EthScope: A Transaction-centric Security Analytics Framework to Detect Malicious Smart Contracts on Ethereum.
作者: Yajin Zhou , Kui Ren , Xiapu Luo , Zhi Wang , Cong Wang
DOI:
关键词: Systems design 、 Instrumentation (computer programming) 、 Component (UML) 、 Scripting language 、 Computer science 、 Database transaction 、 Scalability 、 Blockchain 、 Computer security 、 Smart contract
摘要: As one of the representative blockchain platforms, Ethereum has attracted lots attacks. Due to potential financial loss, there is a pressing need detect malicious smart contracts and understand their behaviors. Though exist multiple systems for contract analysis, they cannot efficiently analyze large number transactions re-execute introspect In this paper, we urge transaction-centric security analytics framework Ethereum, which provides an efficient way quickly locate suspicious ones from extensible with analyst-provided scripts. We present system design in solves three technical challenges, i.e., incomplete states, scalability extensibility. have implemented prototype named EthScope solve these challenges. In particular, first component Data Aggregator collects recovers critical states. The second Replay Engine able {replay} arbitrary transactions. third Instrumentation Framework exposes interfaces analyst dynamically instrument execution comprehensive evaluation six types attacks demonstrated effectiveness our system. performance shows that can perform large-scale analysis on (more than 8 million ones) speed up around 2,300x compared JSTracer provided by Go-Ethereum. To engage community, will release dataset detected https URL.
arxiv.org参考文章(24)
Zhendong Su, Dongyan Xu, Zhiqiang Lin, Zhui Deng, Xiangyu Zhang, Fei Peng, X-force: force-executing binary programs for security applications usenix security symposium. pp. 829- 844 ,(2014)
Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, Aquinas Hobor, Making Smart Contracts Smarter computer and communications security. pp. 254- 269 ,(2016) , 10.1145/2976749.2978309
Man Ho Au, Ting Chen, Ting Chen, Xiaosong Zhang, Xiapu Luo, Jiachi Chen, Zihao Li, Ying Wang, Xiaoqi Li, An Adaptive Gas Cost Mechanism for Ethereum to Defend Against Under-Priced DoS Attacks arXiv: Cryptography and Security. ,(2017)
Aquinas Hobor, Prateek Saxena, Ivica Nikolic, Ilya Sergey, Aashish Kolluri, Finding The Greedy, Prodigal, and Suicidal Contracts at Scale arXiv: Cryptography and Security. ,(2018)
Weili Chen, Zibin Zheng, Jiahui Cui, Edith Ngai, Peilin Zheng, Yuren Zhou, Detecting Ponzi Schemes on Ethereum: Towards Healthier Blockchain Technology the web conference. pp. 1409- 1418 ,(2018) , 10.1145/3178876.3186046
Sukrit Kalra, Seep Goel, Mohan Dhawan, Subodh Sharma, ZEUS: Analyzing Safety of Smart Contracts. network and distributed system security symposium. ,(2018) , 10.14722/NDSS.2018.23082
Ting Chen, Yuxiao Zhu, Zihao Li, Jiachi Chen, Xiaoqi Li, Xiapu Luo, Xiaodong Lin, Xiaosong Zhange, Understanding Ethereum via Graph Analysis IEEE INFOCOM 2018 - IEEE Conference on Computer Communications. pp. 1484- 1492 ,(2018) , 10.1109/INFOCOM.2018.8486401
Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Bünzli, Martin Vechev, Securify: Practical Security Analysis of Smart Contracts computer and communications security. pp. 67- 82 ,(2018) , 10.1145/3243734.3243780
Bo Jiang, Ye Liu, W. K. Chan, ContractFuzzer: fuzzing smart contracts for vulnerability detection automated software engineering. pp. 259- 269 ,(2018) , 10.1145/3238147.3238177
Ralph Holz, Vincent Gramoli, François Gauthier, Bernhard Scholz, Lexi Brent, Anton Jurisevic, Michael Kong, Eric Liu, Vandal: A Scalable Security Analysis Framework for Smart Contracts. arXiv: Programming Languages. ,(2018)