In recent years,blockchain technology integration and application has gradually become an important driving force for new technological innovation and industrial transformation.While blockchain technology and applicat...In recent years,blockchain technology integration and application has gradually become an important driving force for new technological innovation and industrial transformation.While blockchain technology and applications are developing rapidly,the emerging security risks and obstacles have gradually become prominent.Attackers can still find security issues in blockchain systems and conduct attacks,causing increasing losses from network attacks every year.In response to the current demand for blockchain application security detection and assessment in all industries,and the insufficient coverage of existing detection technologies such as smart contract detectiontechnology,this paper proposes a blockchain core technology security assessment system model,and studies the relevant detection and assessment key technologies and systems.A security assessment scheme based on a smart contract and consensus mechanism detection scheme is designed.And the underlying blockchain architecture supports the traceability of detection results using super blockchains.Finally,the functionality and performance of the system were tested,and the test results show that the model and solutions proposed in this paper have good feasibility.展开更多
Blockchain platform swith the unique characteristics of anonymity,decentralization,and transparency of their transactions,which are faced with abnormal activities such as money laundering,phishing scams,and fraudulent...Blockchain platform swith the unique characteristics of anonymity,decentralization,and transparency of their transactions,which are faced with abnormal activities such as money laundering,phishing scams,and fraudulent behavior,posing a serious threat to account asset security.For these potential security risks,this paper proposes a hybrid neural network detection method(HNND)that learns multiple types of account features and enhances fusion information among them to effectively detect abnormal transaction behaviors in the blockchain.In HNND,the Temporal Transaction Graph Attention Network(T2GAT)is first designed to learn biased aggregation representation of multi-attribute transactions among nodes,which can capture key temporal information from node neighborhood transactions.Then,the Graph Convolutional Network(GCN)is adopted which captures abstract structural features of the transaction network.Further,the Stacked Denoising Autoencode(SDA)is developed to achieve adaptive fusion of thses features from different modules.Moreover,the SDA enhances robustness and generalization ability of node representation,leading to higher binary classification accuracy in detecting abnormal behaviors of blockchain accounts.Evaluations on a real-world abnormal transaction dataset demonstrate great advantages of the proposed HNND method over other compared methods.展开更多
In the blockchain world,proof-of-work is the dominant protocol mechanism that determines the consensus of the ledger.The hashrate,a measure of the computational power directed toward securing a blockchain through proo...In the blockchain world,proof-of-work is the dominant protocol mechanism that determines the consensus of the ledger.The hashrate,a measure of the computational power directed toward securing a blockchain through proof-of-work consensus,is a fundamental measure of preventing various attacks.This study tests the causal relationship between the hashrate and the security outcome of the Bitcoin blockchain.We use vector error correction modeling to analyze the endogenous relationships between the hashrate,Bitcoin price,and transaction fee,revealing the need for an additional variable to achieve our aim.Employing a measure summarizing the growth of demand factors in the Bitcoin ecosystem indicates that hashrate fluctuations significantly influence security level changes.This result underscores the importance of the hashrate in ensuring the security of the Bitcoin blockchain.展开更多
Adaptive robust secure framework plays a vital role in implementing intelligent automation and decentralized decision making of Industry 5.0.Latency,privacy risks and the complexity of industrial networks have been pr...Adaptive robust secure framework plays a vital role in implementing intelligent automation and decentralized decision making of Industry 5.0.Latency,privacy risks and the complexity of industrial networks have been preventing attempts at traditional cloud-based learning systems.We demonstrate that,to overcome these challenges,for instance,the EdgeGuard-IoT framework,a 6G edge intelligence framework enhancing cybersecurity and operational resilience of the smart grid,is needed on the edge to integrate Secure Federated Learning(SFL)and Adaptive Anomaly Detection(AAD).With ultra-reliable low latency communication(URLLC)of 6G,artificial intelligence-based network orchestration,and massive machine type communication(mMTC),EdgeGuard-IoT brings real-time,distributed intelligence on the edge,and mitigates risks in data transmission and enhances privacy.EdgeGuard-IoT,with a