ContractGuard：面向以太坊区块链智能合约的入侵检测系统

doi:10.11959/j.issn.2096-109x.2020025

网络与信息安全学报 ›› 2020, Vol. 6 ›› Issue (2): 35-55.doi: 10.11959/j.issn.2096-109x.2020025

所属专题：区块链

ContractGuard：面向以太坊区块链智能合约的入侵检测系统

赵淦森^1,^2,³,谢智健^1,^2,³,王欣明^1,^2,^3,^4,⁵(),何嘉浩^1,^2,³,张成志⁵(),林成创^1,^2,³,ZihengZhou^1,^3,⁶,陈冰川^3,⁷,ChunmingRong⁸

¹ 华南师范大学计算机学院，广东广州 510000
² 广州市云计算安全与测评技术重点实验室，广东广州 510000
³ 华南师范大学唯链区块链技术与应用联合实验室，广东广州 510000
⁴ 拉卡拉集团，北京 100080
⁵ 香港科技大学,中国香港 999077
⁶ VeChain Foundation Limited,Singapore 238463
⁷ 广东财经大学，广东广州 510000
⁸ Stavanger University,Norway Stavanger 4036

修回日期:2020-03-25 出版日期:2020-04-15 发布日期:2020-04-23
作者简介:赵淦森（1977- ），男，广东东莞人，华南师范大学教授、博士生导师，主要研究方向为信息安全、区块链|谢智健（1995- ），男，广东云浮人，华南师范大学硕士生，主要研究方向为软件测试、区块链应用|王欣明（1980- ），男，香港科技大学博士生，主要研究方向为金融科技、软件测试与软件分析、区块链|何嘉浩（1995- ），男，广东广州人，华南师范大学硕士生，主要研究方向为软件分析、区块链应用|张成志（1963- ），男，中国香港人，香港科技大学教授、博士生导师，主要研究方向为软件工程|林成创（1990- ），男，广东韶关人，华南师范大学博士生，主要研究方向为计算机视觉、医疗人工智能|Ziheng Zhou（1979- ），男，新加坡人，博士，主要研究方向为区块链、共识算法、计算机视觉和机器学习|陈冰川（1975- ），男，广东财经大学讲师，主要研究方向为人工智能、推荐系统和软件工程|Chunming Rong（1969- ），男，挪威人，挪威工程院院士，挪威斯塔万格大学终身教授，主要研究方向为区块链
基金资助:
中华人民共和国香港特别行政区政府资金资助项目(RGC/GRF16202917);国家重点研发计划基金资助项目(2018YFB1404402);广东省重点研发计划基金资助项目(2019B010137003);广东省科技计划基金资助项目(2016B030305006);广东省科技计划基金资助项目(2018A07071702);广东省科技计划基金资助项目(201804010314);广东省科技计划基金资助项目(2012224-12);唯链基金会资金资助项目(SCNU-2018-01);广东省教育厅特色创新项目（自然科学）(2017KTSCX074)

ContractGuard:defend Ethereum smart contract with embedded intrusion detection

Gansen ZHAO^1,^2,³,Zhijian XIE^1,^2,³,Xinming WANG^1,^2,^3,^4,⁵(),Jiahao HE^1,^2,³,Chengzhi ZHANG⁵(),Chengchuang LIN^1,^2,³,ZHOU Ziheng^1,^3,⁶,Bingchuan CHEN^3,⁷,RONG Chunming⁸

¹ South China Normal University School of Computer Science,Guangzhou 510000,China
² Guangzhou Key Laboratory of Cloud Computing Security and Assessment Technology,Guangzhou 510000,China
³ VeChain blockchain technology and application joint laboratory,Guangzhou 510000,China
⁴ Lakala Payment Company Limited,Beijing 100080,China
⁵ HK University of Science and Technology,Hong Kong 999077,China
⁶ VeChain Foundation Limited,Singapore 238463
⁷ Guangdong university of finance and economics,Guangzhou 510000,China
⁸ Stavanger University,Stavanger 4036,Norway

Revised:2020-03-25 Online:2020-04-15 Published:2020-04-23
Supported by:
HKSAR(RGC/GRF16202917);The National Key R＆D Program of China(2018YFB1404402);Guangdong Science ＆Technology Fund(2019B010137003);Guangzhou Science ＆ Technology Fund(2016B030305006);Guangzhou Science ＆ Technology Fund(2018A07071702);Guangzhou Science ＆ Technology Fund(201804010314);Guangzhou Science ＆ Technology Fund(2012224-12);VeChain Foundation(SCNU-2018-01);Guangdong Provincial Department of Education Characteristic Innovation Project (Natural Science)(2017KTSCX074)

