Detecting Ransomware Payments in the Bitcoin Network: A Comprehensive Analysis and Classification Using Bitcoin Heist Ransomware Address Dataset

Rajendran, Mani Maran

Detecting Ransomware Payments in the Bitcoin Network: A Comprehensive Analysis and Classification Using Bitcoin Heist Ransomware Address Dataset

Tools

Rajendran, Mani Maran (2024) Detecting Ransomware Payments in the Bitcoin Network: A Comprehensive Analysis and Classification Using Bitcoin Heist Ransomware Address Dataset. Masters thesis, Dublin, National College of Ireland.

Preview	PDF (Master of Science) Download (1MB) \| Preview
Preview	PDF (Configuration Manual) Download (3MB) \| Preview

Abstract

Ransomware attacks pose a significant threat to global cybersecurity, causing substantial financial and operational losses. The anonymity inherent in Bitcoin transactions further exacerbates this issue, making it exceedingly difficult to trace and detect ransom payments associated with ransomware attacks. This study addresses the challenge by leveraging machine learning and deep learning models to detect ransomware transactions within the Bitcoin Heist Ransomware Address (BHRAD) dataset. The preprocessing pipeline included feature scaling, Synthetic Minority Oversampling Technique (SMOTE) to address class imbalances, and graph-based feature construction to capture relational data effectively. Five models—Random Forest, XGBoost, CNN, GCN, and GIN—were evaluated based on metrics such as accuracy, precision, recall, and F1 score. Random Forest achieved the highest accuracy (94.64%), demonstrating its effectiveness in handling structured data for ransomware detection. XGBoost also performed well but slightly lagged behind in recall. For graph-based data, GCN and GIN exhibited lower performance overall, with GCN achieving an F1 score of 78.09% and GIN struggling with an accuracy of 33.85% and an F1 score of 49.33%. The CNN model, designed for recognising patterns, showed moderate performance with an accuracy of 79.17% and an F1 score of 88.32%. These findings underscore the feasibility of combining ensemble methods with graph-based approaches for detecting ransomware transactions, offering valuable insights for enhancing cybersecurity frameworks and promoting transparency in blockchain transactions.

Item Type:	Thesis (Masters)
Supervisors:	Name Email Horn, Christian UNSPECIFIED
Subjects:	Q Science > QA Mathematics > Electronic computers. Computer science T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science Q Science > QA Mathematics > Computer software > Computer Security T Technology > T Technology (General) > Information Technology > Computer software > Computer Security H Social Sciences > HG Finance > Money > Digital currency > Cryptocurrencies Q Science > Q Science (General) > Self-organizing systems. Conscious automata > Machine learning
Divisions:	School of Computing > Master of Science in Data Analytics
Depositing User:	Ciara O'Brien
Date Deposited:	04 Sep 2025 11:07
Last Modified:	04 Sep 2025 11:07
URI:	https://norma.ncirl.ie/id/eprint/8781

Actions (login required)

View Item