This work carried out a measurement study of the Ethereum Peer-to-Peer(P2P)network to gain a better understanding of the underlying nodes.Ethereum was applied because it pioneered distributed applications,smart contra...This work carried out a measurement study of the Ethereum Peer-to-Peer(P2P)network to gain a better understanding of the underlying nodes.Ethereum was applied because it pioneered distributed applications,smart contracts,and Web3.Moreover,its application layer language“Solidity”is widely used in smart contracts across different public and private blockchains.To this end,we wrote a new Ethereum client based on Geth to collect Ethereum node information.Moreover,various web scrapers have been written to collect nodes’historical data fromthe Internet Archive and the Wayback Machine project.The collected data has been compared with two other services that harvest the number of Ethereumnodes.Ourmethod has collectedmore than 30% more than the other services.The data trained a neural network model regarding time series to predict the number of online nodes in the future.Our findings show that there are less than 20% of the same nodes daily,indicating thatmost nodes in the network change frequently.It poses a question of the stability of the network.Furthermore,historical data shows that the top ten countries with Ethereum clients have not changed since 2016.The popular operating system of the underlying nodes has shifted from Windows to Linux over time,increasing node security.The results have also shown that the number of Middle East and North Africa(MENA)Ethereum nodes is neglected compared with nodes recorded from other regions.It opens the door for developing new mechanisms to encourage users from these regions to contribute to this technology.Finally,the model has been trained and demonstrated an accuracy of 92% in predicting the future number of nodes in the Ethereum network.展开更多
Ethereum, currently the most widely utilized smart contracts platform, anchors the security of myriad smartcontracts upon its own robustness. Its foundational peer-to-peer network facilitates a dependable node connect...Ethereum, currently the most widely utilized smart contracts platform, anchors the security of myriad smartcontracts upon its own robustness. Its foundational peer-to-peer network facilitates a dependable node connectionmechanism, whereas an efficient data-sharing protocol constitutes as the bedrock of Blockchain network security.In this paper, we propose NodeHunter, an Ethereum network detector implemented through the application ofsimulation technology, which is capable of aggregating all node records within the network and the interconnectednessbetween them. Utilizing this connection information, NodeHunter can procure more comprehensive insightsfor network status analysis compared to preceding detection methodologies. Throughout a three-month period ofunbroken surveillance of the Ethereum network, we obtained an excess of two million node records along with overone hundred million node acquaintances. Analysis of the gathered data revealed that an alarming 49% or more ofthese node records were maliciously forged.展开更多
Unmanned aerial vehicles(UAVs),or drones,have revolutionized a wide range of industries,including monitoring,agriculture,surveillance,and supply chain.However,their widespread use also poses significant challenges,suc...Unmanned aerial vehicles(UAVs),or drones,have revolutionized a wide range of industries,including monitoring,agriculture,surveillance,and supply chain.However,their widespread use also poses significant challenges,such as public safety,privacy,and cybersecurity.Cyberattacks,targetingUAVs have become more frequent,which highlights the need for robust security solutions.Blockchain technology,the foundation of cryptocurrencies has the potential to address these challenges.This study suggests a platform that utilizes blockchain technology tomanage drone operations securely and confidentially.By incorporating blockchain technology,the proposed method aims to increase the security and privacy of drone data.The suggested platform stores information on a public blockchain located on Ethereum and leverages the Ganache platform to ensure secure and private blockchain transactions.TheMetaMask wallet for Ethbalance is necessary for BCT transactions.The present research finding shows that the proposed approach’s efficiency and security features are superior to existing methods.This study contributes to the development of a secure and efficient system for managing drone operations that could have significant applications in various industries.The proposed platform’s security measures could mitigate privacy concerns,minimize cyber security risk,and enhance public safety,ultimately promoting the widespread adoption of UAVs.The results of the study demonstrate that the blockchain can ensure the fulfillment of core security needs such as authentication,privacy preservation,confidentiality,integrity,and access control.展开更多
