LSTM/GRU-BASED TWO-STAGE MODEL FOR IDENTIFYING AND CLASSIFYING MALICIOUS BEHAVIORS IN BLOCKCHAIN TRANSACTIONS

Abstract

With The Exponential Growth Of Bitcoin Transactions, Blockchain Platforms Face Increasing Risks From Malicious Activities Such As Money Laundering, Double-Spending, Sybil Attacks, And Fraudulent Schemes. While Existing Detection Mechanisms Can Differentiate Between Legitimate And Malicious Transactions, They Often Fail To Provide Fine-Grained Categorization Of The Specific Attack Types. To Address This Limitation, We Propose A Two-Stage Temporal Deep Learning Framework Leveraging Long Short-Term Memory (LSTM) And Gated Recurrent Unit (GRU) Networks. In The First Stage, Transaction Logs Are Processed As Sequential Patterns Derived From Hybrid Feature Selection Using Correlation Coefficient (CC) And Bray–Curtis Distance, Followed By Bootstrapped Data Augmentation. This Stage Performs Binary Classification, Effectively Distinguishing Legitimate Transactions From Malicious Ones. In The Second Stage, Only The Malicious Sequences Are Forwarded Into A Multi-Class Classifier, Where The Temporal Model Captures Sequential Dependencies And Behavioral Variations Across Accounts. The System Categorizes Malicious Activities Into Distinct Classes, Including Money Laundering, Double-Spending, Sybil, And Fraudulent Transactions. The Attention Mechanism Further Enhances Interpretability By Identifying Critical Transaction Subsequences Influencing Classification. Experimental Evaluation Demonstrates That The Proposed Framework Not Only Achieves High Accuracy In Detecting Malicious Activity But Also Provides Granular Insights Into Attack Patterns, Enabling Stronger Anti-Money Laundering (AML) Compliance And Improved Blockchain Security.