Bitcoin Heist Ransomware Address

Donated on 6/16/2020

BitcoinHeist datasets contains address features on the heterogeneous Bitcoin network to identify ransomware payments.

Dataset Characteristics

Multivariate, Time-Series

Subject Area

Computer Science

Associated Tasks

Classification, Clustering

Feature Type

Integer, Real

# Instances

2916697

# Features

10

Dataset Information

Additional Information

We have downloaded and parsed the entire Bitcoin transaction graph from 2009 January to 2018 December. Using a time interval of 24 hours, we extracted daily transactions on the network and formed the Bitcoin graph. We filtered out the network edges that transfer less than B0.3, since ransom amounts are rarely below this threshold. Ransomware addresses are taken from three widely adopted studies: Montreal, Princeton and Padua. Please see the BitcoinHeist article for references.

Has Missing Values?

No

Variable Information

Features address: String. Bitcoin address. year: Integer. Year. day: Integer. Day of the year. 1 is the first day, 365 is the last day. length: Integer. weight: Float. count: Integer. looped: Integer. neighbors: Integer. income: Integer. Satoshi amount (1 bitcoin = 100 million satoshis). label: Category String. Name of the ransomware family (e.g., Cryptxxx, cryptolocker etc) or white (i.e., not known to be ransomware). Our graph features are designed to quantify specific transaction patterns. Loop is intended to count how many transaction i) split their coins; ii) move these coins in the network by using different paths and finally, and iii) merge them in a single address. Coins at this final address can then be sold and converted to fiat currency. Weight quantifies the merge behavior (i.e., the transaction has more input addresses than output addresses), where coins in multiple addresses are each passed through a succession of merging transactions and accumulated in a final address. Similar to weight, the count feature is designed to quantify the merging pattern. However, the count feature represents information on the number of transactions, whereas the weight feature represents information on the amount (what percent of these transactions’ output?) of transactions. Length is designed to quantify mixing rounds on Bitcoin, where transactions receive and distribute similar amounts of coins in multiple rounds with newly created addresses to hide the coin origin. White Bitcoin addresses are capped at 1K per day (Bitcoin has 800K addresses daily). Note that although we are certain about ransomware labels, we do not know if all white addresses are in fact not related to ransomware. When compared to non-ransomware addresses, ransomware addresses exhibit more profound right skewness in distributions of feature values.

Dataset Files

FileSize
BitcoinHeistData.csv225 MB

Reviews

There are no reviews for this dataset yet.

Login to Write a Review

Write a Review

0
Download (110.7 MB)
Install the ucimlrepo package 
pip install ucimlrepo
Import the dataset into your code 
from ucimlrepo import fetch_ucirepo 
  
# fetch dataset 
bitcoin_heist_ransomware_address = fetch_ucirepo(id=526) 
  
# data (as pandas dataframes) 
X = bitcoin_heist_ransomware_address.data.features 
y = bitcoin_heist_ransomware_address.data.targets 
  
# metadata 
print(bitcoin_heist_ransomware_address.metadata) 
  
# variable information 
print(bitcoin_heist_ransomware_address.variables)
View the full documentation
0 citations
6855 views
Citation
Bitcoin Heist Ransomware Address [Dataset]. (2020). UCI Machine Learning Repository. https://doi.org/10.24432/C5BG8V.
Style:

DOI

License

This dataset is licensed under a Creative Commons Attribution 4.0 International (CC BY 4.0) license.

This allows for the sharing and adaptation of the datasets for any purpose, provided that the appropriate credit is given.

By using the UCI Machine Learning Repository, you acknowledge and accept the cookies and privacy practices used by the UCI Machine Learning Repository.
Read Policy