As blockchain technology rapidly evolves,smart contracts have seen widespread adoption in financial transactions and beyond.However,the growing prevalence of malicious Ponzi scheme contracts presents serious security ...As blockchain technology rapidly evolves,smart contracts have seen widespread adoption in financial transactions and beyond.However,the growing prevalence of malicious Ponzi scheme contracts presents serious security threats to blockchain ecosystems.Although numerous detection techniques have been proposed,existing methods suffer from significant limitations,such as class imbalance and insufficient modeling of transaction-related semantic features.To address these challenges,this paper proposes an oversampling-based detection framework for Ponzi smart contracts.We enhance the Adaptive Synthetic Sampling(ADASYN)algorithm by incorporating sample proximity to decision boundaries and ensuring realistic sample distributions.This enhancement facilitates the generation of high-quality minority class samples and effectively mitigates class imbalance.In addition,we design a Contract Transaction Graph(CTG)construction algorithm to preserve key transactional semantics through feature extraction from contract code.A graph neural network(GNN)is then applied for classification.This study employs a publicly available dataset from the XBlock platform,consisting of 318 verified Ponzi contracts and 6498 benign contracts.Sourced from real Ethereum deployments,the dataset reflects diverse application scenarios and captures the varied characteristics of Ponzi schemes.Experimental results demonstrate that our approach achieves an accuracy of 96%,a recall of 92%,and an F1-score of 94%in detecting Ponzi contracts,outperforming state-of-the-art methods.展开更多
Industrial Cyber-Physical Systems(ICPSs)play a vital role in modern industries by providing an intellectual foundation for automated operations.With the increasing integration of information-driven processes,ensuring ...Industrial Cyber-Physical Systems(ICPSs)play a vital role in modern industries by providing an intellectual foundation for automated operations.With the increasing integration of information-driven processes,ensuring the security of Industrial Control Production Systems(ICPSs)has become a critical challenge.These systems are highly vulnerable to attacks such as denial-of-service(DoS),eclipse,and Sybil attacks,which can significantly disrupt industrial operations.This work proposes an effective protection strategy using an Artificial Intelligence(AI)-enabled Smart Contract(SC)framework combined with the Heterogeneous Barzilai-Borwein Support Vector(HBBSV)method for industrial-based CPS environments.The approach reduces run time and minimizes the probability of attacks.Initially,secured ICPSs are achieved through a comprehensive exchange of views on production plant strategies for condition monitoring using SC and blockchain(BC)integrated within a BC network.The SC executes the HBBSV strategy to verify the security consensus.The Barzilai-Borwein Support Vectorized algorithm computes abnormal attack occurrence probabilities to ensure that components operate within acceptable production line conditions.When a component remains within these conditions,no security breach occurs.Conversely,if a component does not satisfy the condition boundaries,a security lapse is detected,and those components are isolated.The HBBSV method thus strengthens protection against DoS,eclipse,and Sybil attacks.Experimental results demonstrate that the proposed HBBSV approach significantly improves security by enhancing authentication accuracy while reducing run time and authentication time compared to existing techniques.展开更多
This article explores the characteristics of data resources from the perspective of production factors,analyzes the demand for trustworthy circulation technology,designs a fusion architecture and related solutions,inc...This article explores the characteristics of data resources from the perspective of production factors,analyzes the demand for trustworthy circulation technology,designs a fusion architecture and related solutions,including multi-party data intersection calculation,distributed machine learning,etc.It also compares performance differences,conducts formal verification,points out the value and limitations of architecture innovation,and looks forward to future opportunities.展开更多