This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.B...This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.Blockchain can be used in a multi-tenant cloud environment(MTCE)to improve the security of data,as it is a decentralized approach.Data is saved in unaltered form.Also,Blockchain is not owned by a single organization.The encryption process can be done using a Homomorphic encryption(HE)algorithm along with hashing technique,hereby allowing computations on encrypted data without the need for decryption.This research paper is composed of four objectives:Analysis of cloud security using Blockchain technology;Exceptional scenario of Blockchain architecture in an enterprise-level MTCE;Implementation of cipher-text policy attribute-based encryption(CPABE)algorithm;Implementation of Merkle tree using Ethereum(MTuE)in a Multi-tenant system.Out of these four objectives,the main focus is on the implementation of CP-ABE algorithm.CP-ABE parameters are proposed for different levels of tenants.The levels include inner tenant,outer tenant,Inner-Outer-Tenant,Inner-Outer-External-Tenant,Outer-Inner-Tenant,External-Outer-Inner-Tenant and the parameters such as token,private key,public key,access tree,message,attribute set,node-level,cipher-text,salting which will help in providing better security using CP-ABE algorithm in a multitenant environment(MTE)where tenants can be provided with different levels of security and achieved 92 percentage of authenticity and access-control of the data.展开更多
Cryptoassets have experienced dramatic volatility in their prices,especially during the COVID-19 pandemic era.This pilot study explores the volatility asymmetry and correlations among three popular cryptoassets(Bitcoi...Cryptoassets have experienced dramatic volatility in their prices,especially during the COVID-19 pandemic era.This pilot study explores the volatility asymmetry and correlations among three popular cryptoassets(Bitcoin,Ethereum,and Dogecoin)as well as Gold.Multiple Generalized Autoregressive Conditional Heteroskedasticity(GARCH)models are analyzed.We find that positive shocks have a greater impact on the volatility of these financial assets than negative shocks of the same magnitude,perhaps a manifestation of the fear of missing out(FOMO)effect.Our research is one of the first to use COVID-19-period volatility of financial assets(in-sample data)to forecast their later COVID-19-period volatility(out-of-sample data).This forecast accuracy is compared to that produced by forecasts using the same out-of-sample data and a longer in-sample data.Our results indicate that generally,the larger in-sample dataset gives a higher forecast accuracy though the smaller in-sample dataset is from the same regime as the out-of-sample data.We also evaluate the correlations among the assets using the Dynamic Conditional Correlation(DCC)framework and find that there is an elevated positive correlation between Gold and Bitcoin during the past two years.The Gold-Bitcoin correlation hit its peak during the peak of the COVID-19 pandemic and then fell back to around zero in July 2021 when the pandemic crisis eased.Unsurprisingly,there is a strong positive correlation among the cryptocurrencies.Pairwise correlation among all four assets was stronger during the COVID-19 pandemic.Such continuing analysis can inform portfolio asset allocation as well as general financial policy decisions.展开更多
智能合约是代码和数据的集合,一旦部署便无法更改,且其自身持有金融属性,若出现安全漏洞问题将会造成巨大损失,可见编写出安全可靠的智能合约是至关重要的。为此,基于Ethereum平台研究并分析智能合约的安全漏洞,总结了几种易见的安全漏...智能合约是代码和数据的集合,一旦部署便无法更改,且其自身持有金融属性,若出现安全漏洞问题将会造成巨大损失,可见编写出安全可靠的智能合约是至关重要的。为此,基于Ethereum平台研究并分析智能合约的安全漏洞,总结了几种易见的安全漏洞,包括可重入漏洞、整数溢出漏洞、拒绝服务(denial of service,DoS)漏洞、时间戳依赖漏洞、交易序列依赖漏洞等;针对上述合约的漏洞进行详细的原理分析和场景复现,提出了相应的预防安全策略并通过实验进行有效性验证;最后分析并比较了几种主流的智能合约安全漏洞检测工具。展开更多
Ethereum's high attention,rich business,certain anonymity,and untraceability have attracted a group of attackers.Cybercrime on it has become increasingly rampant,among which scam behavior is convenient,cryptic,ant...Ethereum's high attention,rich business,certain anonymity,and untraceability have attracted a group of attackers.Cybercrime on it has become increasingly rampant,among which scam behavior is convenient,cryptic,antagonistic and resulting in large economic losses.So we consider the scam behavior on Ethereum and investigate it at the node interaction level.Based on the life cycle and risk identification points we found,we propose an automatic detection model named Aparecium.First,a graph generation method which focus on the scam life cycle is adopted to mitigate the sparsity of the scam behaviors.Second,the life cycle patterns are delicate modeled because of the crypticity and antagonism of Ethereum scam behaviors.Conducting experiments in the wild Ethereum datasets,we prove Aparecium is effective which the precision,recall and F1-score achieve at 0.977,0.957 and 0.967 respectively.展开更多