hierarchical federated learning framework,helps edge devices to collaboratively train models without revealing the sensitive grid data,which is crucial in the smart grid where real-time power anomaly detection and the decentralization of the energy management are a big deal.The hybrid AI models driven adaptive anomaly detection mechanism immediately raises the thumb if the grid stability and strength are negatively affected due to cyber threats,faults,and energy distribution,thereby keeping the grid stable with resilience.The proposed framework also adopts various security means within the blockchain and zero-trust authentication techniques to reduce the adversarial attack risks and model poisoning during federated learning.EdgeGuard-IoT shows superior detection accuracy,response time,and scalability performance at a much reduced communication overhead via extensive simulations and deployment in real-world case studies in smart grids.This research pioneers a 6G-driven federated intelligence model designed for secure,self-optimizing,and resilient Industry 5.0 ecosystems,paving the way for next-generation autonomous smart grids and industrial cyber-physical systems.展开更多
The emergence of smart contracts has increased the attention of industry and academia to blockchain technology,which is tamper-proofing,decentralized,autonomous,and enables decentralized applications to operate in unt...The emergence of smart contracts has increased the attention of industry and academia to blockchain technology,which is tamper-proofing,decentralized,autonomous,and enables decentralized applications to operate in untrustworthy environments.However,these features of this technology are also easily exploited by unscrupulous individuals,a typical example of which is the Ponzi scheme in Ethereum.The negative effect of unscrupulous individuals writing Ponzi scheme-type smart contracts in Ethereum and then using these contracts to scam large amounts of money has been significant.To solve this problem,we propose a detection model for detecting Ponzi schemes in smart contracts using bytecode.In this model,our innovation is shown in two aspects:We first propose to use two bytes as one characteristic,which can quickly transform the bytecode into a high-dimensional matrix,and this matrix contains all the implied characteristics in the bytecode.Then,We innovatively transformed the Ponzi schemes detection into an anomaly detection problem.Finally,an anomaly detection algorithm is used to identify Ponzi schemes in smart contracts.Experimental results show that the proposed detection model can greatly improve the accuracy of the detection of the Ponzi scheme contracts.Moreover,the F1-score of this model can reach 0.88,which is far better than those of other traditional detection models.展开更多
The blockchain provides a reliable and scalable method for enabling source-tracing functionality in large-scale Internet of Things(IoT)systems.Traditional blockchain-based source tracing applications are generally bas...The blockchain provides a reliable and scalable method for enabling source-tracing functionality in large-scale Internet of Things(IoT)systems.Traditional blockchain-based source tracing applications are generally based on the hypothesis that the raw data collected by each IoT node are credible and consistent,which however may not always be the truth.As no mechanism ensures the reliability of the original data collected from the IoT devices,these data may be accidently screwed up or maliciously tampered with before they are uploaded on-chain.To address this issue,we propose the Multi-dimensional Certificates of Origin(MCO)method to filter out the potentially incredible data-till all the data uploaded to the chain are credible.To achieve this,we devise the Multidimensional Information Cross-Verification(MICV)and Multi-source Data Matching Calculation(MDMC)methods.MICV verifies whether a to-be-uploaded datum is consistent or credible,and MDMC determines which data should be discarded and which data should be kept to retain the most likely credible/untampered ones in the circumstance when data inconsistency appears.Large-scale experiments show that our scheme ensures on the credibility of data and off the chain with an affordable overhead.展开更多
As permissioned blockchain becomes a common foundation of blockchain-based circumstances for current organizations,related stakeholders need a means to assess the trustworthiness of the applications involved within.It...As permissioned blockchain becomes a common foundation of blockchain-based circumstances for current organizations,related stakeholders need a means to assess the trustworthiness of the applications involved within.It is extremely important to consider the potential impact brought by the Blockchain technology in terms of security and privacy.Therefore,this study proposes a rigorous security risk management framework for permissioned blockchain-enabled applications.The framework divides itself into different implementation domains,i.e.,organization security,application security,consensus mechanism security,node management and network security,host security and perimeter security,and simultaneously provides guidelines to control the security