首页 | 本学科首页   官方微博 | 高级检索  
     

ContractGuard:面向以太坊区块链智能合约的入侵检测系统
引用本文:赵淦森,谢智健,王欣明,何嘉浩,张成志,林成创,Ziheng Zhou,陈冰川,Chunming Rong. ContractGuard:面向以太坊区块链智能合约的入侵检测系统[J]. 网络与信息安全学报, 2020, 6(2): 35-55. DOI: 10.11959/j.issn.2096-109x.2020025
作者姓名:赵淦森  谢智健  王欣明  何嘉浩  张成志  林成创  Ziheng Zhou  陈冰川  Chunming Rong
作者单位:1. 华南师范大学计算机学院,广东 广州 510000;2. 广州市云计算安全与测评技术重点实验室,广东 广州 510000;3. 华南师范大学唯链区块链技术与应用联合实验室,广东 广州 510000;4. 拉卡拉集团,北京 100080;5. 香港科技大学,中国 香港 999077;6. VeChain Foundation Limited,Singapore 238463;7. 广东财经大学,广东 广州 510000;8. Stavanger University,Norway Stavanger 4036
基金项目:中华人民共和国香港特别行政区政府资金资助项目(No.RGC/GRF16202917);国家重点研发计划基金资助项目(No.2018YFB1404402);广东省重点研发计划基金资助项目(No.2019B010137003);广东省科技计划基金资助项目(No.2016B030305006,No.2018A07071702,No.201804010314,No.2012224-12);唯链基金会资金资助项目(No.SCNU-2018-01);广东省教育厅特色创新项目(自然科学)(No.2017KTSCX074)。
摘    要:以太坊智能合约本质上是一种在网络上由相互间没有信任关系的节点共同执行的已被双方认证程序。目前,大量的智能合约被用于管理数字资产,使智能合约成为黑客的重要攻击对象。常见的攻击方法是通过利用智能合约的漏洞来实现特定操作的入侵攻击。ContractGuard 是首次提出面向以太坊区块链智能合约的入侵检测系统,它能检测智能合约的潜在攻击行为。ContractGuard 的入侵检测主要依赖检测潜在攻击可能引发的异常控制流来实现。由于智能合约运行在去中心化的环境以及在高度受限的环境中运行,现有的IDS技术或者工具等以外部拦截形式的部署架构不适合于以太坊智能合约。为了解决这些问题,通过设计一个嵌入式的架构,实现了把 ContractGuard 直接嵌入智能合约的执行代码中,作为智能合约的一部分。在运行时刻,ContractGuard通过相应的context-tagged无环路径来实现入侵检测,从而保护智能合约。由于嵌入了额外的代码,ContractGuard一定程度上会增加智能合约的部署开销与运行开销,为了降低这两方面的开销,基于以太坊智能合约的特性对 ContractGuard 进行优化。实验结果显示,可有效地检测 83%的异常行为,其部署开销仅增加了36.14%,运行开销仅增加了28.17%。

关 键 词:区块链  以太坊智能合约  入侵检测系统  异常检测  

ContractGuard:defend Ethereum smart contract with embedded intrusion detection
Gansen ZHAO,Zhijian XIE,Xinming WANG,Jiahao HE,Chengzhi ZHANG,Chengchuang LIN,ZHOU Ziheng,Bingchuan CHEN,RONG Chunming. ContractGuard:defend Ethereum smart contract with embedded intrusion detection[J]. Chinese Journal of Network and Information Security, 2020, 6(2): 35-55. DOI: 10.11959/j.issn.2096-109x.2020025
Authors:Gansen ZHAO  Zhijian XIE  Xinming WANG  Jiahao HE  Chengzhi ZHANG  Chengchuang LIN  ZHOU Ziheng  Bingchuan CHEN  RONG Chunming
Affiliation:(South China Normal University School of Computer Science,Guangzhou 510000,China;Guangzhou Key Laboratory of Cloud Computing Security and Assessment Technology,Guangzhou 510000,China;VeChain blockchain technology and application joint laboratory,Guangzhou 510000,China;Lakala Payment Company Limited,Beijing 100080,China;HK University of Science and Technology,Hong Kong 999077,China;VeChain Foundation Limited,Singapore 238463;Guangdong university of finance and economics,Guangzhou 510000,China;Stavanger University,Stavanger 4036,Norway)
Abstract:Ethereum smart contracts are programs that can be collectively executed by a network of mutually untrusted nodes.Smart contracts handle and transfer assets of values,offering strong incentives for malicious attacks.Intrusion attacks are a popular type of malicious attacks.ContractGuard,the first intrusion detection system(IDS)was proposed to defend Ethereum smart contracts against such attacks.Like IDSs for conventional programs,ContractGuard detects intrusion attempts as abnormal control flow.However,existing IDS techniques or tools are inapplicable to Ethereum smart contracts due to Ethereum’s decentralized nature and its highly restrictive execution environment.To address these issues,ContractGuard was designed by embedding it in the contracts.At runtime,ContractGuard protects the smart contract by monitoring the context-tagged acyclic path of the smart contract.As ContractGuard involves deployment overhead and deployment overhead.It was optimized under the Ethereum Gas-oriented performance model to reduce the overheads.The experimental results show that this work can effectively detect 83% of vulnerabilities,ContractGuard only adds to 36.14% of the deployment overhead and 28.27% of the runtime overhead.
Keywords:blockchain  Ethereum smart contract  intrusion detection system  anomaly detection
本文献已被 维普 等数据库收录!
点击此处可从《网络与信息安全学报》浏览原始摘要信息
点击此处可从《网络与信息安全学报》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号