As blockchain technology rapidly evolves,smart contracts have seen widespread adoption in financial transactions and beyond.However,the growing prevalence of malicious Ponzi scheme contracts presents serious security ...As blockchain technology rapidly evolves,smart contracts have seen widespread adoption in financial transactions and beyond.However,the growing prevalence of malicious Ponzi scheme contracts presents serious security threats to blockchain ecosystems.Although numerous detection techniques have been proposed,existing methods suffer from significant limitations,such as class imbalance and insufficient modeling of transaction-related semantic features.To address these challenges,this paper proposes an oversampling-based detection framework for Ponzi smart contracts.We enhance the Adaptive Synthetic Sampling(ADASYN)algorithm by incorporating sample proximity to decision boundaries and ensuring realistic sample distributions.This enhancement facilitates the generation of high-quality minority class samples and effectively mitigates class imbalance.In addition,we design a Contract Transaction Graph(CTG)construction algorithm to preserve key transactional semantics through feature extraction from contract code.A graph neural network(GNN)is then applied for classification.This study employs a publicly available dataset from the XBlock platform,consisting of 318 verified Ponzi contracts and 6498 benign contracts.Sourced from real Ethereum deployments,the dataset reflects diverse application scenarios and captures the varied characteristics of Ponzi schemes.Experimental results demonstrate that our approach achieves an accuracy of 96%,a recall of 92%,and an F1-score of 94%in detecting Ponzi contracts,outperforming state-of-the-art methods.展开更多
Due to mobile Internet technology's rapid popularization,the Industrial Internet of Things(IIoT)can be seen everywhere in our daily lives.While IIoT brings us much convenience,a series of security and scalability ...Due to mobile Internet technology's rapid popularization,the Industrial Internet of Things(IIoT)can be seen everywhere in our daily lives.While IIoT brings us much convenience,a series of security and scalability issues related to permission operations rise to the surface during device communications.Hence,at present,a reliable and dynamic access control management system for IIoT is in urgent need.Up till now,numerous access control architectures have been proposed for IIoT.However,owing to centralized models and heterogeneous devices,security and scalability requirements still cannot be met.In this paper,we offer a smart contract token-based solution for decentralized access control in IIoT systems.Specifically,there are three smart contracts in our system,including the Token Issue Contract(TIC),User Register Contract(URC),and Manage Contract(MC).These three contracts collaboratively supervise and manage various events in IIoT environments.We also utilize the lightweight and post-quantum encryption algorithm-Nth-degree Truncated Polynomial Ring Units(NTRU)to preserve user privacy during the registration process.Subsequently,to evaluate our proposed architecture's performance,we build a prototype platform that connects to the local blockchain.Finally,experiment results show that our scheme has achieved secure and dynamic access control for the IIoT system compared with related research.展开更多
Smart contracts on the Ethereum blockchain continue to revolutionize decentralized applications (dApps) by allowing for self-executing agreements. However, bad actors have continuously found ways to exploit smart cont...Smart contracts on the Ethereum blockchain continue to revolutionize decentralized applications (dApps) by allowing for self-executing agreements. However, bad actors have continuously found ways to exploit smart contracts for personal financial gain, which undermines the integrity of the Ethereum blockchain. This paper proposes a computer program called SADA (Static and Dynamic Analyzer), a novel approach to smart contract vulnerability detection using multiple Large Language Model (LLM) agents to analyze and flag suspicious Solidity code for Ethereum smart contracts. SADA not only improves upon existing vulnerability detection methods but also paves the way for more secure smart contract development practices in the rapidly evolving blockchain ecosystem.展开更多
Smart contracts are widely used on the blockchain to implement complex transactions,such as decentralized applications on Ethereum.Effective vulnerability detection of large-scale smart contracts is critical,as attack...Smart contracts are widely used on the blockchain to implement complex transactions,such as decentralized applications on Ethereum.Effective vulnerability detection of large-scale smart contracts is critical,as attacks on smart contracts often cause huge economic losses.Since it is difficult to repair and update smart contracts,it is necessary to find the vulnerabilities before they are deployed.However,code analysis,which requires traversal paths,and learning methods,which require many features to be trained,are too time-consuming to detect large-scale on-chain contracts.Learning-based methods will obtain detection models from a feature space compared to code analysis methods such as symbol execution.But the existing features lack the interpretability of the detection results and training model,even worse,the large-scale feature space also affects the efficiency of detection.This paper focuses on improving the detection efficiency by reducing the dimension of the features,combined with expert knowledge.In this paper,a feature extraction model Block-gram is proposed to form low-dimensional knowledge-based features from bytecode.First,the metadata is separated and the runtime code is converted into a sequence of opcodes,which are divided into segments based on some instructions(jumps,etc.).Then,scalable Block-gram features,including 4-dimensional block features and 8-dimensional attribute features,are mined for the learning-based model training.Finally,feature contributions are calculated from SHAP values to measure the relationship between our features and the results of the detection model.In addition,six types of vulnerability labels are made on a dataset containing 33,885 contracts,and these knowledge-based features are evaluated using seven state-of-the-art learning algorithms,which show that the average detection latency speeds up 25×to 650×,compared with the features extracted by N-gram,and also can enhance the interpretability of the detection model.展开更多
The wide application of smart contracts allows industry companies to implement some complex distributed collaborative businesses,which involve the calculation of complex functions,such as matrix operations.However,com...The wide application of smart contracts allows industry companies to implement some complex distributed collaborative businesses,which involve the calculation of complex functions,such as matrix operations.However,complex functions such as matrix operations are difficult to implement on Ethereum Virtual Machine(EVM)-based smart contract platforms due to their distributed security environment limitations.Existing off-chain methods often result in a significant reduction in contract execution efficiency,thus a platform software development kit interface implementation method has become a feasible way to reduce overheads,but this method cannot verify operation correctness and may leak sensitive user data.To solve the above problems,we propose a verifiable EVM-based smart contract cross-language implementation scheme for complex operations,especially matrix operations,which can guarantee operation correctness and user privacy while ensuring computational efficiency.In this scheme,a verifiable interaction process is designed to verify the computation process and results,and a matrix blinding technology is introduced to protect sensitive user data in the calculation process.The security analysis and performance tests show that the proposed scheme can satisfy the correctness and privacy of the cross-language implementation of smart contracts at a small additional efficiency cost.展开更多
With the widespread use of blockchain technology for smart contracts and decentralized applications on the Ethereum platform, the blockchain has become a cornerstone of trust in the modern financial system. However, i...With the widespread use of blockchain technology for smart contracts and decentralized applications on the Ethereum platform, the blockchain has become a cornerstone of trust in the modern financial system. However, its anonymity has provided new ways for Ponzi schemes to commit fraud, posing significant risks to investors. Current research still has some limitations, for example, Ponzi schemes are difficult to detect in the early stages of smart contract deployment, and data imbalance is not considered. In addition, there is room for improving the detection accuracy. To address the above issues, this paper proposes LT-SPSD (LSTM-Transformer smart Ponzi schemes detection), which is a Ponzi scheme detection method that combines Long Short-Term Memory (LSTM) and Transformer considering the time-series transaction information of smart contracts as well as the global information. Based on the verified smart contract addresses, account features, and code features are extracted to construct a feature dataset, and the SMOTE-Tomek algorithm is used to deal with the imbalanced data classification problem. By comparing our method with the other four typical detection methods in the experiment, the LT-SPSD method shows significant performance improvement in precision, recall, and F1-score. The results of the experiment confirm the efficacy of the model, which has some application value in Ethereum Ponzi scheme smart contract detection.展开更多