摘要/Abstract

摘要：

以太坊智能合约本质上是一种在网络上由相互间没有信任关系的节点共同执行的已被双方认证程序。目前，大量的智能合约被用于管理数字资产，使智能合约成为黑客的重要攻击对象。常见的攻击方法是通过利用智能合约的漏洞来实现特定操作的入侵攻击。ContractGuard 是首次提出面向以太坊区块链智能合约的入侵检测系统，它能检测智能合约的潜在攻击行为。ContractGuard 的入侵检测主要依赖检测潜在攻击可能引发的异常控制流来实现。由于智能合约运行在去中心化的环境以及在高度受限的环境中运行，现有的IDS技术或者工具等以外部拦截形式的部署架构不适合于以太坊智能合约。为了解决这些问题，通过设计一个嵌入式的架构，实现了把 ContractGuard 直接嵌入智能合约的执行代码中，作为智能合约的一部分。在运行时刻，ContractGuard通过相应的context-tagged无环路径来实现入侵检测，从而保护智能合约。由于嵌入了额外的代码，ContractGuard一定程度上会增加智能合约的部署开销与运行开销，为了降低这两方面的开销，基于以太坊智能合约的特性对 ContractGuard 进行优化。实验结果显示，可有效地检测 83%的异常行为，其部署开销仅增加了36.14%，运行开销仅增加了28.17%。

关键词: 区块链, 以太坊智能合约, 入侵检测系统, 异常检测

Abstract:

Ethereum smart contracts are programs that can be collectively executed by a network of mutually untrusted nodes.Smart contracts handle and transfer assets of values,offering strong incentives for malicious attacks.Intrusion attacks are a popular type of malicious attacks.ContractGuard,the first intrusion detection system (IDS) was proposed to defend Ethereum smart contracts against such attacks.Like IDSs for conventional programs,ContractGuard detects intrusion attempts as abnormal control flow.However,existing IDS techniques or tools are inapplicable to Ethereum smart contracts due to Ethereum’s decentralized nature and its highly restrictive execution environment.To address these issues,ContractGuard was designed by embedding it in the contracts.At runtime,ContractGuard protects the smart contract by monitoring the context-tagged acyclic path of the smart contract.As ContractGuard involves deployment overhead and deployment overhead.It was optimized under the Ethereum Gas-oriented performance model to reduce the overheads.The experimental results show that this work can effectively detect 83% of vulnerabilities,ContractGuard only adds to 36.14% of the deployment overhead and 28.27% of the runtime overhead.

Key words: blockchain, Ethereum smart contract, intrusion detection system, anomaly detection

中图分类号:

TP393

赵淦森,谢智健,王欣明,何嘉浩,张成志,林成创,ZihengZhou,陈冰川,ChunmingRong. ContractGuard：面向以太坊区块链智能合约的入侵检测系统[J]. 网络与信息安全学报, 2020, 6(2): 35-55.

Gansen ZHAO,Zhijian XIE,Xinming WANG,Jiahao HE,Chengzhi ZHANG,Chengchuang LIN,ZHOU Ziheng,Bingchuan CHEN,RONG Chunming. ContractGuard:defend Ethereum smart contract with embedded intrusion detection[J]. Chinese Journal of Network and Information Security, 2020, 6(2): 35-55.

图/表 15

图1

图2

图3

表1

图4

图5

图6

图7

图8

图9

图10

图11

表2

应用在现有项目的实验结果　Table 2 Experiments with real-life reported vulnerabilities and attack vectors"

项目	漏洞以及其攻击向量	代码大小/Byte	部署额外开销		运行额外开销		平均召回率	平均误报次数
项目	漏洞以及其攻击向量	代码大小/Byte	$\frac{部署额外开销}{原始部署开销}$	平均开销	$\frac{运行额外开销}{原始运行开销}$	平均开销	平均召回率	平均误报次数
DAO	可重入漏洞^[44]	1 774	11.95%	35 751.43	20.51%	43 845.47	100%	4.48
MultiSig	危险的Delegatecall^[45]	764	29.58%	22 679.66	28.27%	29 085.6	100%	2.0
KoETH	对外部调用的检查^[46]	3 617	31.18%	37 359.64	23.82%	44 067.72	100%	13.57
BecToken	算术上溢^[47]	5 963	9.52%	39 846.26	15.75%	68 371.95	100%	8.2
OwlWallet	Tx.Origin^[48]	561	27.27%	25 032.01	26.50%	31 456.74	100%	3.0
MerdeToken	算术下溢^[49]	1 013	21.03%	35 990.97	18.74%	42 397.30	100%	4.0

