The paper "GasTrace: Detecting Sandwich Attack Malicious Accounts in Ethereum" introduces a cascade classification framework, GasTrace, designed to identify and prevent sandwich attacks in Ethereum. Sandwich attacks exploit the platform's transparency and transactional autonomy by manipulating the Automated Market Maker (AMM) mechanism through front-running and back-running transactions. The framework focuses on analyzing Gas features to detect malicious accounts. **Key Contributions:** 1. **GasTrace Framework:** A novel cascade classification method that leverages Gas features to identify malicious accounts. 2. **Feature Extraction and Selection:** Over 20 features are extracted, including average Gas consumption, short-term Gas volatility, and transaction frequency. 3. **First Round of Classification (R1):** Utilizes a Support Vector Machine (SVM) with a Radial Basis Function (RBF) kernel to generate predicted probabilities for account categories. 4. **Node Network Construction:** Predicted probabilities are used to construct a network where each node represents an account, enhancing the initial feature set. 5. **Second Round of Classification (R2):** Uses a Graph Attention Network (GAT) to capture behavioral discrepancies between malicious and legitimate accounts. 6. **Evaluation:** Achieves an accuracy of 96.73% and an F1 score of 95.71% on a dataset of 1,834 examples. **Methods:** - **Feature Extraction and Selection:** Extracts over 20 features, including Gas-related and transaction statistics features. - **First Round of Classification (R1):** Uses SVM with RBF to generate predicted probabilities. - **Node Network Construction:** Constructs a network using predicted probabilities and Euclidean distance. - **Second Round of Classification (R2):** Uses GAT to classify the network of nodes. **Evaluation:** - **Dataset:** Consists of 464 positive examples (malicious) and 1,370 negative examples (regular). - **Performance Metrics:** Achieves high accuracy and F1 scores, with a clear improvement over R1 alone. **Conclusion:** GasTrace demonstrates superior performance in detecting sandwich attacks, with high accuracy and robust generalization capabilities. The framework is open-sourced and evaluated on a balanced dataset, showing its effectiveness in identifying malicious accounts.The paper "GasTrace: Detecting Sandwich Attack Malicious Accounts in Ethereum" introduces a cascade classification framework, GasTrace, designed to identify and prevent sandwich attacks in Ethereum. Sandwich attacks exploit the platform's transparency and transactional autonomy by manipulating the Automated Market Maker (AMM) mechanism through front-running and back-running transactions. The framework focuses on analyzing Gas features to detect malicious accounts. **Key Contributions:** 1. **GasTrace Framework:** A novel cascade classification method that leverages Gas features to identify malicious accounts. 2. **Feature Extraction and Selection:** Over 20 features are extracted, including average Gas consumption, short-term Gas volatility, and transaction frequency. 3. **First Round of Classification (R1):** Utilizes a Support Vector Machine (SVM) with a Radial Basis Function (RBF) kernel to generate predicted probabilities for account categories. 4. **Node Network Construction:** Predicted probabilities are used to construct a network where each node represents an account, enhancing the initial feature set. 5. **Second Round of Classification (R2):** Uses a Graph Attention Network (GAT) to capture behavioral discrepancies between malicious and legitimate accounts. 6. **Evaluation:** Achieves an accuracy of 96.73% and an F1 score of 95.71% on a dataset of 1,834 examples. **Methods:** - **Feature Extraction and Selection:** Extracts over 20 features, including Gas-related and transaction statistics features. - **First Round of Classification (R1):** Uses SVM with RBF to generate predicted probabilities. - **Node Network Construction:** Constructs a network using predicted probabilities and Euclidean distance. - **Second Round of Classification (R2):** Uses GAT to classify the network of nodes. **Evaluation:** - **Dataset:** Consists of 464 positive examples (malicious) and 1,370 negative examples (regular). - **Performance Metrics:** Achieves high accuracy and F1 scores, with a clear improvement over R1 alone. **Conclusion:** GasTrace demonstrates superior performance in detecting sandwich attacks, with high accuracy and robust generalization capabilities. The framework is open-sourced and evaluated on a balanced dataset, showing its effectiveness in identifying malicious accounts.