Smart contracts are self-executing programs on blockchains that manage complex business logic with transparency and integrity.However,their immutability after deployment makes programming errors particularly critical,...Smart contracts are self-executing programs on blockchains that manage complex business logic with transparency and integrity.However,their immutability after deployment makes programming errors particularly critical,as such errors can be exploited to compromise blockchain security.Existing vulnerability detection methods often rely on fixed rules or target specific vulnerabilities,limiting their scalability and adaptability to diverse smart contract scenarios.Furthermore,natural language processing approaches for source code analysis frequently fail to capture program flow,which is essential for identifying structural vulnerabilities.To address these limitations,we propose a novel model that integrates textual and structural information for smart contract vulnerability detection.Our approach employs the CodeBERT NLP model for textual analysis,augmented with structural insights derived from control flow graphs created using the abstract syntax tree and opcode of smart contracts.Each graph node is embedded using Sent2Vec,and centrality analysis is applied to highlight critical paths and nodes within the code.The extracted features are normalized and combined into a prompt for a large language model to detect vulnerabilities effectivel.Experimental results demonstrate the superiority of our model,achieving an accuracy of 86.70%,a recall of 84.87%,a precision of 85.24%,and an F1-score of 84.46%.These outcomes surpass existing methods,including CodeBERT alone(accuracy:81.26%,F1-score:79.84%)and CodeBERT combined with abstract syntax tree analysis(accuracy:83.48%,F1-score:79.65%).The findings underscore the effectiveness of incorporating graph structural information alongside text-based analysis,offering improved scalability and performance in detecting diverse vulnerabilities.展开更多
With the rapid proliferation of Internet ofThings(IoT)devices,ensuring their communication security has become increasingly important.Blockchain and smart contract technologies,with their decentralized nature,provide ...With the rapid proliferation of Internet ofThings(IoT)devices,ensuring their communication security has become increasingly important.Blockchain and smart contract technologies,with their decentralized nature,provide strong security guarantees for IoT.However,at the same time,smart contracts themselves face numerous security challenges,among which reentrancy vulnerabilities are particularly prominent.Existing detection tools for reentrancy vulnerabilities often suffer from high false positive and false negative rates due to their reliance on identifying patterns related to specific transfer functions.To address these limitations,this paper proposes a novel detection method that combines pattern matching with deep learning.Specifically,we carefully identify and define three common patterns of reentrancy vulnerabilities in smart contracts.Then,we extract key vulnerability features based on these patterns.Furthermore,we employ a Graph Attention Neural Network to extract graph embedding features from the contract graph,capturing the complex relationships between different components of the contract.Finally,we use an attention mechanism to fuse these two sets of feature information,enhancing the weights of effective information and suppressing irrelevant information,thereby significantly improving the accuracy and robustness of vulnerability detection.Experimental results demonstrate that our proposed method outperforms existing state-ofthe-art techniques,achieving a 3.88%improvement in accuracy compared to the latest vulnerability detection model AME(Attentive Multi-Encoder Network).This indicates that our method effectively reduces false positives and false negatives,significantly enhancing the security and reliability of smart contracts in the evolving IoT ecosystem.展开更多
Attribute-Based Signature(ABS)is a powerful cryptographic primitive that enables fine-grained access control in distributed systems.However,its high computational cost makes it unsuitable for resource-constrained envi...Attribute-Based Signature(ABS)is a powerful cryptographic primitive that enables fine-grained access control in distributed systems.However,its high computational cost makes it unsuitable for resource-constrained environments,and traditional monotonic access structures are inadequate for handling increasingly complex access policies.In this paper,we propose a novel smart contract-assisted ABS(SC-ABS)algorithm that supports nonmonotonic access structures,aiming to reduce client computing overhead while providingmore expressive and flexible access control.The SC-ABS scheme extends the monotonic access structure by introducing the concept of negative attributes,allowing for more complex and dynamic access policies.By utilizing smart contracts,the algorithmsupports distributed trusted assisted computation,and the computation code is transparent and auditable.Importantly,this design allows information about user attributes to be deployed on smart contracts for computation,both reducing the risk of privacy abuse by semi-honest servers and preventing malicious users from attribute concealment to forge signatures.We prove that SC-ABS satisfies unforgeability and anonymity under a random oracle model,and test the scheme’s cost.Comparedwith existing schemes,this scheme has higher efficiency in client signature and authentication.This scheme reduces the computing burden of users,and the design of smart contracts improves the security of aided computing further,solves the problem of attribute concealment,and expresses a more flexible access structure.The solution enables permission control applications in resource-constrained distributed scenarios,such as the Internet of Things(IoT)and distributed version control systems,where data security and flexible access control are critical.展开更多
This article explores the characteristics of data resources from the perspective of production factors,analyzes the demand for trustworthy circulation technology,designs a fusion architecture and related solutions,inc...This article explores the characteristics of data resources from the perspective of production factors,analyzes the demand for trustworthy circulation technology,designs a fusion architecture and related solutions,including multi-party data intersection calculation,distributed machine learning,etc.It also compares performance differences,conducts formal verification,points out the value and limitations of architecture innovation,and looks forward to future opportunities.展开更多
With the development of intelligent bionic robots and the improvement of military application,a single robot cannot meet the requirements of the tasks of the current era.The more complex tasks require not only that th...With the development of intelligent bionic robots and the improvement of military application,a single robot cannot meet the requirements of the tasks of the current era.The more complex tasks require not only that the robot be able to pass through the field barriers and the amphibious environment,but also that the robot be able to collaborate in a multi-robot system.Consequently,research on the multi-robot control system of spherical amphibious robots is very important.Presently,the main research on amphibious robots is to improve the functions of a single robot,in the absence of the study of the multi-robot control system.Existing systems primarily use a centralized control methodology.Although the transfer of central node can be achieved,there is still a problem of Byzantine fault tolerance in military applications,that is,when the amphibious multi-robot system is invaded by the enemy.The central node may not only fail to accomplish the task,but also lose control of other robots,with severe consequences.To solve the above problems,this paper proposed a decentralized method of spherical amphibious multi-robot control system based on blockchain technology.First,the point-to-point information network based on long range radio technology of low power wide area network was set up,we designed the blockchain system for embedded application environment and the decentralized hardware and software architecture of multi-robot control system.On this basis,the consensus plugin,smart contract and decentralized multi-robot control algorithm were designed to achieve decentralization.The experimental results of consensus of spherical amphibious multi-robot showed the effectiveness of the decentralization.展开更多
