Computer Science > Cryptography and Security
[Submitted on 17 May 2020 (v1), last revised 23 Oct 2020 (this version, v2)]
Title:Time-Travel Investigation: Towards Building A Scalable Attack Detection Framework on Ethereum
View PDFAbstract:As one of the representative blockchain platforms, Ethereum has attracted lots of attacks. Due to the existed financial loss, there is a pressing need to perform timely investigation and detect more attack instances. Though multiple systems have been proposed, they suffer from the scalability issue due to the following reasons. First, the tight coupling between malicious contract detection and blockchain data importing makes them infeasible to repeatedly detect different attacks. Second, the coarse-grained archive data makes them inefficient to replay transactions. Third, the separation between malicious contract detection and runtime state recovery consumes lots of storage.
In this paper, we present the design of a scalable attack detection framework on Ethereum. It overcomes the scalability issue by saving the Ethereum state into a database and providing an efficient way to locate suspicious transactions. The saved state is fine-grained to support the replay of arbitrary transactions. The state is well-designed to avoid saving unnecessary state to optimize the storage consumption. We implement a prototype named EthScope and solve three technical challenges, i.e., incomplete Ethereum state, scalability, and extensibility. The performance evaluation shows that our system can solve the scalability issue, i.e., efficiently performing a large-scale analysis on billions of transactions, and a speedup of around 2,300x when replaying transactions. It also has lower storage consumption compared with existing systems. The result with three different types of information as inputs shows that our system can help an analyst understand attack behaviors and further detect more attacks. To engage the community, we will release our system and the dataset of detected attacks.
Submission history
From: Yajin Zhou [view email][v1] Sun, 17 May 2020 15:23:51 UTC (3,331 KB)
[v2] Fri, 23 Oct 2020 13:24:18 UTC (1,131 KB)
References & Citations
Bibliographic and Citation Tools
Bibliographic Explorer (What is the Explorer?)
Litmaps (What is Litmaps?)
scite Smart Citations (What are Smart Citations?)
Code, Data and Media Associated with this Article
CatalyzeX Code Finder for Papers (What is CatalyzeX?)
DagsHub (What is DagsHub?)
Gotit.pub (What is GotitPub?)
Papers with Code (What is Papers with Code?)
ScienceCast (What is ScienceCast?)
Demos
Recommenders and Search Tools
Influence Flower (What are Influence Flowers?)
Connected Papers (What is Connected Papers?)
CORE Recommender (What is CORE?)
arXivLabs: experimental projects with community collaborators
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.
Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.