risks of permissioned blockchain applications with respect to these security domains.In addition,a case study,including a security testing and risk evaluation on each stack of a specific organization,is demonstrated as an implementation instruction of our proposed risk management framework.According to the best of our knowledge,this study is one of the pioneer researches that provide a means to evaluate the security risks of permissioned blockchain applications from a holistic point of view.If users can trust the applications that adopted this framework,this study can contribute to the adoption of permissioned blockchain-enabled technologies.Furthermore,application providers can use the framework to perform gap analysis on their existing systems and controls and understand the risks of their applications.展开更多
With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges su...With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges such as slow updates,usability issues,and limited installation methods.These challenges hinder the adoption and practicality of these tools.This paper examines smart contract vulnerability detection tools from 2016 to 2023,sourced from the Web of Science(WOS)and Google Scholar.By systematically collecting,screening,and synthesizing relevant research,38 open-source tools that provide installation methods were selected for further investigation.From a developer’s perspective,this paper offers a comprehensive survey of these 38 open-source tools,discussing their operating principles,installation methods,environmental dependencies,update frequencies,and installation challenges.Based on this,we propose an Ethereum smart contract vulnerability detection framework.This framework enables developers to easily utilize various detection tools and accurately analyze contract security issues.To validate the framework’s stability,over 1700 h of testing were conducted.Additionally,a comprehensive performance test was performed on the mainstream detection tools integrated within the framework,assessing their hardware requirements and vulnerability detection coverage.Experimental results indicate that the Slither tool demonstrates satisfactory performance in terms of system resource consumption and vulnerability detection coverage.This study represents the first performance evaluation of testing tools in this domain,providing significant reference value.展开更多
Blockchain is a technology that has desirable features of decentralization,autonomy,integrity,immutability,verification,fault-tolerance,anonymity,auditability,and transparency.In this paper,we first carry out a deeper...Blockchain is a technology that has desirable features of decentralization,autonomy,integrity,immutability,verification,fault-tolerance,anonymity,auditability,and transparency.In this paper,we first carry out a deeper survey about blockchain technology,especially its history,consensus algorithms'quantitative comparisons,details of cryptography in terms of public key cryptography,Zero-Knowledge Proofs,and hash functions used in the blockchain,and the comprehensive list of blockchain applications.Further,the security of blockchain itself is a focus in this paper.In particular,we assess the blockchain security from risk analysis to derive comprehensive blockchain security risk categories,analyze the real attacks and bugs against blockchain,and summarize the recently developed security measures on blockchain.Finally,the challenges and research trends are presented to achieve more scalable and securer blockchain systems for the massive deployments.展开更多
In recent years,with the great success of pre-trained language models,the pre-trained BERT model has been gradually applied to the field of source code understanding.However,the time cost of training a language model ...In recent years,with the great success of pre-trained language models,the pre-trained BERT model has been gradually applied to the field of source code understanding.However,the time cost of training a language model from zero is very high,and how to transfer the pre-trained language model to the field of smart contract vulnerability detection is a hot research direction at present.In this paper,we propose a hybrid model to detect common vulnerabilities in smart contracts based on a lightweight pre-trained languagemodel BERT and connected to a bidirectional gate recurrent unitmodel.The downstream neural network adopts the bidirectional gate recurrent unit neural network model with a hierarchical attention mechanism to mine more semantic features contained in the source code of smart contracts by using their characteristics.Our experiments show that our proposed hybrid neural network model SolBERT-BiGRU-Attention is fitted by a large number of data samples with smart contract vulnerabilities,and it is found that compared with the existing methods,the accuracy of our model can reach 93.85%,and the Micro-F1 Score is 94.02%.展开更多
基金supported by Education and Scientific Research Special Project of Fujian Provincial Department of Finance(Research on the Application of Blockchain Technology in Prison Law Enforcement Management),Fujian Provincial Social Science Foundation Public Security Theory Research Project(FJ2023TWGA004).
