Abstract
Ethereum, a blockchain-based platform with a large number of decentralized applications, has been facing vast attacks and suffered significant financial losses. Threat hunting on Ethereum fails to detect attacks in time, resulting in abundant attacks being discovered only after vendors or developers take property inventory count. We propose BASNEA, a backtrackless aligned-spatial network entity alignment algorithm, to identify attacks, suspicious, and benign behaviors by comparing the attack provenance graphs constructed by the Ethereum threat intelligence with transaction provenance graphs generated from the Ethereum sync node. We also use attack investigation to the analysis of suspicious behaviors, and feedback is given to the analysis model to identify more potential threats. The experiments show that based on the collected 1,220 attack events, BASNEA can show more accurate and robust results in Ethereum smart contract threat hunting, which identifies 14 vulnerability types, and 8,814 attack events, including 1,122 known attack behaviors, and 7692 suspected attack behaviors. After the attack investigation, we discovered the hidden information behind the attack, which can help us better identify unknown threats.
Supported by Youth Innovation Promotion Association, CAS (No. 2020166), this work is also supported by the Program of Key Laboratory of Network Assessment Technology, the Chinese Academy of Sciences, Program of Beijing Key Laboratory of Network Security and Protection Technology.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ethereum community. https://ethereum.org/. Accessed 3 May 2022
Bail, L., Cui, L., Jiao, Y., Rossi, L., Hancock, E.R.: Learning backtrackless aligned-spatial graph convolutional networks for graph classification. IEEE Transactions on Pattern Analysis and Machine Intelligence PP(99), 1–1
Chen, W., Guo, X., Chen, Z., Zheng, Z., Lu, Y.: Phishing scam detection on ethereum: towards financial security for blockchain ecosystem. In: IJCAI, pp. 4506–4512. ijcai.org (2020)
dappradar: Dappradar - the world’s dapp store | blockchain dapps ranked. https://dappradar.com/. Accessed 3 May 2022
of the Dapps, S.: A next-generation smart contract and decentralized application platform. https://www.stateofthedapps.com/. Accessed 3 May 2022
etherscan: The ethereum blockchain explorer. https://cn.etherscan.com/. Accessed 3 May 2022
Gao, P., et al.: Enabling efficient cyber threat hunting with cyber threat intelligence. In: ICDE, pp. 193–204. IEEE (2021)
Hadar, E., Hassanzadeh, A.: Big data analytics on cyber attack graphs for prioritizing agile security requirements. In: RE, pp. 330–339. IEEE (2019)
Liu, C., Liu, H., Cao, Z., Chen, Z., Chen, B., Roscoe, B.: Reguard: finding reentrancy bugs in smart contracts. In: ICSE (Companion Volume), pp. 65–68. ACM (2018)
Milajerdi, S.M., Eshete, B., Gjomemo, R., Venkatakrishnan, V.N.: POIROT: aligning attack behavior with kernel audit records for cyber threat hunting. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, 11–15 November, 2019, pp. 1813–1830. ACM (2019). https://doi.org/10.1145/3319535.3363217, https://doi.org/10.1145/3319535.3363217
Review, D.: A next-generation smart contract and decentralized application platform. https://dapp.review/. Accessed 3 May 2022
Sebastián, S., Caballero, J.: Towards attribution in mobile markets: Identifying developer account polymorphism. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) CCS 2020: 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, USA, 9–13 November, 2020, pp. 771–785. ACM (2020). https://doi.org/10.1145/3372297.3417281, https://doi.org/10.1145/3372297.3417281
Torres, C.F., Baden, M., Norvill, R., Jonker, H.: Ægis: smart shielding of smart contracts. In: CCS, pp. 2589–2591. ACM (2019)
Wang, H., Li, Y., Lin, S., Ma, L., Liu, Y.: Vultron: catching vulnerable smart contracts once and for all. In: ICSE (NIER), pp. 1–4. IEEE/ACM (2019)
Wang, Z., Lv, Q., Lan, X., Zhang, Y.: Cross-lingual knowledge graph alignment via graph convolutional networks. In: Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing (2018)
WOOD, D.G.: Ethereum: A secure decentralised generalised transaction ledger. https://ethereum.github.io/yellowpaper/paper.pdf. Accessed 3 May 2022
Zhou, S., Yang, Z., Xiang, J., Cao, Y., Yang, M., Zhang, Y.: An ever-evolving game: evaluation of real-world attacks and defenses in ethereum ecosystem. In: USENIX Security Symposium, pp. 2793–2810. USENIX Association (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Du, X. et al. (2022). BASNEA: Threat Hunting for Ethereum Smart Contract Based on Backtrackless Aligned-Spatial Network Entity Alignment. In: Su, C., Sakurai, K., Liu, F. (eds) Science of Cyber Security. SciSec 2022. Lecture Notes in Computer Science, vol 13580. Springer, Cham. https://doi.org/10.1007/978-3-031-17551-0_28
Download citation
DOI: https://doi.org/10.1007/978-3-031-17551-0_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17550-3
Online ISBN: 978-3-031-17551-0
eBook Packages: Computer ScienceComputer Science (R0)