In March 2021,we witnessed a surge in Bitcoin price.The cause seemed to be a tweet by Elon Musk.Are other blockchains as sensitive to social media as Bitcoin?And more precisely,could Ethereum's popularity be expla...In March 2021,we witnessed a surge in Bitcoin price.The cause seemed to be a tweet by Elon Musk.Are other blockchains as sensitive to social media as Bitcoin?And more precisely,could Ethereum's popularity be explained using social media data?This work aims to explore the determinants of Ethereum's popularity.We use both data from Etherscan to retrieve the relevant historic Ethereum factors and Twitter data.Our sample consists of data ranging from 2015 to 2022.We use Ordinary Least Squares to assess the relationship between these factors(Ethereum characteristics and Twitter data)and Ethereum's popularity.Our findings show that Ethereum's popularity—translated here by the number of daily new addresses—is related to the following elements:the Ether(ETH)price,the transaction fees,and the polarity of tweets related to Ethereum.The results could have multiple practical implications for both researchers and practitioners.First of all,we believe that it will enable readers to better understand the technology of Ethereum and its stake.Secondly,it will help the community identify pointers for anticipating or explaining the popularity of existing or future platforms.And finally,the results could help in understanding the factors facilitating the design of future platforms.展开更多
The recent surge of Ethereum in prominence has made it an attractive target for various kinds of crypto crimes.Phishing scams,for example,are an increasingly prevalent cybercrime in which malicious users attempt to st...The recent surge of Ethereum in prominence has made it an attractive target for various kinds of crypto crimes.Phishing scams,for example,are an increasingly prevalent cybercrime in which malicious users attempt to steal funds from a user’s crypto wallet.This research investigates the effects of network architectural features as well as the temporal aspects of user activities on the performance of detecting phishing users on the Ethereum transaction network.We employ traditional machine learning algorithms to evaluate our model on real-world Ethereum transaction data.The experimental results demonstrate that our proposed features identify phishing accounts efficiently and outperform the baseline models by 4%in Recall and 5%in F1-score.展开更多
The Ethereum blockchain’s smart contract is a programmable transaction that performs general-purpose computations and can be executed automatically on the blockchain.Leveraging this component,blockchain technology(BT...The Ethereum blockchain’s smart contract is a programmable transaction that performs general-purpose computations and can be executed automatically on the blockchain.Leveraging this component,blockchain technology(BT)has grown beyond the scope of cryptocurrencies and can now be applicable in various industries other than finance.In this paper,we investigated the current trends in Ethereum-based decentralized applications(DApps)to be able to categorize and analyze the DApps to measure the complexity of smart contracts behind them,their level of security and their correlation to the maintainability of the DApps.We leveraged the source code analysis,security analysis,and the developmental metadata of the DApps to infer this correlation.Based on our findings,we concluded that the maintainability of Ethereum DApps is proportional to the code size,number of functions,and,most importantly,the number of outgoing invocations and statements in the smart contracts.展开更多
Ethereum has received increasing attention as the first blockchain platform to support smart contracts.Data mining has become an important tool for analyzing Ethereum transactions.However,existing methods have the dis...Ethereum has received increasing attention as the first blockchain platform to support smart contracts.Data mining has become an important tool for analyzing Ethereum transactions.However,existing methods have the disadvantage of covering partial transactions and being vulnerable to privacy-enhancing techniques.In this paper,we propose a scheme for transaction correlation with the node as an entity,which can cover all transactions while being resistant to privacy-enhancing techniques.Utilizing timestamps relayed from N fixed nodes to describe the network properties of transactions,we cluster transactions that enter the network from the same source node.Experimental results show that our method can determine with 97%precision whether two transactions enter the network from the same source node.展开更多