With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges su...With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges such as slow updates,usability issues,and limited installation methods.These challenges hinder the adoption and practicality of these tools.This paper examines smart contract vulnerability detection tools from 2016 to 2023,sourced from the Web of Science(WOS)and Google Scholar.By systematically collecting,screening,and synthesizing relevant research,38 open-source tools that provide installation methods were selected for further investigation.From a developer’s perspective,this paper offers a comprehensive survey of these 38 open-source tools,discussing their operating principles,installation methods,environmental dependencies,update frequencies,and installation challenges.Based on this,we propose an Ethereum smart contract vulnerability detection framework.This framework enables developers to easily utilize various detection tools and accurately analyze contract security issues.To validate the framework’s stability,over 1700 h of testing were conducted.Additionally,a comprehensive performance test was performed on the mainstream detection tools integrated within the framework,assessing their hardware requirements and vulnerability detection coverage.Experimental results indicate that the Slither tool demonstrates satisfactory performance in terms of system resource consumption and vulnerability detection coverage.This study represents the first performance evaluation of testing tools in this domain,providing significant reference value.展开更多
In this paper,we deal with questions related to blockchains in complex Internet of Things(IoT)-based ecosystems.Such ecosystems are typically composed of IoT devices,edge devices,cloud computing software services,as w...In this paper,we deal with questions related to blockchains in complex Internet of Things(IoT)-based ecosystems.Such ecosystems are typically composed of IoT devices,edge devices,cloud computing software services,as well as people,who are decision makers in scenarios such as smart cities.Many decisions related to analytics can be based on data coming from IoT sensors,software services,and people.However,they are typically based on different levels of abstraction and granularity.This poses a number of challenges when multiple blockchains are used together with smart contracts.This work proposes to apply our concept of elasticity to smart contracts and thereby enabling analytics in and between multiple blockchains in the context of IoT.We propose a reference architecture for Elastic Smart Contracts and evaluate the approach in a smart city scenario,discussing the benefits in terms of performance and self-adaptability of our solution.展开更多
Smart contract has been the core of blockchain systems and other blockchain-based systems since Blockchain 2.0.Various operations on blockchain are performed through the invocation and execution of smart contracts.Thi...Smart contract has been the core of blockchain systems and other blockchain-based systems since Blockchain 2.0.Various operations on blockchain are performed through the invocation and execution of smart contracts.This leads to extensive combinations between blockchain,smart contract,Internet of Things(IoT)and Cyber-Physical System(CPS)applications,and then many blockchain-based IoT or CPS applications emerge to provide multiple benefits to the economy and society.In this case,obtaining a better understanding of smart contracts will contribute to the easier operation,higher efficiency and stronger security of those blockchain-based systems and applications.Many existing studies on smart contract analysis are based on similarity calculation and smart contract classification.However,smart contract is a piece of code with special characteristics and most of smart contracts are stored without any category labels,which leads to difficulties of smart contract classification.As the back end of a blockchain-based Decentralized Application(DApp)is one or several smart contracts,DApps with labeled categories and open source codes are applied to achieve a supervised smart contract classification.A three-phase approach is proposed to categorize DApps based on various data features.In this approach,5,659 DApps with smart contract source codes and pre-tagged categories are first obtained based on massive collected DApps and smart contracts from Ethereum,State of the DApps and DappRadar.Then feature extraction and construction methods are designed to form multi-feature vectors that could present the major characteristics of DApps.Finally,a fused classification model consisting of KNN,XGBoost and random forests is applied to the multi-feature vectors of all DApps for performing DApp classification.The experimental results show that the method is effective.In addition,some positive correlations between feature variables and categories,as well as several user behavior patterns of DApp calls,are found in this paper.展开更多
Vehicular fog computing(VFC)has been envisioned as an important application of fog computing in vehicular networks.Parked vehicles with embedded computation resources could be exploited as a supplement for VFC.They co...Vehicular fog computing(VFC)has been envisioned as an important application of fog computing in vehicular networks.Parked vehicles with embedded computation resources could be exploited as a supplement for VFC.They cooperate with fog servers to process offloading requests at the vehicular network edge,leading to a new paradigm called parked vehicle assisted fog computing(PVFC).However,each coin has two sides.There is a follow-up challenging issue in the distributed and trustless computing environment.The centralized computation offloading without tamper-proof audit causes security threats.It could not guard against false-reporting,free-riding behaviors,spoofing attacks and repudiation attacks.Thus,we leverage the blockchain technology to achieve decentralized PVFC.Request posting,workload undertaking,task evaluation and reward assignment are organized and validated automatically through smart contract executions.Network activities in computation offloading become transparent,verifiable and traceable to eliminate security risks.To this end,we introduce network entities and design interactive smart contract operations across them.The optimal smart contract design problem is formulated and solved within the Stackelberg game framework to minimize the total payments for users.Security analysis and extensive numerical results are provided to demonstrate that our scheme has high security and efficiency guarantee.展开更多
The huge increase in the communication network rate has made the application fields and scenarios for vehicular ad hoc networks more abundant and diversified and proposed more requirements for the efficiency and quali...The huge increase in the communication network rate has made the application fields and scenarios for vehicular ad hoc networks more abundant and diversified and proposed more requirements for the efficiency and quality of data transmission.To improve the limited communication distance and poor communication quality of the Internet of Vehicles(IoV),an optimal intelligent routing algorithm is proposed in this paper.Combined multiweight decision algorithm with the greedy perimeter stateless routing protocol,designed and evaluated standardized function for link stability.Linear additive weighting is used to optimize link stability and distance to improve the packet delivery rate of the IoV.The blockchain system is used as the storage structure for relay data,and the smart contract incentive algorithm based on machine learning is used to encourage relay vehicles to provide more communication bandwidth for data packet transmission.The proposed scheme is simulated and analyzed under different scenarios and different parameters.The experimental results demonstrate that the proposed scheme can effectively reduce the packet loss rate and improve system performance.展开更多