With the rapid proliferation of Internet ofThings(IoT)devices,ensuring their communication security has become increasingly important.Blockchain and smart contract technologies,with their decentralized nature,provide ...With the rapid proliferation of Internet ofThings(IoT)devices,ensuring their communication security has become increasingly important.Blockchain and smart contract technologies,with their decentralized nature,provide strong security guarantees for IoT.However,at the same time,smart contracts themselves face numerous security challenges,among which reentrancy vulnerabilities are particularly prominent.Existing detection tools for reentrancy vulnerabilities often suffer from high false positive and false negative rates due to their reliance on identifying patterns related to specific transfer functions.To address these limitations,this paper proposes a novel detection method that combines pattern matching with deep learning.Specifically,we carefully identify and define three common patterns of reentrancy vulnerabilities in smart contracts.Then,we extract key vulnerability features based on these patterns.Furthermore,we employ a Graph Attention Neural Network to extract graph embedding features from the contract graph,capturing the complex relationships between different components of the contract.Finally,we use an attention mechanism to fuse these two sets of feature information,enhancing the weights of effective information and suppressing irrelevant information,thereby significantly improving the accuracy and robustness of vulnerability detection.Experimental results demonstrate that our proposed method outperforms existing state-ofthe-art techniques,achieving a 3.88%improvement in accuracy compared to the latest vulnerability detection model AME(Attentive Multi-Encoder Network).This indicates that our method effectively reduces false positives and false negatives,significantly enhancing the security and reliability of smart contracts in the evolving IoT ecosystem.展开更多
In this paper,we deal with questions related to blockchains in complex Internet of Things(IoT)-based ecosystems.Such ecosystems are typically composed of IoT devices,edge devices,cloud computing software services,as w...In this paper,we deal with questions related to blockchains in complex Internet of Things(IoT)-based ecosystems.Such ecosystems are typically composed of IoT devices,edge devices,cloud computing software services,as well as people,who are decision makers in scenarios such as smart cities.Many decisions related to analytics can be based on data coming from IoT sensors,software services,and people.However,they are typically based on different levels of abstraction and granularity.This poses a number of challenges when multiple blockchains are used together with smart contracts.This work proposes to apply our concept of elasticity to smart contracts and thereby enabling analytics in and between multiple blockchains in the context of IoT.We propose a reference architecture for Elastic Smart Contracts and evaluate the approach in a smart city scenario,discussing the benefits in terms of performance and self-adaptability of our solution.展开更多
The emergence of smart contracts has increased the attention of industry and academia to blockchain technology,which is tamper-proofing,decentralized,autonomous,and enables decentralized applications to operate in unt...The emergence of smart contracts has increased the attention of industry and academia to blockchain technology,which is tamper-proofing,decentralized,autonomous,and enables decentralized applications to operate in untrustworthy environments.However,these features of this technology are also easily exploited by unscrupulous individuals,a typical example of which is the Ponzi scheme in Ethereum.The negative effect of unscrupulous individuals writing Ponzi scheme-type smart contracts in Ethereum and then using these contracts to scam large amounts of money has been significant.To solve this problem,we propose a detection model for detecting Ponzi schemes in smart contracts using bytecode.In this model,our innovation is shown in two aspects:We first propose to use two bytes as one characteristic,which can quickly transform the bytecode into a high-dimensional matrix,and this matrix contains all the implied characteristics in the bytecode.Then,We innovatively transformed the Ponzi schemes detection into an anomaly detection problem.Finally,an anomaly detection algorithm is used to identify Ponzi schemes in smart contracts.Experimental results show that the proposed detection model can greatly improve the accuracy of the detection of the Ponzi scheme contracts.Moreover,the F1-score of this model can reach 0.88,which is far better than those of other traditional detection models.展开更多
