摘要
以太坊智能合约本质上是一种在网络上由相互间没有信任关系的节点共同执行的已被双方认证程序。目前,大量的智能合约被用于管理数字资产,使智能合约成为黑客的重要攻击对象。常见的攻击方法是通过利用智能合约的漏洞来实现特定操作的入侵攻击。ContractGuard是首次提出面向以太坊区块链智能合约的入侵检测系统,它能检测智能合约的潜在攻击行为。ContractGuard的入侵检测主要依赖检测潜在攻击可能引发的异常控制流来实现。由于智能合约运行在去中心化的环境以及在高度受限的环境中运行,现有的IDS技术或者工具等以外部拦截形式的部署架构不适合于以太坊智能合约。为了解决这些问题,通过设计一个嵌入式的架构,实现了把ContractGuard直接嵌入智能合约的执行代码中,作为智能合约的一部分。在运行时刻,ContractGuard通过相应的context-tagged无环路径来实现入侵检测,从而保护智能合约。由于嵌入了额外的代码,ContractGuard一定程度上会增加智能合约的部署开销与运行开销,为了降低这两方面的开销,基于以太坊智能合约的特性对ContractGuard进行优化。实验结果显示,可有效地检测83%的异常行为,其部署开销仅增加了36.14%,运行开销仅增加了28.17%。
Ethereum smart contracts are programs that can be collectively executed by a network of mutually untrusted nodes.Smart contracts handle and transfer assets of values,offering strong incentives for malicious attacks.Intrusion attacks are a popular type of malicious attacks.ContractGuard,the first intrusion detection system(IDS)was proposed to defend Ethereum smart contracts against such attacks.Like IDSs for conventional programs,ContractGuard detects intrusion attempts as abnormal control flow.However,existing IDS techniques or tools are inapplicable to Ethereum smart contracts due to Ethereum’s decentralized nature and its highly restrictive execution environment.To address these issues,ContractGuard was designed by embedding it in the contracts.At runtime,ContractGuard protects the smart contract by monitoring the context-tagged acyclic path of the smart contract.As ContractGuard involves deployment overhead and deployment overhead.It was optimized under the Ethereum Gas-oriented performance model to reduce the overheads.The experimental results show that this work can effectively detect 83% of vulnerabilities,ContractGuard only adds to 36.14% of the deployment overhead and 28.27% of the runtime overhead.
作者
赵淦森
谢智健
王欣明
何嘉浩
张成志
林成创
Ziheng Zhou
陈冰川
Chunming Rong
ZHAO Gansen;XIE Zhijian;WANG Xinming;HE Jiahao;ZHANG Chengzhi;LIN Chengchuang;Ziheng ZHOU;CHEN Bingchuan;Chunming RONG(South China Normal University School of Computer Science,Guangzhou 510000,China;Guangzhou Key Laboratory of Cloud Computing Security and Assessment Technology,Guangzhou 510000,China;VeChain blockchain technology and application joint laboratory,Guangzhou 510000,China;Lakala Payment Company Limited,Beijing 100080,China;HK University of Science and Technology,Hong Kong 999077,China;VeChain Foundation Limited,Singapore 238463;Guangdong university of finance and economics,Guangzhou 510000,China;Stavanger University,Stavanger 4036,Norway)
出处
《网络与信息安全学报》
2020年第2期35-55,共21页
Chinese Journal of Network and Information Security
基金
中华人民共和国香港特别行政区政府资金资助项目(No.RGC/GRF16202917)
国家重点研发计划基金资助项目(No.2018YFB1404402)
广东省重点研发计划基金资助项目(No.2019B010137003)
广东省科技计划基金资助项目(No.2016B030305006,No.2018A07071702,No.201804010314,No.2012224-12)
唯链基金会资金资助项目(No.SCNU-2018-01)
广东省教育厅特色创新项目(自然科学)(No.2017KTSCX074)。
关键词
区块链
以太坊智能合约
入侵检测系统
异常检测
blockchain
Ethereum smart contract
intrusion detection system
anomaly detection