Security and privacy issues have become a rapidly growing problem with the fast development of big data in public health.However,big data faces many ongoing serious challenges in the process of collection,storage,and ...Security and privacy issues have become a rapidly growing problem with the fast development of big data in public health.However,big data faces many ongoing serious challenges in the process of collection,storage,and use.Among them,data security and privacy problems have attracted extensive interest.In an effort to overcome this challenge,this article aims to present a distributed privacy preservation approach based on smart contracts and Intel Software Guard Extensions(SGX).First of all,we define SGX as a trusted edge computing node,design data access module,data protection module,and data integrity check module,to achieve hardware-enhanced data privacy protection.Then,we design a smart contract framework to realize distributed data access control management in a big data environment.The crucial role of the smart contract was revealed by designing multiple access control contracts,register contracts,and history contracts.Access control contracts provide access control methods for different users and enable static access verification and dynamic access verification by checking the user’s properties and history behavior.Register contract contains user property information,edge computing node information,the access control and history smart contract information,and provides functions such as registration,update,and deletion.History contract records the historical behavior information of malicious users,receives the report information of malicious requestors from the access control contract,implements a misbehavior check method to determines whether the requestor has misbehavior,and returns the corresponding result.Finally,we design decentralized system architecture,prove the security properties,and analysis to verify the feasibility of the system.Results demonstrate that our method can effectively improve the timeliness of data,reduce network latency,and ensure the security,reliability,and traceability of data.展开更多
A smart contract honeypot is a special type of smart contract.This type of contract seems to have obvious vulnerabilities in contract design.If a user transfers a certain amount of funds to the contract,then the user ...A smart contract honeypot is a special type of smart contract.This type of contract seems to have obvious vulnerabilities in contract design.If a user transfers a certain amount of funds to the contract,then the user can withdraw the funds in the contract.However,once users try to take advantage of this seemingly obvious vulnerability,they will fall into a real trap.Consequently,the user’s investment in the contract cannot be retrieved.The honeypot induces other accounts to launch funds,which seriously threatens the security of property on the blockchain.Detection methods for honeypots are available.However,studying the manner by which to defend existing honeypots is insufficient to fight against honeypots.The new honeypots that may appear in the future from the perspective of an attacker must also be predicted.Therefore,we propose a type of adversarial honeypot.The code and behavioral features of honeypots are obtained through a comparative analysis of the 158,568 nonhoneypots and 352 honeypots.To build an adversarial honeypot,we try to separately hide these features and make the honeypot bypass the existing detection technology.We construct 18 instances on the basis of the proposed adversarial honeypot and use an open-source honeypot detection tool to detect these instances.The experimental result shows that the proposed honeypot can bypass the detection tool with a 100%ratio.Therefore,this type of honeypot should be given attention,and defensive measures should be proposed as soon as possible.展开更多
The emergence of smart contracts has increased the attention of industry and academia to blockchain technology,which is tamper-proofing,decentralized,autonomous,and enables decentralized applications to operate in unt...The emergence of smart contracts has increased the attention of industry and academia to blockchain technology,which is tamper-proofing,decentralized,autonomous,and enables decentralized applications to operate in untrustworthy environments.However,these features of this technology are also easily exploited by unscrupulous individuals,a typical example of which is the Ponzi scheme in Ethereum.The negative effect of unscrupulous individuals writing Ponzi scheme-type smart contracts in Ethereum and then using these contracts to scam large amounts of money has been significant.To solve this problem,we propose a detection model for detecting Ponzi schemes in smart contracts using bytecode.In this model,our innovation is shown in two aspects:We first propose to use two bytes as one characteristic,which can quickly transform the bytecode into a high-dimensional matrix,and this matrix contains all the implied characteristics in the bytecode.Then,We innovatively transformed the Ponzi schemes detection into an anomaly detection problem.Finally,an anomaly detection algorithm is used to identify Ponzi schemes in smart contracts.Experimental results show that the proposed detection model can greatly improve the accuracy of the detection of the Ponzi scheme contracts.Moreover,the F1-score of this model can reach 0.88,which is far better than those of other traditional detection models.展开更多
With the development of communication 5G networks and technologies,spectrum resources are increasingly scarce.The scarcity of the spectrum resource makes market-driven spectrum auction become an important means of spe...With the development of communication 5G networks and technologies,spectrum resources are increasingly scarce.The scarcity of the spectrum resource makes market-driven spectrum auction become an important means of spectrum allocation,and due to the complexity of the network environment,the security of spectrum auctions can not be ignored.Most existing secure spectrum auction schemes introduce a semi-honest agent to complete spectrum auction.However,the hypothetical semi-honest model does not guarantee the security of spectnim auction in the actual application scenario,which may lead to potential security threats:the agent may reveal the privacy of bidders,agent or auctioneer may collude with the bidder to manipulate the spectrum auction,and so on.In this paper,a secure spectrum auction scheme without a trusted party is proposed based on the smart contract technology,and the smart contract written into the blockchain replaces the traditional semi-honest agent to cooperate with the auctioneer server to complete the auction.In order to ensure the security of our scheme,a secure spectrum auction protocol is designed,in which the Software Guard Extensions(SGX)technology and Paillier cryptosystem are used to protect the privacy of bidders.Public verification is provided in our protocol by using extensive Pedersen commitment,which prevents the auctioneer server and the bidder from colluding with each other and verifies group bid sum values.Finally,the security analysis is given to propose several types of attacks that can be defended.Besides,theoretical analysis and simulation experiments of our protocol are also provided.展开更多
基金supported by the Key Project of Joint Fund of the National Natural Science Foundation of China“Research on Key Technologies and Demonstration Applications for Trusted and Secure Data Circulation and Trading”(U24A20241)the National Natural Science Foundation of China“Research on Trusted Theories and Key Technologies of Data Security Trading Based on Blockchain”(62202118)+4 种基金the Major Scientific and Technological Special Project of Guizhou Province([2024]014)Scientific and Technological Research Projects from the Guizhou Education Department(Qian jiao ji[2023]003)the Hundred-Level Innovative Talent Project of the Guizhou Provincial Science and Technology Department(Qiankehe Platform Talent-GCC[2023]018)the Major Project of Guizhou Province“Research and Application of Key Technologies for Trusted Large Models Oriented to Public Big Data”(Qiankehe Major Project[2024]003)the Guizhou Province Computational Power Network Security Protection Science and Technology Innovation Talent Team(Qiankehe Talent CXTD[2025]029).
文摘As blockchain technology rapidly evolves,smart contracts have seen widespread adoption in financial transactions and beyond.However,the growing prevalence of malicious Ponzi scheme contracts presents serious security threats to blockchain ecosystems.Although numerous detection techniques have been proposed,existing methods suffer from significant limitations,such as class imbalance and insufficient modeling of transaction-related semantic features.To address these challenges,this paper proposes an oversampling-based detection framework for Ponzi smart contracts.We enhance the Adaptive Synthetic Sampling(ADASYN)algorithm by incorporating sample proximity to decision boundaries and ensuring realistic sample distributions.This enhancement facilitates the generation of high-quality minority class samples and effectively mitigates class imbalance.In addition,we design a Contract Transaction Graph(CTG)construction algorithm to preserve key transactional semantics through feature extraction from contract code.A graph neural network(GNN)is then applied for classification.This study employs a publicly available dataset from the XBlock platform,consisting of 318 verified Ponzi contracts and 6498 benign contracts.Sourced from real Ethereum deployments,the dataset reflects diverse application scenarios and captures the varied characteristics of Ponzi schemes.Experimental results demonstrate that our approach achieves an accuracy of 96%,a recall of 92%,and an F1-score of 94%in detecting Ponzi contracts,outperforming state-of-the-art methods.