文摘In recent years,blockchain technology integration and application has gradually become an important driving force for new technological innovation and industrial transformation.While blockchain technology and applications are developing rapidly,the emerging security risks and obstacles have gradually become prominent.Attackers can still find security issues in blockchain systems and conduct attacks,causing increasing losses from network attacks every year.In response to the current demand for blockchain application security detection and assessment in all industries,and the insufficient coverage of existing detection technologies such as smart contract detectiontechnology,this paper proposes a blockchain core technology security assessment system model,and studies the relevant detection and assessment key technologies and systems.A security assessment scheme based on a smart contract and consensus mechanism detection scheme is designed.And the underlying blockchain architecture supports the traceability of detection results using super blockchains.Finally,the functionality and performance of the system were tested,and the test results show that the model and solutions proposed in this paper have good feasibility.
文摘Blockchain platform swith the unique characteristics of anonymity,decentralization,and transparency of their transactions,which are faced with abnormal activities such as money laundering,phishing scams,and fraudulent behavior,posing a serious threat to account asset security.For these potential security risks,this paper proposes a hybrid neural network detection method(HNND)that learns multiple types of account features and enhances fusion information among them to effectively detect abnormal transaction behaviors in the blockchain.In HNND,the Temporal Transaction Graph Attention Network(T2GAT)is first designed to learn biased aggregation representation of multi-attribute transactions among nodes,which can capture key temporal information from node neighborhood transactions.Then,the Graph Convolutional Network(GCN)is adopted which captures abstract structural features of the transaction network.Further,the Stacked Denoising Autoencode(SDA)is developed to achieve adaptive fusion of thses features from different modules.Moreover,the SDA enhances robustness and generalization ability of node representation,leading to higher binary classification accuracy in detecting abnormal behaviors of blockchain accounts.Evaluations on a real-world abnormal transaction dataset demonstrate great advantages of the proposed HNND method over other compared methods.
基金supported by the Ministry of Education of the Republic of Korea and the National Research Foundation of Korea(NRF-2022S1A5A2A01044485).
文摘In the blockchain world,proof-of-work is the dominant protocol mechanism that determines the consensus of the ledger.The hashrate,a measure of the computational power directed toward securing a blockchain through proof-of-work consensus,is a fundamental measure of preventing various attacks.This study tests the causal relationship between the hashrate and the security outcome of the Bitcoin blockchain.We use vector error correction modeling to analyze the endogenous relationships between the hashrate,Bitcoin price,and transaction fee,revealing the need for an additional variable to achieve our aim.Employing a measure summarizing the growth of demand factors in the Bitcoin ecosystem indicates that hashrate fluctuations significantly influence security level changes.This result underscores the importance of the hashrate in ensuring the security of the Bitcoin blockchain.
基金supported by Department of Information Technology,University of Tabuk,Tabuk,71491,Saudi Arabia.
文摘Adaptive robust secure framework plays a vital role in implementing intelligent automation and decentralized decision making of Industry 5.0.Latency,privacy risks and the complexity of industrial networks have been preventing attempts at traditional cloud-based learning systems.We demonstrate that,to overcome these challenges,for instance,the EdgeGuard-IoT framework,a 6G edge intelligence framework enhancing cybersecurity and operational resilience of the smart grid,is needed on the edge to integrate Secure Federated Learning(SFL)and Adaptive Anomaly Detection(AAD).With ultra-reliable low latency communication(URLLC)of 6G,artificial intelligence-based network orchestration,and massive machine type communication(mMTC),EdgeGuard-IoT brings real-time,distributed intelligence on the edge,and mitigates risks in data transmission and enhances privacy.EdgeGuard-IoT,with a hierarchical federated learning framework,helps edge devices to collaboratively train models without revealing the sensitive grid data,which is crucial in the smart grid where real-time power anomaly detection and the decentralization of the energy management are a big deal.The hybrid AI models driven adaptive anomaly detection mechanism immediately raises the thumb if the grid stability and strength are negatively affected due to cyber threats,faults,and energy distribution,thereby keeping the grid stable with resilience.The proposed framework also adopts various security means within the blockchain and zero-trust authentication techniques to reduce the adversarial attack risks and model poisoning during federated learning.EdgeGuard-IoT shows superior detection accuracy,response time,and scalability performance at a much reduced communication overhead via extensive simulations and deployment in real-world case studies in smart grids.This research pioneers a 6G-driven federated intelligence model designed for secure,self-optimizing,and resilient Industry 5.0 ecosystems,paving the way for next-generation autonomous smart grids and industrial cyber-physical systems.