Cloud computing has emerged as a viable alternative to traditional computing infrastructures,offering various benefits.However,the adoption of cloud storage poses significant risks to data secrecy and integrity.This a...Cloud computing has emerged as a viable alternative to traditional computing infrastructures,offering various benefits.However,the adoption of cloud storage poses significant risks to data secrecy and integrity.This article presents an effective mechanism to preserve the secrecy and integrity of data stored on the public cloud by leveraging blockchain technology,smart contracts,and cryptographic primitives.The proposed approach utilizes a Solidity-based smart contract as an auditor for maintaining and verifying the integrity of outsourced data.To preserve data secrecy,symmetric encryption systems are employed to encrypt user data before outsourcing it.An extensive performance analysis is conducted to illustrate the efficiency of the proposed mechanism.Additionally,a rigorous assessment is conducted to ensure that the developed smart contract is free from vulnerabilities and to measure its associated running costs.The security analysis of the proposed system confirms that our approach can securely maintain the confidentiality and integrity of cloud storage,even in the presence of malicious entities.The proposed mechanism contributes to enhancing data security in cloud computing environments and can be used as a foundation for developing more secure cloud storage systems.展开更多
In recent years,the number of smart contracts deployed on blockchain has exploded.However,the issue of vulnerability has caused incalculable losses.Due to the irreversible and immutability of smart contracts,vulnerabi...In recent years,the number of smart contracts deployed on blockchain has exploded.However,the issue of vulnerability has caused incalculable losses.Due to the irreversible and immutability of smart contracts,vulnerability detection has become particularly important.With the popular use of neural network model,there has been a growing utilization of deep learning-based methods and tools for the identification of vulnerabilities within smart contracts.This paper commences by providing a succinct overview of prevalent categories of vulnerabilities found in smart contracts.Subsequently,it categorizes and presents an overview of contemporary deep learning-based tools developed for smart contract detection.These tools are categorized based on their open-source status,the data format and the type of feature extraction they employ.Then we conduct a comprehensive comparative analysis of these tools,selecting representative tools for experimental validation and comparing them with traditional tools in terms of detection coverage and accuracy.Finally,Based on the insights gained from the experimental results and the current state of research in the field of smart contract vulnerability detection tools,we suppose to provide a reference standard for developers of contract vulnerability detection tools.Meanwhile,forward-looking research directions are also proposed for deep learning-based smart contract vulnerability detection.展开更多
The rapid increase in vehicle traffic volume in modern societies has raised the need to develop innovative solutions to reduce traffic congestion and enhance traffic management efficiency.Revolutionary advanced techno...The rapid increase in vehicle traffic volume in modern societies has raised the need to develop innovative solutions to reduce traffic congestion and enhance traffic management efficiency.Revolutionary advanced technology,such as Intelligent Transportation Systems(ITS),enables improved traffic management,helps eliminate congestion,and supports a safer environment.ITS provides real-time information on vehicle traffic and transportation systems that can improve decision-making for road users.However,ITS suffers from routing issues at the network layer when utilising Vehicular Ad Hoc Networks(VANETs).This is because each vehicle plays the role of a router in this network,which leads to a complex vehicle communication network,causing issues such as repeated link breakages between vehicles resulting from the mobility of the network and rapid topological variation.This may lead to loss or delay in packet transmissions;this weakness can be exploited in routing attacks,such as black-hole and gray-hole attacks,that threaten the availability of ITS services.In this paper,a Blockchain-based smart contracts model is proposed to offer convenient and comprehensive security mechanisms,enhancing the trustworthiness between vehicles.Self-Classification Blockchain-Based Contracts(SCBC)and Voting-Classification Blockchain-Based Contracts(VCBC)are utilised in the proposed protocol.The results show that VCBC succeeds in attaining better results in PDR and TP performance even in the presence of Blackhole and Grayhole attacks.展开更多
With the increasing popularity of Ethereum,smart contracts have become a prime target for fraudulent activities such as Ponzi,honeypot,gambling,and phishing schemes.While some researchers have studied intelligent frau...With the increasing popularity of Ethereum,smart contracts have become a prime target for fraudulent activities such as Ponzi,honeypot,gambling,and phishing schemes.While some researchers have studied intelligent fraud detection,most research has focused on identifying Ponzi contracts,with little attention given to detecting and preventing gambling or phishing contracts.There are three main issues with current research.Firstly,there exists a severe data imbalance between fraudulent and non-fraudulent contracts.Secondly,the existing