文摘Due to mobile Internet technology's rapid popularization,the Industrial Internet of Things(IIoT)can be seen everywhere in our daily lives.While IIoT brings us much convenience,a series of security and scalability issues related to permission operations rise to the surface during device communications.Hence,at present,a reliable and dynamic access control management system for IIoT is in urgent need.Up till now,numerous access control architectures have been proposed for IIoT.However,owing to centralized models and heterogeneous devices,security and scalability requirements still cannot be met.In this paper,we offer a smart contract token-based solution for decentralized access control in IIoT systems.Specifically,there are three smart contracts in our system,including the Token Issue Contract(TIC),User Register Contract(URC),and Manage Contract(MC).These three contracts collaboratively supervise and manage various events in IIoT environments.We also utilize the lightweight and post-quantum encryption algorithm-Nth-degree Truncated Polynomial Ring Units(NTRU)to preserve user privacy during the registration process.Subsequently,to evaluate our proposed architecture's performance,we build a prototype platform that connects to the local blockchain.Finally,experiment results show that our scheme has achieved secure and dynamic access control for the IIoT system compared with related research.
文摘Smart contracts on the Ethereum blockchain continue to revolutionize decentralized applications (dApps) by allowing for self-executing agreements. However, bad actors have continuously found ways to exploit smart contracts for personal financial gain, which undermines the integrity of the Ethereum blockchain. This paper proposes a computer program called SADA (Static and Dynamic Analyzer), a novel approach to smart contract vulnerability detection using multiple Large Language Model (LLM) agents to analyze and flag suspicious Solidity code for Ethereum smart contracts. SADA not only improves upon existing vulnerability detection methods but also paves the way for more secure smart contract development practices in the rapidly evolving blockchain ecosystem.
基金partially supported by the National Natural Science Foundation (62272248)the Open Project Fund of State Key Laboratory of Computer Architecture,Institute of Computing Technology,Chinese Academy of Sciences (CARCHA202108,CARCH201905)+1 种基金the Natural Science Foundation of Tianjin (20JCZDJC00610)Sponsored by Zhejiang Lab (2021KF0AB04)。
文摘Smart contracts are widely used on the blockchain to implement complex transactions,such as decentralized applications on Ethereum.Effective vulnerability detection of large-scale smart contracts is critical,as attacks on smart contracts often cause huge economic losses.Since it is difficult to repair and update smart contracts,it is necessary to find the vulnerabilities before they are deployed.However,code analysis,which requires traversal paths,and learning methods,which require many features to be trained,are too time-consuming to detect large-scale on-chain contracts.Learning-based methods will obtain detection models from a feature space compared to code analysis methods such as symbol execution.But the existing features lack the interpretability of the detection results and training model,even worse,the large-scale feature space also affects the efficiency of detection.This paper focuses on improving the detection efficiency by reducing the dimension of the features,combined with expert knowledge.In this paper,a feature extraction model Block-gram is proposed to form low-dimensional knowledge-based features from bytecode.First,the metadata is separated and the runtime code is converted into a sequence of opcodes,which are divided into segments based on some instructions(jumps,etc.).Then,scalable Block-gram features,including 4-dimensional block features and 8-dimensional attribute features,are mined for the learning-based model training.Finally,feature contributions are calculated from SHAP values to measure the relationship between our features and the results of the detection model.In addition,six types of vulnerability labels are made on a dataset containing 33,885 contracts,and these knowledge-based features are evaluated using seven state-of-the-art learning algorithms,which show that the average detection latency speeds up 25×to 650×,compared with the features extracted by N-gram,and also can enhance the interpretability of the detection model.
基金supported in part by the National Natural Science Foundation of China under Grant 62272007,U23B2002in part by the Excellent Young Talents Project of the Beijing Municipal University Teacher Team Construction Support Plan under Grant BPHR202203031+1 种基金in part by the Yunnan Key Laboratory of Blockchain Application Technology under Grant 2021105AG070005(YNB202102)in part by the Open Topics of Key Laboratory of Blockchain Technology and Data Security,The Ministry of Industry and Information Technology of the People’s Republic of China under Grant 20243222。
文摘The wide application of smart contracts allows industry companies to implement some complex distributed collaborative businesses,which involve the calculation of complex functions,such as matrix operations.However,complex functions such as matrix operations are difficult to implement on Ethereum Virtual Machine(EVM)-based smart contract platforms due to their distributed security environment limitations.Existing off-chain methods often result in a significant reduction in contract execution efficiency,thus a platform software development kit interface implementation method has become a feasible way to reduce overheads,but this method cannot verify operation correctness and may leak sensitive user data.To solve the above problems,we propose a verifiable EVM-based smart contract cross-language implementation scheme for complex operations,especially matrix operations,which can guarantee operation correctness and user privacy while ensuring computational efficiency.In this scheme,a verifiable interaction process is designed to verify the computation process and results,and a matrix blinding technology is introduced to protect sensitive user data in the calculation process.The security analysis and performance tests show that the proposed scheme can satisfy the correctness and privacy of the cross-language implementation of smart contracts at a small additional efficiency cost.
基金This work was granted by Qin Xin Talents Cultivation Program(No.QXTCP C202115)Beijing Information Science and Technology University+1 种基金the Beijing Advanced Innovation Center for Future Blockchain and Privacy Computing Fund(No.GJJ-23)National Social Science Foundation,China(No.21BTQ079).
文摘With the widespread use of blockchain technology for smart contracts and decentralized applications on the Ethereum platform, the blockchain has become a cornerstone of trust in the modern financial system. However, its anonymity has provided new ways for Ponzi schemes to commit fraud, posing significant risks to investors. Current research still has some limitations, for example, Ponzi schemes are difficult to detect in the early stages of smart contract deployment, and data imbalance is not considered. In addition, there is room for improving the detection accuracy. To address the above issues, this paper proposes LT-SPSD (LSTM-Transformer smart Ponzi schemes detection), which is a Ponzi scheme detection method that combines Long Short-Term Memory (LSTM) and Transformer considering the time-series transaction information of smart contracts as well as the global information. Based on the verified smart contract addresses, account features, and code features are extracted to construct a feature dataset, and the SMOTE-Tomek algorithm is used to deal with the imbalanced data classification problem. By comparing our method with the other four typical detection methods in the experiment, the LT-SPSD method shows significant performance improvement in precision, recall, and F1-score. The results of the experiment confirm the efficacy of the model, which has some application value in Ethereum Ponzi scheme smart contract detection.
