Authors
-
Nazrin Bayramova
Department of Digital Technologies and Applied Informatics at the Azerbaijan State University of Economics (UNEC)
Author
https://orcid.org/0009-0002-7841-7239
-
Elkhan Karimzada
Affiliation 1: Ministry of Internal Affairs of the Republic of Azerbaijan, Baku, Azerbaijan Affiliation 2: Department of Digital Technologies and Applied Informatics, Azerbaijan State University of Economics (UNEC), Baku, Azerbaijan
Author
https://orcid.org/0009-0002-9423-5320
-
Elmir Adilzade
Sabah Groups, Azerbaijan State Oil and Industry University (ASOIU), Baku, Azerbaijan
Author
https://orcid.org/0009-0000-6126-7700
Keywords:
cybersecurity, Anomaly Detection, Blockchain, Financial Forensics, Graph Neural Networks
Abstract
The Bitcoin transaction network represents a complex, high-dimensional system where the pseudonymous nature of flows facilitates ransomware extortion and money laundering activities. However, existing detection methodologies predominantly rely on local transaction features, failing to capture structural dependencies and topological obfuscation techniques used in ransomware and laundering. To address this limitation, this study proposed a hybrid Graph-Based Machine Learning (GBML) framework that integrates structural embeddings (Node2Vec) with ensemble classifiers and contrasts them against inductive GraphSAGE architectures using the Elliptic dataset. The analysis revealed that the Node2Vec-enhanced Random Forest model achieved an F1-score of 0.9277 and a ROC-AUC of 0.9956, substantially outperforming feature-only baselines. Furthermore, the inductive GraphSAGE model demonstrated remarkable robustness under a strict temporal split, achieving an F1-score of 0.8981 on future unseen transactions. This performance improvement is attributed to the encoding of neighborhood context and temporal dynamics, which exposes latent connections between illicit entities. Distinct from purely black-box deep learning approaches, this framework incorporates latent space visualization and permutation-based feature importance to ensure the forensic interpretability required for legal compliance. Consequently, the proposed method provides a robust solution for post-hoc forensic investigations in environments characterized by extreme class imbalance and evolving criminal patterns.
Author Biographies
-
Nazrin Bayramova, Department of Digital Technologies and Applied Informatics at the Azerbaijan State University of Economics (UNEC)
Nazrin Bayramova is affiliated with the Department of Digital Technologies and Applied Informatics at the Azerbaijan State University of Economics (UNEC). Her main focuses on cybersecurity, blockchain forensics, and graph-based machine learning. She developed the experimental framework presented in this article, including anomaly-detection pipelines using the Elliptic Bitcoin dataset and models such as GraphSAGE, Node2Vec, and classical machine-learning baselines for illicit-transaction classification.
-
Elkhan Karimzada, Affiliation 1: Ministry of Internal Affairs of the Republic of Azerbaijan, Baku, Azerbaijan Affiliation 2: Department of Digital Technologies and Applied Informatics, Azerbaijan State University of Economics (UNEC), Baku, Azerbaijan
Elkhan Karimzada is a Senior Digital Forensics Expert at the Ministry of Internal Affairs of the Republic of Azerbaijan and is academically affiliated with the Department of Digital Technologies and Applied Informatics at UNEC. His professional work focuses on computer forensics, incident analysis, biometric systems, and cybercrime investigations.
-
Elmir Adilzade, Sabah Groups, Azerbaijan State Oil and Industry University (ASOIU), Baku, Azerbaijan
Elmir Adilzade is a graduate of the SABAH Groups program at the Azerbaijan State Oil and Industry University (ASOIU), specializing in computer engineering. His academic interests include software quality assurance, data analytics, and applied machine learning. He contributes to research activities involving computational methods and blockchain-related technologies.