With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges su...With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges such as slow updates,usability issues,and limited installation methods.These challenges hinder the adoption and practicality of these tools.This paper examines smart contract vulnerability detection tools from 2016 to 2023,sourced from the Web of Science(WOS)and Google Scholar.By systematically collecting,screening,and synthesizing relevant research,38 open-source tools that provide installation methods were selected for further investigation.From a developer’s perspective,this paper offers a comprehensive survey of these 38 open-source tools,discussing their operating principles,installation methods,environmental dependencies,update frequencies,and installation challenges.Based on this,we propose an Ethereum smart contract vulnerability detection framework.This framework enables developers to easily utilize various detection tools and accurately analyze contract security issues.To validate the framework’s stability,over 1700 h of testing were conducted.Additionally,a comprehensive performance test was performed on the mainstream detection tools integrated within the framework,assessing their hardware requirements and vulnerability detection coverage.Experimental results indicate that the Slither tool demonstrates satisfactory performance in terms of system resource consumption and vulnerability detection coverage.This study represents the first performance evaluation of testing tools in this domain,providing significant reference value.展开更多
Programming errors in Ethereum smart contracts can result in catastrophic financial losses from stolen cryptocurrency.While vulnerability detectors can prevent vulnerable contracts from being deployed,this does not me...Programming errors in Ethereum smart contracts can result in catastrophic financial losses from stolen cryptocurrency.While vulnerability detectors can prevent vulnerable contracts from being deployed,this does not mean that such contracts will not be deployed.Once a vulnerable contract is instantiated on the blockchain and becomes the target of attacks,the identification of exploit transactions becomes indispensable in assessing whether it has been actually exploited and identifying which malicious or subverted accounts were involved.In this work,we study the problem of post-factum investigation of Ethereum attacks using Indicators of Compromise(IoC)specially crafted for use in the blockchain.IoC definitions need to capture the side-effects of successful exploitation in the context of the Ethereum blockchain.Therefore,we define a model for smart contract execution,comprising multiple abstraction levels that mirror the multiple views of code execution on a blockchain.Subsequently,we compare IoCs defined across the different levels in terms of their effectiveness and practicality through EtherClue,a prototype tool for investigating Ethereum security incidents.Our results illustrate that coarse-grained IoCs defined over blocks of transactions can detect exploit transactions with less computation.However,they are contract-specific and suffer from false negatives.On the other hand,fine-grained IoCs defined over virtual machine instructions can avoid these pitfalls at the expense of increased computation,which is nevertheless applicable for practical use.展开更多
基金the Arab Open University for Funding this work through AOU Research Fund No.(AOURG-2023-006).
文摘This work carried out a measurement study of the Ethereum Peer-to-Peer(P2P)network to gain a better understanding of the underlying nodes.Ethereum was applied because it pioneered distributed applications,smart contracts,and Web3.Moreover,its application layer language“Solidity”is widely used in smart contracts across different public and private blockchains.To this end,we wrote a new Ethereum client based on Geth to collect Ethereum node information.Moreover,various web scrapers have been written to collect nodes’historical data fromthe Internet Archive and the Wayback Machine project.The collected data has been compared with two other services that harvest the number of Ethereumnodes.Ourmethod has collectedmore than 30% more than the other services.The data trained a neural network model regarding time series to predict the number of online nodes in the future.Our findings show that there are less than 20% of the same nodes daily,indicating thatmost nodes in the network change frequently.It poses a question of the stability of the network.Furthermore,historical data shows that the top ten countries with Ethereum clients have not changed since 2016.The popular operating system of the underlying nodes has shifted from Windows to Linux over time,increasing node security.The results have also shown that the number of Middle East and North Africa(MENA)Ethereum nodes is neglected compared with nodes recorded from other regions.It opens the door for developing new mechanisms to encourage users from these regions to contribute to this technology.Finally,the model has been trained and demonstrated an accuracy of 92% in predicting the future number of nodes in the Ethereum network.
基金the National Key Research and Development Program of China(No.2020YFB1005805)Peng Cheng Laboratory Project(Grant No.PCL2021A02)+2 种基金Guangdong Provincial Key Laboratory of Novel Security Intelligence Technologies(2022B1212010005)Shenzhen Basic Research(General Project)(No.JCYJ20190806142601687)Shenzhen Stable Supporting Program(General Project)(No.GXWD20201230155427003-20200821160539001).