基金supported by the Seoul Business Agency(SBA),funded by the Seoul Metropolitan Government,through the Seoul R&BD Program(FB240022)by the Korea Institute for Advancement of Technology(KIAT),funded by the Korea Government(MOTIE)(RS-2024-00406796)+1 种基金through the HRD Program for Industrial Innovationby the Excellent Researcher Support Project of Kwangwoon University in 2024.
文摘Smart contracts are self-executing programs on blockchains that manage complex business logic with transparency and integrity.However,their immutability after deployment makes programming errors particularly critical,as such errors can be exploited to compromise blockchain security.Existing vulnerability detection methods often rely on fixed rules or target specific vulnerabilities,limiting their scalability and adaptability to diverse smart contract scenarios.Furthermore,natural language processing approaches for source code analysis frequently fail to capture program flow,which is essential for identifying structural vulnerabilities.To address these limitations,we propose a novel model that integrates textual and structural information for smart contract vulnerability detection.Our approach employs the CodeBERT NLP model for textual analysis,augmented with structural insights derived from control flow graphs created using the abstract syntax tree and opcode of smart contracts.Each graph node is embedded using Sent2Vec,and centrality analysis is applied to highlight critical paths and nodes within the code.The extracted features are normalized and combined into a prompt for a large language model to detect vulnerabilities effectivel.Experimental results demonstrate the superiority of our model,achieving an accuracy of 86.70%,a recall of 84.87%,a precision of 85.24%,and an F1-score of 84.46%.These outcomes surpass existing methods,including CodeBERT alone(accuracy:81.26%,F1-score:79.84%)and CodeBERT combined with abstract syntax tree analysis(accuracy:83.48%,F1-score:79.65%).The findings underscore the effectiveness of incorporating graph structural information alongside text-based analysis,offering improved scalability and performance in detecting diverse vulnerabilities.
基金supported by theHigher Education Research Project of Jilin Province:JGJX24C118the National Defense Basic Scientific Research Program of China(No.JCKY2023602C026).
文摘With the rapid proliferation of Internet ofThings(IoT)devices,ensuring their communication security has become increasingly important.Blockchain and smart contract technologies,with their decentralized nature,provide strong security guarantees for IoT.However,at the same time,smart contracts themselves face numerous security challenges,among which reentrancy vulnerabilities are particularly prominent.Existing detection tools for reentrancy vulnerabilities often suffer from high false positive and false negative rates due to their reliance on identifying patterns related to specific transfer functions.To address these limitations,this paper proposes a novel detection method that combines pattern matching with deep learning.Specifically,we carefully identify and define three common patterns of reentrancy vulnerabilities in smart contracts.Then,we extract key vulnerability features based on these patterns.Furthermore,we employ a Graph Attention Neural Network to extract graph embedding features from the contract graph,capturing the complex relationships between different components of the contract.Finally,we use an attention mechanism to fuse these two sets of feature information,enhancing the weights of effective information and suppressing irrelevant information,thereby significantly improving the accuracy and robustness of vulnerability detection.Experimental results demonstrate that our proposed method outperforms existing state-ofthe-art techniques,achieving a 3.88%improvement in accuracy compared to the latest vulnerability detection model AME(Attentive Multi-Encoder Network).This indicates that our method effectively reduces false positives and false negatives,significantly enhancing the security and reliability of smart contracts in the evolving IoT ecosystem.
基金supported by National Natural Science Foundation of China.
文摘Attribute-Based Signature(ABS)is a powerful cryptographic primitive that enables fine-grained access control in distributed systems.However,its high computational cost makes it unsuitable for resource-constrained environments,and traditional monotonic access structures are inadequate for handling increasingly complex access policies.In this paper,we propose a novel smart contract-assisted ABS(SC-ABS)algorithm that supports nonmonotonic access structures,aiming to reduce client computing overhead while providingmore expressive and flexible access control.The SC-ABS scheme extends the monotonic access structure by introducing the concept of negative attributes,allowing for more complex and dynamic access policies.By utilizing smart contracts,the algorithmsupports distributed trusted assisted computation,and the computation code is transparent and auditable.Importantly,this design allows information about user attributes to be deployed on smart contracts for computation,both reducing the risk of privacy abuse by semi-honest servers and preventing malicious users from attribute concealment to forge signatures.We prove that SC-ABS satisfies unforgeability and anonymity under a random oracle model,and test the scheme’s cost.Comparedwith existing schemes,this scheme has higher efficiency in client signature and authentication.This scheme reduces the computing burden of users,and the design of smart contracts improves the security of aided computing further,solves the problem of attribute concealment,and expresses a more flexible access structure.The solution enables permission control applications in resource-constrained distributed scenarios,such as the Internet of Things(IoT)and distributed version control systems,where data security and flexible access control are critical.
文摘This article explores the characteristics of data resources from the perspective of production factors,analyzes the demand for trustworthy circulation technology,designs a fusion architecture and related solutions,including multi-party data intersection calculation,distributed machine learning,etc.It also compares performance differences,conducts formal verification,points out the value and limitations of architecture innovation,and looks forward to future opportunities.
基金supported in part by the National Natural Science Foundation of China under Grant 61703305in part by the Key Research Program of the Natural Science Foundation of Tianjin under Grant 18JCZDJC38500in part by the Innovative Cooperation Project of Tianjin Scientific and Technological under Grant 18PTZWHZ00090.
文摘With the development of intelligent bionic robots and the improvement of military application,a single robot cannot meet the requirements of the tasks of the current era.The more complex tasks require not only that the robot be able to pass through the field barriers and the amphibious environment,but also that the robot be able to collaborate in a multi-robot system.Consequently,research on the multi-robot control system of spherical amphibious robots is very important.Presently,the main research on amphibious robots is to improve the functions of a single robot,in the absence of the study of the multi-robot control system.Existing systems primarily use a centralized control methodology.Although the transfer of central node can be achieved,there is still a problem of Byzantine fault tolerance in military applications,that is,when the amphibious multi-robot system is invaded by the enemy.The central node may not only fail to accomplish the task,but also lose control of other robots,with severe consequences.To solve the above problems,this paper proposed a decentralized method of spherical amphibious multi-robot control system based on blockchain technology.First,the point-to-point information network based on long range radio technology of low power wide area network was set up,we designed the blockchain system for embedded application environment and the decentralized hardware and software architecture of multi-robot control system.On this basis,the consensus plugin,smart contract and decentralized multi-robot control algorithm were designed to achieve decentralization.The experimental results of consensus of spherical amphibious multi-robot showed the effectiveness of the decentralization.
