The openness and transparency of Ethereum transaction data make it easy to be exploited by any entities, executing malicious attacks. The sandwich attack manipulates the Automated Market Maker (AMM) mechanism, profiting from manipulating the market price through front or after-running transactions. To identify and prevent sandwich attacks, we propose a cascade classification framework GasTrace. GasTrace analyzes various transaction features to detect malicious accounts, notably through the analysis and modeling of Gas features. In the initial classification, we utilize the Support Vector Machine (SVM) with the Radial Basis Function (RBF) kernel to generate the predicted probabilities of accounts, further constructing a detailed transaction network. Subsequently, the behavior features are captured by the Graph Attention Network (GAT) technique in the second classification. Through cascade classification, GasTrace can analyze and classify the sandwich attacks. Our experimental results demonstrate that GasTrace achieves a remarkable detection and generation capability, performing an accuracy of 96.73% and an F1 score of 95.71% for identifying sandwich attack accounts.

翻译：以太坊交易数据的开放性和透明性使其易被任何实体利用，从而执行恶意攻击。三明治攻击通过操纵自动化做市商（AMM）机制，利用前置或后置交易操纵市场价格以获取利润。为识别和防范三明治攻击，我们提出了一种级联分类框架GasTrace。该框架通过分析多种交易特征来检测恶意账户，尤其侧重于对Gas特征的分析与建模。在初始分类阶段，我们采用基于径向基函数（RBF）核的支持向量机（SVM）生成账户的预测概率，并进一步构建精细化的交易网络。随后，在第二级分类中通过图注意力网络（GAT）技术捕捉行为特征。通过级联分类，GasTrace能够对三明治攻击进行分析与归类。实验结果表明，GasTrace具备卓越的检测与生成能力，在识别三明治攻击账户时实现了96.73%的准确率与95.71%的F1分数。