文摘Ethereum, currently the most widely utilized smart contracts platform, anchors the security of myriad smartcontracts upon its own robustness. Its foundational peer-to-peer network facilitates a dependable node connectionmechanism, whereas an efficient data-sharing protocol constitutes as the bedrock of Blockchain network security.In this paper, we propose NodeHunter, an Ethereum network detector implemented through the application ofsimulation technology, which is capable of aggregating all node records within the network and the interconnectednessbetween them. Utilizing this connection information, NodeHunter can procure more comprehensive insightsfor network status analysis compared to preceding detection methodologies. Throughout a three-month period ofunbroken surveillance of the Ethereum network, we obtained an excess of two million node records along with overone hundred million node acquaintances. Analysis of the gathered data revealed that an alarming 49% or more ofthese node records were maliciously forged.
基金supported by the Deanship forResearch&Innovation,Ministry of Education in Saudi Arabia with the Grant Code:IFP22UUQU4281768DSR205.
文摘Unmanned aerial vehicles(UAVs),or drones,have revolutionized a wide range of industries,including monitoring,agriculture,surveillance,and supply chain.However,their widespread use also poses significant challenges,such as public safety,privacy,and cybersecurity.Cyberattacks,targetingUAVs have become more frequent,which highlights the need for robust security solutions.Blockchain technology,the foundation of cryptocurrencies has the potential to address these challenges.This study suggests a platform that utilizes blockchain technology tomanage drone operations securely and confidentially.By incorporating blockchain technology,the proposed method aims to increase the security and privacy of drone data.The suggested platform stores information on a public blockchain located on Ethereum and leverages the Ganache platform to ensure secure and private blockchain transactions.TheMetaMask wallet for Ethbalance is necessary for BCT transactions.The present research finding shows that the proposed approach’s efficiency and security features are superior to existing methods.This study contributes to the development of a secure and efficient system for managing drone operations that could have significant applications in various industries.The proposed platform’s security measures could mitigate privacy concerns,minimize cyber security risk,and enhance public safety,ultimately promoting the widespread adoption of UAVs.The results of the study demonstrate that the blockchain can ensure the fulfillment of core security needs such as authentication,privacy preservation,confidentiality,integrity,and access control.
文摘This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.Blockchain can be used in a multi-tenant cloud environment(MTCE)to improve the security of data,as it is a decentralized approach.Data is saved in unaltered form.Also,Blockchain is not owned by a single organization.The encryption process can be done using a Homomorphic encryption(HE)algorithm along with hashing technique,hereby allowing computations on encrypted data without the need for decryption.This research paper is composed of four objectives:Analysis of cloud security using Blockchain technology;Exceptional scenario of Blockchain architecture in an enterprise-level MTCE;Implementation of cipher-text policy attribute-based encryption(CPABE)algorithm;Implementation of Merkle tree using Ethereum(MTuE)in a Multi-tenant system.Out of these four objectives,the main focus is on the implementation of CP-ABE algorithm.CP-ABE parameters are proposed for different levels of tenants.The levels include inner tenant,outer tenant,Inner-Outer-Tenant,Inner-Outer-External-Tenant,Outer-Inner-Tenant,External-Outer-Inner-Tenant and the parameters such as token,private key,public key,access tree,message,attribute set,node-level,cipher-text,salting which will help in providing better security using CP-ABE algorithm in a multitenant environment(MTE)where tenants can be provided with different levels of security and achieved 92 percentage of authenticity and access-control of the data.