表2

表3

表4

参考文献 55

[1]	NAKAMOTO S . Bitcoin:a peer-to-peer electronic cash system[EB].
[2]	BUTERIN V . A next-generation smart contract and decentralized application platform[J].
[3]	ATZEI N , BARTOLETTI M , CIMOLI T . A survey of attacks on Ethereum smart contracts (SoK)[C]// International Conference on Principles of Security and Trust. 2017: 164-186.
[4]	KRUPP J , ROSSOW C . Teether:gnawing at Ethereum to automatically exploit smart contracts[C]// 27th USENIX Security Symposium (USENIX Security 18). 2018: 1317-1333.
[5]	CHEN T , LI X , LUO X , ZHANG X . Under-optimized smart contracts devour your money[C]// Software Analysis,Evolution and Reengineering (SANER). 2017: 442-446.
[6]	KALRA S , GOEL S , DHAWAN M ,et al. ZEUS:analyzing safety of smart contracts[C]// NDSS. 2018.
[7]	BRENT L . Vandal:a scalable security analysis framework for smart contracts[J]. arXiv preprint arXiv:1809.03981, 2018
[8]	ZAKRZEWSKI J , . Towards verification of Ethereum smart contracts:a formalization of core of solidity[C]// Working Confer-ence on Verified Software:Theories,Tools,and Experiments. 2018: 229-247.
[9]	NIKOLI? I , KOLLURI A , SERGEY I ,et al. Finding the greedy,prodigal,and suicidal contracts at scale[C]// The 34th Annual Computer Security Applications Conference. 2018: 653-663.
[10]	GRECH N , KONG M , JURISEVIC A ,et al. MadMax:surviving out-of-gas conditions in Ethereum smart contracts[J]. Proceedings of the ACM on Programming Languages, 2018,2: 1-27.
[11]	JIANG B , LIU Y , CHAN W K . Contract fuzzer:fuzzing smart contracts for vulnerability detection[C]// 33rd ACM/IEEE International Conference on Automated Soft-ware Engineering. 2018: 259-269
[12]	LIAO H J , LIN C H R , LIN Y C ,et al. Intrusion detection system:a comprehensive review[J]. Journal of Network and Computer Applications, 2013(36): 16-24.
[13]	Understanding the DAO attack[EB].
[14]	Parity multisig hacked again[EB].
[15]	ZHANG T , ZHUANG X , PANDE S ,et al. Anomalous path detection with hardware support[C]// The 2005 International Conference on Compilers,Architectures and Synthesis for Embedded Systems. 2005: 43-54.
[16]	FENG H H , KOLESNIKOV O M , FOGLA P ,et al. Anomaly detection using call stack information[C]// 2003 Symposium on Security and Privacy. 2003: 62-75.
[17]	GARFINKEL T , ROSENBLUM M . A virtual machine introspection based architecture for intrusion detection[C]// NDSS. 2003: 191-206.
[18]	WOOD G . Ethereum yellow paper[EB].
[19]	GIFFIN J T , JHA S , MILLER B P . Efficient context-sensitive intrusion detection[C]// NDSS. 2004.
[20]	XU H , DU W , CHAPIN S J . Context sensitive anomaly monitoring of process control flow to detect mimicry attacks and impossible paths[C]// International Workshop on Recent Advances in Intrusion Detection. 2004: 21-38.
[21]	BALL T , LARUS J R . Efficient path profiling[C]// 29th Annual ACM/IEEE International Symposium on Microarchitecture, 1996: 46-57.
[22]	BELAZZOUGUID , BOTELHO F C , DIETZFELBINGER M . Hash,displace,and compress[C]// European Symposium on Algorithms. 2009: 682-693.
[23]	LUU L , CHU D H , OLICKEL H ,et al. Making smart contracts smarter[C]// 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016: 254-269.