基金supported by the Major Public Welfare Special Fund of Henan Province(No.201300210200)the Major Science and Technology Research Special Fund of Henan Province(No.221100210400).
文摘With the rise of blockchain technology,the security issues of smart contracts have become increasingly critical.Despite the availability of numerous smart contract vulnerability detection tools,many face challenges such as slow updates,usability issues,and limited installation methods.These challenges hinder the adoption and practicality of these tools.This paper examines smart contract vulnerability detection tools from 2016 to 2023,sourced from the Web of Science(WOS)and Google Scholar.By systematically collecting,screening,and synthesizing relevant research,38 open-source tools that provide installation methods were selected for further investigation.From a developer’s perspective,this paper offers a comprehensive survey of these 38 open-source tools,discussing their operating principles,installation methods,environmental dependencies,update frequencies,and installation challenges.Based on this,we propose an Ethereum smart contract vulnerability detection framework.This framework enables developers to easily utilize various detection tools and accurately analyze contract security issues.To validate the framework’s stability,over 1700 h of testing were conducted.Additionally,a comprehensive performance test was performed on the mainstream detection tools integrated within the framework,assessing their hardware requirements and vulnerability detection coverage.Experimental results indicate that the Slither tool demonstrates satisfactory performance in terms of system resource consumption and vulnerability detection coverage.This study represents the first performance evaluation of testing tools in this domain,providing significant reference value.
基金This work was partially supported by FEDER/Ministerio de Ciencia e Innovación-Agencia Estatal de Investigación under project HORATIO(RTI2018-101204-B-C21)by Junta de Andalucía under projects APOLO(US-1264651)and EKIPMENT-PLUS(P18-FR-2895)by the TU Wien Research Cluster Smart CT.
文摘In this paper,we deal with questions related to blockchains in complex Internet of Things(IoT)-based ecosystems.Such ecosystems are typically composed of IoT devices,edge devices,cloud computing software services,as well as people,who are decision makers in scenarios such as smart cities.Many decisions related to analytics can be based on data coming from IoT sensors,software services,and people.However,they are typically based on different levels of abstraction and granularity.This poses a number of challenges when multiple blockchains are used together with smart contracts.This work proposes to apply our concept of elasticity to smart contracts and thereby enabling analytics in and between multiple blockchains in the context of IoT.We propose a reference architecture for Elastic Smart Contracts and evaluate the approach in a smart city scenario,discussing the benefits in terms of performance and self-adaptability of our solution.
基金supported by the National Natural Science Foundation of China(62032025,62002393)the Technology Program of Guangzhou,China(202103050004).
文摘Smart contract has been the core of blockchain systems and other blockchain-based systems since Blockchain 2.0.Various operations on blockchain are performed through the invocation and execution of smart contracts.This leads to extensive combinations between blockchain,smart contract,Internet of Things(IoT)and Cyber-Physical System(CPS)applications,and then many blockchain-based IoT or CPS applications emerge to provide multiple benefits to the economy and society.In this case,obtaining a better understanding of smart contracts will contribute to the easier operation,higher efficiency and stronger security of those blockchain-based systems and applications.Many existing studies on smart contract analysis are based on similarity calculation and smart contract classification.However,smart contract is a piece of code with special characteristics and most of smart contracts are stored without any category labels,which leads to difficulties of smart contract classification.As the back end of a blockchain-based Decentralized Application(DApp)is one or several smart contracts,DApps with labeled categories and open source codes are applied to achieve a supervised smart contract classification.A three-phase approach is proposed to categorize DApps based on various data features.In this approach,5,659 DApps with smart contract source codes and pre-tagged categories are first obtained based on massive collected DApps and smart contracts from Ethereum,State of the DApps and DappRadar.Then feature extraction and construction methods are designed to form multi-feature vectors that could present the major characteristics of DApps.Finally,a fused classification model consisting of KNN,XGBoost and random forests is applied to the multi-feature vectors of all DApps for performing DApp classification.The experimental results show that the method is effective.In addition,some positive correlations between feature variables and categories,as well as several user behavior patterns of DApp calls,are found in this paper.
基金supported in part by the National Natural Science Foundation of China(61971148)the Science and Technology Program of Guangdong Province(2015B010129001)+2 种基金the Natural Science Foundation of Guangxi Province(2018GXNSFDA281013)the Foundation for Science and Technology Project of Guilin City(20190214-3)the Key Science and Technology Project of Guangxi(AA18242021)
文摘Vehicular fog computing(VFC)has been envisioned as an important application of fog computing in vehicular networks.Parked vehicles with embedded computation resources could be exploited as a supplement for VFC.They cooperate with fog servers to process offloading requests at the vehicular network edge,leading to a new paradigm called parked vehicle assisted fog computing(PVFC).However,each coin has two sides.There is a follow-up challenging issue in the distributed and trustless computing environment.The centralized computation offloading without tamper-proof audit causes security threats.It could not guard against false-reporting,free-riding behaviors,spoofing attacks and repudiation attacks.Thus,we leverage the blockchain technology to achieve decentralized PVFC.Request posting,workload undertaking,task evaluation and reward assignment are organized and validated automatically through smart contract executions.Network activities in computation offloading become transparent,verifiable and traceable to eliminate security risks.To this end,we introduce network entities and design interactive smart contract operations across them.The optimal smart contract design problem is formulated and solved within the Stackelberg game framework to minimize the total payments for users.Security analysis and extensive numerical results are provided to demonstrate that our scheme has high security and efficiency guarantee.
基金supported by the National Key R&D Program of China (2020YFB2008400)LAGEO of Chinese Academy of Sciences (LAGEO-2019-2)+11 种基金Program for Science&Technology Innovation Talents in the University of Henan Province (20HASTIT022)21th Project of the Xizang Cultural Inheritance and Development Collaborative Innovation Center in 2018 (21IRTSTHN015)Natural Science Foundation of Xizang Named“Research of Key Technology of Millimeter Wave MIMO Secure Transmission with Relay Enhancement”in 2018Xizang Autonomous Region Education Science“13th Five-year Plan”Major Project for 2018 (XZJKY201803)Natural Science Foundation of Henan under Grant 202300410126Young Backbone Teachers in Henan Province (2018GGJS049)Henan Province Young Talent Lift Project (2020HYTP009)Program for Innovative Research Team in University of Henan Province (21IRTSTHNO15)Equipment Pre-research Joint Research Program of Ministry of Education (8091B032129)Training Program for Young Scholar of Henan Province for Colleges and Universities under Grand (2020GGJS172)Program for Science&Technology Innovation Talents in Universities of Henan Province under Grand (22HASTIT020)Henan Province Science Fund for Distinguished Young Scholars (222300420006).
