Account Behavior

Four Blockchain Bot Behavior Sophistication Levels

Figure 11: Hyperactive bots (24x7, nonstop, relatively linear)
Figure 12 : Regular patterns — runs every 4 hours (left), runs every hour (right)
Figure 13: Daily Active Bots Employing Perturbation Techniques
Figure 14: Blockchain APT [3] hacker group identified in a blockchain DApp in Aug 2018. Each dot in this massive graph represents a blockchain address, and the center is the targeted DApp, Fomo3D.

Why are blockchain bots challenging to detect?

  • Address blacklist databases often collected and maintained by developer/operator communities
  • Rule based detection engines, like “IF active_24_hours THEN bot ELSE human”
  • Static blacklists; bot addresses can be replaced anytime, and often grow in rapid fashion making it difficult for manual blacklist input or flagging to be a viable approach
  • Sophisticated bots can leverage a range of camouflaging techniques in order to evade multi-variable rule based detection engines
  • Iterating and processing much too slowly in a highly dynamic and evolving threat landscape
  • Scalable to the amount of bot-reported incidents
  • Time-effective (a.k.a. cost effective)

Bad Bot vs Good Bot in Blockchain World

  • Boosting DApp rankings by augmenting transaction metrics, often a proxy of overall business health. This is similar to Internet SEO (Search Engine Optimization) bots that simulate mouse clicks to fool the search engines into listing the desired site higher in results rankings.
  • Increasing liquidity of DApp utility tokens. Most DApps are backed by tokenomics, meaning they have a token crypto asset that is actively traded across various crypto exchanges. If there is no trading activity for this token and the exchange where it is listed has an illiquid order book, the token asset will likely face sell-side pressure and decrease in value. A very common use case for bots is employing them as a tool for market making to ultimately increase liquidity of the tokens and prop up, or grow, asset values.
  • Earning profits on the payout dividends. Most DApps pay generous dividends, in coins or tokens, to incentivize players to play their DApps (mostly gambling related).
  • Sabotaging competitors by congesting the DApp, similar to a Denial-of- Service (DoS) attack on the Internet.
  • Launching BAPT (Blockchain Advanced Persistent Threat) attacks on targeted vulnerable DApps. [3]
  • Running automated product quality assurance tests within the DApp (i.e. quality assurance bot)
  • Interacting with human players. For example, DApp players cannot always find sufficient human players to interact with, so a bot player will be deployed to fill the void

What can we do as an industry?

  • All DApp rating sites leverage sophisticated bot detection engines to make sure the rankings are fair, up-to-date with real-time metrics, and the practice of using static blacklist addresses databases is done away with.
  • As the platforms where the DApps are hosted and run, protocols ought to discourage DApps from using cheating bots in order to fake volume, transactions, etc. in order to appear higher on rankings.
  • Protocol teams have all of the available data for each of the DApps within their protocol, so they ought to lead the charge with transparency and re-focus on driving organic growth which will benefit themselves and the industry in the long-term.
  • Focus on organic human user growth. That’s the key to sustained success.
  • Invest in good bots that help improve product quality and increase liquidity.
  • Do not cheat by building bad bots.
  • Defend against malicious bots, such as BAPT (Blockchain APT hackers)[3].
  • Reputation systems akin to a FICO credit score need to be in place in order to block suspicious accounts related to bot activities.

How does AnChain.AI detect bots?

  • Deep Learning (DL), including Convolutional Neural Nets (CNN)
  • Ensembles, including Gradient Boosted Tree (GBT) and Random Forest (RF). Accuracy on validation set achieves 99%+.
  • Active percentage. The more active, the more likely it’s a bot.
  • Temporal regularity by auto-correlation. Repeated pattern hints at bot behavior.
  • Bet size. A bot is more likely to bet at a fixed amount.
Figure 15: AnChain.AI convolutional neural network (CNN) model architecture
Figure 16: Deep learning model performance on training (blue) and validation (orange) set. Achieved 99%+ accuracy on the validation set.
Figure 17: Random forest machine learning model for bot detection. 99%+ ROC score.

Acknowledgements

  • Berkeley Blockchain Xcelerator Professor Alexander Fred-Ojala, Chief Data Scientist at UC Berkeley, for reviewing the machine learning work.
  • Amino Capital’s anti-fraud experts.
  • Data scientist interns Shengbin (Duke University) and David (Harvard University) for working with AnChain.AI’s Data Platform team.
  • Connie Zheng for editorial support.
  • TokenInsight for providing statistics on DApps.
  • AWS Activate Program for sponsoring the Startup Cloud Credits.

About AnChain.AI

References:

Appendix:

Full Stats from DApp.Review website.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
AnChain.AI

AnChain.AI

292 Followers

Blockchain data analytics firm providing security, risk, and compliance solutions.