[24]	GROSSMAN S , . Online detection of effectively callback free objects with applications to smart contracts[C]// ACM on Programming Languages, 2017(2):48.
[25]	GRISHCHENKO I , MAFFEI M , SCHNEIDEWIND C . a semantic framework for the security analysis of Ethereum smart contracts[C]// International Conference on Principles of Security and Trust, 2018: 243-269.
[26]	LARUS J R , . Whole program paths[C]// ACM SIGPLAN 1999 Conference on Programming Language Design and Implementation (PLDI). 1999,34: 259-269.
[27]	MELSKI D , REPS T . Interprocedural path profiling[C]// International Conference on Compiler Construction. 1999: 47-62.
[28]	D’ELIA D C , DEMETRESCU C . Ball-larus path profiling across multiple loop iterations[J]. ACM Sigplan Notices, 2013,48: 373-390.
[29]	SUMNER W N , ZHENG Y , WEERATUNGE D ,et al. Precise calling context encoding[J]. IEEE Transactions on Software Engineering, 2012,38(5): 1160-1177.
[30]	AMMONS G , LARUS J R . Improving dataflow analysis with path profiles[J]. ACM SIGPLAN Notices, 1998,33: 72-84.
[31]	ERNST M D , COCKRELL J , GRISWOLD W G ,et al. Dynamically discovering likely program invariants to support program evolution[J]. IEEE Transactions on Software Engineering, 2001,27(2): 99-123.
[32]	KUMAR V , SANGWAN O P . Signature based intrusion detection system using SNORT[J]. International Journal of Computer Applications ＆ Information Technology, 2012,1(3): 35-41.
[33]	CUI W , PEINADO M , WANG H J ,et al. Shieldgen:automatic data patch generation for unknown vulnerabilities with informed probing[C]// 2007 IEEE Symposium on Security and Privacy (SP’07). 2007: 252-266.
[34]	DANNEN C . Introducing Ethereum and solidity[M]. Berlin: SpringerPress, 2017.
[35]	ZHUANG X , SERRANO M J , CAIN H W ,et al. Accurate,efficient,and adaptive calling context profiling[J]. ACM Sigplan Notices, 2006(41): 263-271.
[36]	LI X , JIANG P , CHEN T ,et al. A survey on the security of blockchain systems[C]// Future Generation Computer Systems. 2017.
[37]	MANNING D A . Solidity security:comprehensive list of known attack vectors and common antipatterns[J].
[38]	DERIVATIVES D N \| T . A survey of solidity security vulnerability[EB].
[39]	BEC spiked 4000% on first trading day,another pump-and-dump scheme[EB].
[40]	WANG X , CHEUNG S C , CHAN W K ,et al. Taming coincidental correctness:coverage refinement with context patterns[C]// ICSE. 2009: 45-55.
[41]	Truffle Suite.Sweet Contracts[EB].
[42]	BALL T , LARUS J R . Optimally profiling and tracing programs[J]. ACM Transactions on Programming Languages and Systems (TOPLAS), 1994,16(4): 1319-1360.
[43]	TJHAI G C , PAPADAKI M , FURNELL S M ,et al. Clarke,investigating the problem of IDS false alarms:an experimental study using snort[C]// IFIP International Information Security Conference. 2008: 253-267.
[44]	Understanding the DAO attack[EB].
[45]	An in-depth look at the parity multisig bug[EB].
[46]	Post-mortem[EB].
[47]	Detecting integer arithmetic bugs in Ethereum smart contracts[EB].
[48]	Smart contract wallets created in frontier are vulnerable to phishing attacks[EB].
[49]	MerdeToken[EB].
[50]	CryptoKitty[EB].
[51]	StatusNetwork[EB].
[52]	DecentralizedVoting[EB].
[53]	PoolShark[EB].
[54]	Etherscan[EB].
[55]	SafeMath OpenZeppelin[EB].