文摘The huge increase in the communication network rate has made the application fields and scenarios for vehicular ad hoc networks more abundant and diversified and proposed more requirements for the efficiency and quality of data transmission.To improve the limited communication distance and poor communication quality of the Internet of Vehicles(IoV),an optimal intelligent routing algorithm is proposed in this paper.Combined multiweight decision algorithm with the greedy perimeter stateless routing protocol,designed and evaluated standardized function for link stability.Linear additive weighting is used to optimize link stability and distance to improve the packet delivery rate of the IoV.The blockchain system is used as the storage structure for relay data,and the smart contract incentive algorithm based on machine learning is used to encourage relay vehicles to provide more communication bandwidth for data packet transmission.The proposed scheme is simulated and analyzed under different scenarios and different parameters.The experimental results demonstrate that the proposed scheme can effectively reduce the packet loss rate and improve system performance.
基金This work was supported by the National Natural Science Foundation of China(Grant No.61762033)Hainan Provincial Natural Science Foundation of China(Grant Nos.2019RC041 and 2019RC098)+2 种基金Opening Project of Shanghai Trusted Industrial Control Platform(Grant No.TICPSH202003005-ZC)Ministry of Education Humanities and Social Sciences Research Program Fund Project(Grant No.19YJA710010)Zhejiang Public Welfare Technology Research(Grant No.LGF18F020019).
文摘Security and privacy issues have become a rapidly growing problem with the fast development of big data in public health.However,big data faces many ongoing serious challenges in the process of collection,storage,and use.Among them,data security and privacy problems have attracted extensive interest.In an effort to overcome this challenge,this article aims to present a distributed privacy preservation approach based on smart contracts and Intel Software Guard Extensions(SGX).First of all,we define SGX as a trusted edge computing node,design data access module,data protection module,and data integrity check module,to achieve hardware-enhanced data privacy protection.Then,we design a smart contract framework to realize distributed data access control management in a big data environment.The crucial role of the smart contract was revealed by designing multiple access control contracts,register contracts,and history contracts.Access control contracts provide access control methods for different users and enable static access verification and dynamic access verification by checking the user’s properties and history behavior.Register contract contains user property information,edge computing node information,the access control and history smart contract information,and provides functions such as registration,update,and deletion.History contract records the historical behavior information of malicious users,receives the report information of malicious requestors from the access control contract,implements a misbehavior check method to determines whether the requestor has misbehavior,and returns the corresponding result.Finally,we design decentralized system architecture,prove the security properties,and analysis to verify the feasibility of the system.Results demonstrate that our method can effectively improve the timeliness of data,reduce network latency,and ensure the security,reliability,and traceability of data.
基金This work was supported by the Guangdong Province Key Field Research and Development Program under Nos.2019B010137003 and 2019B010136004the National Key Research and Development Program under Grant Nos.2018YFB0803504 and 2019YFA0706404.
文摘A smart contract honeypot is a special type of smart contract.This type of contract seems to have obvious vulnerabilities in contract design.If a user transfers a certain amount of funds to the contract,then the user can withdraw the funds in the contract.However,once users try to take advantage of this seemingly obvious vulnerability,they will fall into a real trap.Consequently,the user’s investment in the contract cannot be retrieved.The honeypot induces other accounts to launch funds,which seriously threatens the security of property on the blockchain.Detection methods for honeypots are available.However,studying the manner by which to defend existing honeypots is insufficient to fight against honeypots.The new honeypots that may appear in the future from the perspective of an attacker must also be predicted.Therefore,we propose a type of adversarial honeypot.The code and behavioral features of honeypots are obtained through a comparative analysis of the 158,568 nonhoneypots and 352 honeypots.To build an adversarial honeypot,we try to separately hide these features and make the honeypot bypass the existing detection technology.We construct 18 instances on the basis of the proposed adversarial honeypot and use an open-source honeypot detection tool to detect these instances.The experimental result shows that the proposed honeypot can bypass the detection tool with a 100%ratio.Therefore,this type of honeypot should be given attention,and defensive measures should be proposed as soon as possible.
基金This work was supported by the Scientific and Technological Project of Henan Province(Grant No.202102310340)Foundation of University Young Key Teacher of Henan Province(Grant Nos.2019GGJS040,2020GGJS027)+1 种基金Key Scientific Research Projects of Colleges and Universities in Henan Province(Grant No.21A110005)National Natual Science Foundation of China(61701170).
文摘The emergence of smart contracts has increased the attention of industry and academia to blockchain technology,which is tamper-proofing,decentralized,autonomous,and enables decentralized applications to operate in untrustworthy environments.However,these features of this technology are also easily exploited by unscrupulous individuals,a typical example of which is the Ponzi scheme in Ethereum.The negative effect of unscrupulous individuals writing Ponzi scheme-type smart contracts in Ethereum and then using these contracts to scam large amounts of money has been significant.To solve this problem,we propose a detection model for detecting Ponzi schemes in smart contracts using bytecode.In this model,our innovation is shown in two aspects:We first propose to use two bytes as one characteristic,which can quickly transform the bytecode into a high-dimensional matrix,and this matrix contains all the implied characteristics in the bytecode.Then,We innovatively transformed the Ponzi schemes detection into an anomaly detection problem.Finally,an anomaly detection algorithm is used to identify Ponzi schemes in smart contracts.Experimental results show that the proposed detection model can greatly improve the accuracy of the detection of the Ponzi scheme contracts.Moreover,the F1-score of this model can reach 0.88,which is far better than those of other traditional detection models.
基金This work was supported by the National Natural Science Foundation of China(Nos.61601107,U1708262 and 61872449)China Postdoctoral Science Foundation(No.2019M653568)The Fundamental Research Funds for the Central Universities(No.Nl 72304023).
文摘With the development of communication 5G networks and technologies,spectrum resources are increasingly scarce.The scarcity of the spectrum resource makes market-driven spectrum auction become an important means of spectrum allocation,and due to the complexity of the network environment,the security of spectrum auctions can not be ignored.Most existing secure spectrum auction schemes introduce a semi-honest agent to complete spectrum auction.However,the hypothetical semi-honest model does not guarantee the security of spectnim auction in the actual application scenario,which may lead to potential security threats:the agent may reveal the privacy of bidders,agent or auctioneer may collude with the bidder to manipulate the spectrum auction,and so on.In this paper,a secure spectrum auction scheme without a trusted party is proposed based on the smart contract technology,and the smart contract written into the blockchain replaces the traditional semi-honest agent to cooperate with the auctioneer server to complete the auction.In order to ensure the security of our scheme,a secure spectrum auction protocol is designed,in which the Software Guard Extensions(SGX)technology and Paillier cryptosystem are used to protect the privacy of bidders.Public verification is provided in our protocol by using extensive Pedersen commitment,which prevents the auctioneer server and the bidder from colluding with each other and verifies group bid sum values.Finally,the security analysis is given to propose several types of attacks that can be defended.Besides,theoretical analysis and simulation experiments of our protocol are also provided.