基金This work was supported by the Scientific and Technological Project of Henan Province(Grant No.202102310340)Foundation of University Young Key Teacher of Henan Province(Grant Nos.2019GGJS040,2020GGJS027)+1 种基金Key Scientific Research Projects of Colleges and Universities in Henan Province(Grant No.21A110005)National Natual Science Foundation of China(61701170).
文摘The emergence of smart contracts has increased the attention of industry and academia to blockchain technology,which is tamper-proofing,decentralized,autonomous,and enables decentralized applications to operate in untrustworthy environments.However,these features of this technology are also easily exploited by unscrupulous individuals,a typical example of which is the Ponzi scheme in Ethereum.The negative effect of unscrupulous individuals writing Ponzi scheme-type smart contracts in Ethereum and then using these contracts to scam large amounts of money has been significant.To solve this problem,we propose a detection model for detecting Ponzi schemes in smart contracts using bytecode.In this model,our innovation is shown in two aspects:We first propose to use two bytes as one characteristic,which can quickly transform the bytecode into a high-dimensional matrix,and this matrix contains all the implied characteristics in the bytecode.Then,We innovatively transformed the Ponzi schemes detection into an anomaly detection problem.Finally,an anomaly detection algorithm is used to identify Ponzi schemes in smart contracts.Experimental results show that the proposed detection model can greatly improve the accuracy of the detection of the Ponzi scheme contracts.Moreover,the F1-score of this model can reach 0.88,which is far better than those of other traditional detection models.
基金This study is supported by Foundation of National Natural Science Foundation of China(Grant Number:62072273,72111530206,61962009,61873117,61832012,61771231,61771289)Natural Science Foundation of Shandong Province(ZR2019MF062)+3 种基金Shandong University Science and Technology Program Project(J18A326)Guangxi Key Laboratory of Cryptography and Information Security(No:GCIS202112)The Major Basic Research Project of Natural Science Foundation of Shandong Province of China(ZR2018ZC0438)Major Scientific and Technological Special Project of Guizhou Province(20183001),Foundation of Guizhou Provincial Key Laboratory of Public Big Data(No.2019BDKFJJ009),Talent project of Guizhou Big Data Academy.Guizhou Provincial Key Laboratory of Public Big Data.([2018]01).
文摘The blockchain provides a reliable and scalable method for enabling source-tracing functionality in large-scale Internet of Things(IoT)systems.Traditional blockchain-based source tracing applications are generally based on the hypothesis that the raw data collected by each IoT node are credible and consistent,which however may not always be the truth.As no mechanism ensures the reliability of the original data collected from the IoT devices,these data may be accidently screwed up or maliciously tampered with before they are uploaded on-chain.To address this issue,we propose the Multi-dimensional Certificates of Origin(MCO)method to filter out the potentially incredible data-till all the data uploaded to the chain are credible.To achieve this,we devise the Multidimensional Information Cross-Verification(MICV)and Multi-source Data Matching Calculation(MDMC)methods.MICV verifies whether a to-be-uploaded datum is consistent or credible,and MDMC determines which data should be discarded and which data should be kept to retain the most likely credible/untampered ones in the circumstance when data inconsistency appears.Large-scale experiments show that our scheme ensures on the credibility of data and off the chain with an affordable overhead.
基金This work was supported by the Ministry of Science and Technology,Taiwan,under grants MOST 110-2218-E-011-007-MBK,MOST 111-2218-E-011-012-MBK,MOST 109-2221-E-011-110-MY2,MOST 109-2221-E-259-011-MY2,MOST 110-2629-E-259-001,MOST 110-2926-I-259-501,and MOST 110-2634-F-A49-004.