文摘Cryptoassets have experienced dramatic volatility in their prices,especially during the COVID-19 pandemic era.This pilot study explores the volatility asymmetry and correlations among three popular cryptoassets(Bitcoin,Ethereum,and Dogecoin)as well as Gold.Multiple Generalized Autoregressive Conditional Heteroskedasticity(GARCH)models are analyzed.We find that positive shocks have a greater impact on the volatility of these financial assets than negative shocks of the same magnitude,perhaps a manifestation of the fear of missing out(FOMO)effect.Our research is one of the first to use COVID-19-period volatility of financial assets(in-sample data)to forecast their later COVID-19-period volatility(out-of-sample data).This forecast accuracy is compared to that produced by forecasts using the same out-of-sample data and a longer in-sample data.Our results indicate that generally,the larger in-sample dataset gives a higher forecast accuracy though the smaller in-sample dataset is from the same regime as the out-of-sample data.We also evaluate the correlations among the assets using the Dynamic Conditional Correlation(DCC)framework and find that there is an elevated positive correlation between Gold and Bitcoin during the past two years.The Gold-Bitcoin correlation hit its peak during the peak of the COVID-19 pandemic and then fell back to around zero in July 2021 when the pandemic crisis eased.Unsurprisingly,there is a strong positive correlation among the cryptocurrencies.Pairwise correlation among all four assets was stronger during the COVID-19 pandemic.Such continuing analysis can inform portfolio asset allocation as well as general financial policy decisions.
文摘智能合约是代码和数据的集合,一旦部署便无法更改,且其自身持有金融属性,若出现安全漏洞问题将会造成巨大损失,可见编写出安全可靠的智能合约是至关重要的。为此,基于Ethereum平台研究并分析智能合约的安全漏洞,总结了几种易见的安全漏洞,包括可重入漏洞、整数溢出漏洞、拒绝服务(denial of service,DoS)漏洞、时间戳依赖漏洞、交易序列依赖漏洞等;针对上述合约的漏洞进行详细的原理分析和场景复现,提出了相应的预防安全策略并通过实验进行有效性验证;最后分析并比较了几种主流的智能合约安全漏洞检测工具。
基金This research is supported by National Key Research and Development Program of China(No.2021YFF0307203,No.2019QY1300)Youth Innovation Promotion Association CAS(No.2021156)+1 种基金the Strategic Priority Research Program of Chinese Academy of Sciences(No.XDC02040100)National Natural Science Foundation of China(No.61802404)。
文摘Ethereum's high attention,rich business,certain anonymity,and untraceability have attracted a group of attackers.Cybercrime on it has become increasingly rampant,among which scam behavior is convenient,cryptic,antagonistic and resulting in large economic losses.So we consider the scam behavior on Ethereum and investigate it at the node interaction level.Based on the life cycle and risk identification points we found,we propose an automatic detection model named Aparecium.First,a graph generation method which focus on the scam life cycle is adopted to mitigate the sparsity of the scam behaviors.Second,the life cycle patterns are delicate modeled because of the crypticity and antagonism of Ethereum scam behaviors.Conducting experiments in the wild Ethereum datasets,we prove Aparecium is effective which the precision,recall and F1-score achieve at 0.977,0.957 and 0.967 respectively.
文摘In March 2021,we witnessed a surge in Bitcoin price.The cause seemed to be a tweet by Elon Musk.Are other blockchains as sensitive to social media as Bitcoin?And more precisely,could Ethereum's popularity be explained using social media data?This work aims to explore the determinants of Ethereum's popularity.We use both data from Etherscan to retrieve the relevant historic Ethereum factors and Twitter data.Our sample consists of data ranging from 2015 to 2022.We use Ordinary Least Squares to assess the relationship between these factors(Ethereum characteristics and Twitter data)and Ethereum's popularity.Our findings show that Ethereum's popularity—translated here by the number of daily new addresses—is related to the following elements:the Ether(ETH)price,the transaction fees,and the polarity of tweets related to Ethereum.The results could have multiple practical implications for both researchers and practitioners.First of all,we believe that it will enable readers to better understand the technology of Ethereum and its stake.Secondly,it will help the community identify pointers for anticipating or explaining the popularity of existing or future platforms.And finally,the results could help in understanding the factors facilitating the design of future platforms.
基金the project(sanction order no.1/2021-22(GIA))funded by the National Informatics Centre,MeitY,Government of India.
文摘The recent surge of Ethereum in prominence has made it an attractive target for various kinds of crypto crimes.Phishing scams,for example,are an increasingly prevalent cybercrime in which malicious users attempt to steal funds from a user’s crypto wallet.This research investigates the effects of network architectural features as well as the temporal aspects of user activities on the performance of detecting phishing users on the Ethereum transaction network.We employ traditional machine learning algorithms to evaluate our model on real-world Ethereum transaction data.The experimental results demonstrate that our proposed features identify phishing accounts efficiently and outperform the baseline models by 4%in Recall and 5%in F1-score.
