The openness and transparency of Ethereum transaction data make it easy to be exploited by any entities, executing malicious attacks. The sandwich attack manipulates the Automated Market Maker (AMM) mechanism, profiting from manipulating the market price through front or after-running transactions. To identify and prevent sandwich attacks, we propose a cascade classification framework GasTrace. GasTrace analyzes various transaction features to detect malicious accounts, notably through the analysis and modeling of Gas features. In the initial classification, we utilize the Support Vector Machine (SVM) with the Radial Basis Function (RBF) kernel to generate the predicted probabilities of accounts, further constructing a detailed transaction network. Subsequently, the behavior features are captured by the Graph Attention Network (GAT) technique in the second classification. Through cascade classification, GasTrace can analyze and classify the sandwich attacks. Our experimental results demonstrate that GasTrace achieves a remarkable detection and generation capability, performing an accuracy of 96.73\% and an F1 score of 95.71\% for identifying sandwich attack accounts.

翻译：以太坊交易数据的开放性与透明性使其易被任何实体利用，从而实施恶意攻击。三明治攻击通过操纵自动化做市商（AMM）机制，借助前置或后置交易操控市场价格以牟利。为识别并防范此类攻击，本文提出一种级联分类框架GasTrace。该框架通过分析多种交易特征以检测恶意账户，尤其侧重于对Gas特征的分析与建模。在初级分类阶段，我们采用基于径向基函数（RBF）核的支持向量机（SVM）生成账户的预测概率，并进一步构建细粒度交易网络。随后，在二级分类中通过图注意力网络（GAT）技术捕捉行为特征。通过级联分类，GasTrace能够对三明治攻击进行系统分析与分类。实验结果表明，GasTrace具备卓越的检测与生成能力，在三明治攻击账户识别任务中实现了96.73%的准确率与95.71%的F1分数。