文摘As permissioned blockchain becomes a common foundation of blockchain-based circumstances for current organizations,related stakeholders need a means to assess the trustworthiness of the applications involved within.It is extremely important to consider the potential impact brought by the Blockchain technology in terms of security and privacy.Therefore,this study proposes a rigorous security risk management framework for permissioned blockchain-enabled applications.The framework divides itself into different implementation domains,i.e.,organization security,application security,consensus mechanism security,node management and network security,host security and perimeter security,and simultaneously provides guidelines to control the security risks of permissioned blockchain applications with respect to these security domains.In addition,a case study,including a security testing and risk evaluation on each stack of a specific organization,is demonstrated as an implementation instruction of our proposed risk management framework.According to the best of our knowledge,this study is one of the pioneer researches that provide a means to evaluate the security risks of permissioned blockchain applications from a holistic point of view.If users can trust the applications that adopted this framework,this study can contribute to the adoption of permissioned blockchain-enabled technologies.Furthermore,application providers can use the framework to perform gap analysis on their existing systems and controls and understand the risks of their applications.
基金supported by the Major Public Welfare Special Fund of Henan Province(No.201300210200)the Major Science and Technology Research Special Fund of Henan Province(No.221100210400).
文摘With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges such as slow updates,usability issues,and limited installation methods.These challenges hinder the adoption and practicality of these tools.This paper examines smart contract vulnerability detection tools from 2016 to 2023,sourced from the Web of Science(WOS)and Google Scholar.By systematically collecting,screening,and synthesizing relevant research,38 open-source tools that provide installation methods were selected for further investigation.From a developer’s perspective,this paper offers a comprehensive survey of these 38 open-source tools,discussing their operating principles,installation methods,environmental dependencies,update frequencies,and installation challenges.Based on this,we propose an Ethereum smart contract vulnerability detection framework.This framework enables developers to easily utilize various detection tools and accurately analyze contract security issues.To validate the framework’s stability,over 1700 h of testing were conducted.Additionally,a comprehensive performance test was performed on the mainstream detection tools integrated within the framework,assessing their hardware requirements and vulnerability detection coverage.Experimental results indicate that the Slither tool demonstrates satisfactory performance in terms of system resource consumption and vulnerability detection coverage.This study represents the first performance evaluation of testing tools in this domain,providing significant reference value.
文摘Blockchain is a technology that has desirable features of decentralization,autonomy,integrity,immutability,verification,fault-tolerance,anonymity,auditability,and transparency.In this paper,we first carry out a deeper survey about blockchain technology,especially its history,consensus algorithms'quantitative comparisons,details of cryptography in terms of public key cryptography,Zero-Knowledge Proofs,and hash functions used in the blockchain,and the comprehensive list of blockchain applications.Further,the security of blockchain itself is a focus in this paper.In particular,we assess the blockchain security from risk analysis to derive comprehensive blockchain security risk categories,analyze the real attacks and bugs against blockchain,and summarize the recently developed security measures on blockchain.Finally,the challenges and research trends are presented to achieve more scalable and securer blockchain systems for the massive deployments.
基金supported by the National Natural Science Foundation of China(Grant Nos.62272120,62106030,U20B2046,62272119,61972105)the Technology Innovation and Application Development Projects of Chongqing(Grant Nos.cstc2021jscx-gksbX0032,cstc2021jscxgksbX0029).
文摘In recent years,with the great success of pre-trained language models,the pre-trained BERT model has been gradually applied to the field of source code understanding.However,the time cost of training a language model from zero is very high,and how to transfer the pre-trained language model to the field of smart contract vulnerability detection is a hot research direction at present.In this paper,we propose a hybrid model to detect common vulnerabilities in smart contracts based on a lightweight pre-trained languagemodel BERT and connected to a bidirectional gate recurrent unitmodel.The downstream neural network adopts the bidirectional gate recurrent unit neural network model with a hierarchical attention mechanism to mine more semantic features contained in the source code of smart contracts by using their characteristics.Our experiments show that our proposed hybrid neural network model SolBERT-BiGRU-Attention is fitted by a large number of data samples with smart contract vulnerabilities,and it is found that compared with the existing methods,the accuracy of our model can reach 93.85%,and the Micro-F1 Score is 94.02%.