漏洞	是否存在异常控制流
1) 可重入漏洞	是，此路径重新进入调用的函数中，然后发起外部调用
2) 危险的Deleagate call	是，此路径通过delegate call调用未知的库代码
3) 算术上溢/下溢	是，在拓展后的控制流图中，用于检查上下溢的分支会返回true
4) 默认类型	是，这条路径调用了本应该为 internal 属性的函数
5) 随机种子	否
6) 对外部调用的检查	是，在拓展后的控制流图中，用于检测call()和send()返回结果的值为false
7) 打包交易顺序	否
8) Tx.Origin	是，此路径由合约用户在攻击者合约中发起交易，然后触发Tx.Origin进行权限更改
9) 拒绝服务	是，此路径使智能合约失效
10) 短地址攻击	否
11) 逻辑错误	不一定存在，取决于安全路径与不安全路径是否进行了重合

项目	代码大小/Byte	Truffle框架下的测试用例	人工植入漏洞的总数	主要植入的漏洞	部署额外开销	运行额外开销	平均召回率	平均错误警报
Cryptokitties^[50]	30 966	516	64(14,7,3,40)	5(2,1,0,2)	14.28%	9.03%	60%	1.5
StatusNetwork^[51]	38 631	261	83(28,9,6,40)	2(0,1,1,0)	19.02%	15.79%	100%	3.0
VotingDApp^[52]	2 326	14	15(6,2,0,7)	2(2,0,0,0)	12.33%	10.84%	100%	1.0
pool-shark^[53]	5 895	69	33(8,6,1,18)	3(2,1,0,0)	10.23%	31.52%	100%	5.9

嵌入点	部署开销/Gas	运行开销/Gas
合约构造点	16 000	500～5 980
函数入口	4 200	45
分支点	2 600	30
回边	5 200	57
内部函数调用	4 400	48
内部函数返回	6 200	68
外部调用不安全合约	5 000	5 348
外部调用安全合约	6800	70
函数出口	800	9
路径集检查	1 600·n + 2 800	378

ContractGuard：面向以太坊区块链智能合约的入侵检测系统

ContractGuard:defend Ethereum smart contract with embedded intrusion detection

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 15

参考文献 55

相关文章 15

Metrics

推荐阅读 0

[1]	蔡召, 荆涛, 任爽. 以太坊钓鱼诈骗检测技术综述[J]. 网络与信息安全学报, 2023, 9(2): 21-32.
[2]	王贺立, 闫巧. 基于交易记录特征的自私挖矿检测方案[J]. 网络与信息安全学报, 2023, 9(2): 104-114.
[3]	余北缘, 任珊瑶, 刘建伟. 区块链资产窃取攻击与防御技术综述[J]. 网络与信息安全学报, 2023, 9(1): 1-17.
[4]	唐飞, 甘宁, 阳祥贵, 王金洋. 基于区块链与国密SM9的抗恶意KGC无证书签名方案[J]. 网络与信息安全学报, 2022, 8(6): 9-19.
[5]	林丹, 林凯欣, 吴嘉婧, 郑子彬. 基于字节码的以太坊智能合约分类方法[J]. 网络与信息安全学报, 2022, 8(5): 111-120.
[6]	陈立全, 李潇, 杨哲懿, 钱思杰. 基于区块链的高透明度PKI认证协议[J]. 网络与信息安全学报, 2022, 8(4): 1-11.
[7]	张文博, 陈思敏, 魏立斐, 宋巍, 黄冬梅. 基于形式化方法的智能合约验证研究综述[J]. 网络与信息安全学报, 2022, 8(4): 12-28.
[8]	刘峰, 杨杰, 齐佳音. 区块链密码学隐私保护技术综述[J]. 网络与信息安全学报, 2022, 8(4): 29-44.
[9]	宋晓玲, 刘勇, 董景楠, 黄勇飞. 元宇宙中区块链的应用与展望[J]. 网络与信息安全学报, 2022, 8(4): 45-65.
[10]	金琳, 田有亮. 基于区块链的多权限属性隐藏电子病历共享方案[J]. 网络与信息安全学报, 2022, 8(4): 66-76.
[11]	姜鹏坤, 张问银, 王九如, 黄善云, 宋万水. 基于正常交易掩盖下的区块链隐蔽通信方案[J]. 网络与信息安全学报, 2022, 8(4): 77-86.
[12]	曹艺怀, 陈伟, 张帆, 吴礼发. 面向高速网络流量的加密混淆型WebShell检测[J]. 网络与信息安全学报, 2022, 8(4): 119-130.
[13]	翟宝琴, 王健, 韩磊, 刘吉强, 何嘉豪, 刘天皓. 基于信任值的车联网分层共识优化协议[J]. 网络与信息安全学报, 2022, 8(3): 142-153.
[14]	石灏苒, 吉立新, 刘树新, 王庚润. 基于半局部结构的异常连边识别算法[J]. 网络与信息安全学报, 2022, 8(1): 63-72.
[15]	余佳仁, 田有亮, 林晖. 基于信誉管理模型的矿工类型鉴别机制设计[J]. 网络与信息安全学报, 2022, 8(1): 128-138.