文摘The Ethereum blockchain’s smart contract is a programmable transaction that performs general-purpose computations and can be executed automatically on the blockchain.Leveraging this component,blockchain technology(BT)has grown beyond the scope of cryptocurrencies and can now be applicable in various industries other than finance.In this paper,we investigated the current trends in Ethereum-based decentralized applications(DApps)to be able to categorize and analyze the DApps to measure the complexity of smart contracts behind them,their level of security and their correlation to the maintainability of the DApps.We leveraged the source code analysis,security analysis,and the developmental metadata of the DApps to infer this correlation.Based on our findings,we concluded that the maintainability of Ethereum DApps is proportional to the code size,number of functions,and,most importantly,the number of outgoing invocations and statements in the smart contracts.
基金supported by the National Key R&D Program of China with No.2020YFB1006100.
文摘Ethereum has received increasing attention as the first blockchain platform to support smart contracts.Data mining has become an important tool for analyzing Ethereum transactions.However,existing methods have the disadvantage of covering partial transactions and being vulnerable to privacy-enhancing techniques.In this paper,we propose a scheme for transaction correlation with the node as an entity,which can cover all transactions while being resistant to privacy-enhancing techniques.Utilizing timestamps relayed from N fixed nodes to describe the network properties of transactions,we cluster transactions that enter the network from the same source node.Experimental results show that our method can determine with 97%precision whether two transactions enter the network from the same source node.
基金supported by the Major Public Welfare Special Fund of Henan Province(No.201300210200)the Major Science and Technology Research Special Fund of Henan Province(No.221100210400).
文摘With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges such as slow updates,usability issues,and limited installation methods.These challenges hinder the adoption and practicality of these tools.This paper examines smart contract vulnerability detection tools from 2016 to 2023,sourced from the Web of Science(WOS)and Google Scholar.By systematically collecting,screening,and synthesizing relevant research,38 open-source tools that provide installation methods were selected for further investigation.From a developer’s perspective,this paper offers a comprehensive survey of these 38 open-source tools,discussing their operating principles,installation methods,environmental dependencies,update frequencies,and installation challenges.Based on this,we propose an Ethereum smart contract vulnerability detection framework.This framework enables developers to easily utilize various detection tools and accurately analyze contract security issues.To validate the framework’s stability,over 1700 h of testing were conducted.Additionally,a comprehensive performance test was performed on the mainstream detection tools integrated within the framework,assessing their hardware requirements and vulnerability detection coverage.Experimental results indicate that the Slither tool demonstrates satisfactory performance in terms of system resource consumption and vulnerability detection coverage.This study represents the first performance evaluation of testing tools in this domain,providing significant reference value.
基金supported by the European Commission under the Horizon 2020 Programme(H2020)part of the LOCARD(https://locard.eu)(Grant Agreement No.832735)project.
文摘Programming errors in Ethereum smart contracts can result in catastrophic financial losses from stolen cryptocurrency.While vulnerability detectors can prevent vulnerable contracts from being deployed,this does not mean that such contracts will not be deployed.Once a vulnerable contract is instantiated on the blockchain and becomes the target of attacks,the identification of exploit transactions becomes indispensable in assessing whether it has been actually exploited and identifying which malicious or subverted accounts were involved.In this work,we study the problem of post-factum investigation of Ethereum attacks using Indicators of Compromise(IoC)specially crafted for use in the blockchain.IoC definitions need to capture the side-effects of successful exploitation in the context of the Ethereum blockchain.Therefore,we define a model for smart contract execution,comprising multiple abstraction levels that mirror the multiple views of code execution on a blockchain.Subsequently,we compare IoCs defined across the different levels in terms of their effectiveness and practicality through EtherClue,a prototype tool for investigating Ethereum security incidents.Our results illustrate that coarse-grained IoCs defined over blocks of transactions can detect exploit transactions with less computation.However,they are contract-specific and suffer from false negatives.On the other hand,fine-grained IoCs defined over virtual machine instructions can avoid these pitfalls at the expense of increased computation,which is nevertheless applicable for practical use.