detection methods rely on diverse raw features that may not generalize well in identifying various classes of fraudulent contracts.Lastly,most prior studies have used contract source code as raw features,but many smart contracts only exist in bytecode.To address these issues,we propose a fraud detection method that utilizes Efficient Channel Attention EfficientNet(ECA-EfficientNet)and data enhancement.Our method begins by converting bytecode into Red Green Blue(RGB)three-channel images and then applying channel exchange data enhancement.We then use the enhanced ECA-EfficientNet approach to classify fraudulent smart contract RGB images.Our proposed method achieves high F1-score and Recall on both publicly available Ponzi datasets and self-built multi-classification datasets that include Ponzi,honeypot,gambling,and phishing smart contracts.The results of the experiments demonstrate that our model outperforms current methods and their variants in Ponzi contract detection.Our research addresses a significant problem in smart contract security and offers an effective and efficient solution for detecting fraudulent contracts.展开更多
Recently,security issues of smart contracts are arising great attention due to the enormous financial loss caused by vulnerability attacks.There is an increasing need to detect similar codes for hunting vulnerability ...Recently,security issues of smart contracts are arising great attention due to the enormous financial loss caused by vulnerability attacks.There is an increasing need to detect similar codes for hunting vulnerability with the increase of critical security issues in smart contracts.Binary similarity detection that quantitatively measures the given code diffing has been widely adopted to facilitate critical security analysis.However,due to the difference between common programs and smart contract,such as diversity of bytecode generation and highly code homogeneity,directly adopting existing graph matching and machine learning based techniques to smart contracts suffers from low accuracy,poor scalability and the limitation of binary similarity on function level.Therefore,this paper investigates graph neural network to detect smart contract binary code similarity at the program level,where we conduct instruction-level normalization to reduce the noise code for smart contract pre-processing and construct contract control flow graphs to represent smart contracts.In particular,two improved Graph Convolutional Network(GCN)and Message Passing Neural Network(MPNN)models are explored to encode the contract graphs into quantitatively vectors,which can capture the semantic information and the program-wide control flow information with temporal orders.Then we can efficiently accomplish the similarity detection by measuring the distance between two targeted contract embeddings.To evaluate the effectiveness and efficient of our proposed method,extensive experiments are performed on two real-world datasets,i.e.,smart contracts from Ethereum and Enterprise Operation System(EOS)blockchain-based platforms.The results show that our proposed approach outperforms three state-of-the-art methods by a large margin,achieving a great improvement up to 6.1%and 17.06%in accuracy.展开更多
Since the advent of smart contracts,security vulnerabilities have remained a persistent challenge,compromsing both the reliability of contract execution and the overall stability of the virtual currency market.Consequ...Since the advent of smart contracts,security vulnerabilities have remained a persistent challenge,compromsing both the reliability of contract execution and the overall stability of the virtual currency market.Consequently,the academic community has devoted increasing attention to these security risks.However,conventional approaches to vulnerability detection frequently exhibit limited accuracy.To address this limitation,the present study introduces a novel vulnerability detection framework called GNNSE that integrates symbolic execution with graph neural networks(GNNs).The proposedmethod first constructs semantic graphs to comprehensively capture the control flow and data flow dependencies within smart contracts.These graphs are subsequently processed using GNNs to efficiently identify contracts with a high likelihood of vulnerabilities.For these high-risk contracts,symbolic execution is employed to perform fine-grained,path-level analysis,thereby improving overall detection precision.Experimental results on a dataset comprising 10,079 contracts demonstrate that the proposed method achieves detection precisions of 93.58% for reentrancy vulnerabilities and 92.73% for timestamp-dependent vulnerabilities.展开更多
The increased connectivity and reliance on digital technologies have exposed smart transportation systems to various cyber threats,making intrusion detection a critical aspect of ensuring their secure operation.Tradit...The increased connectivity and reliance on digital technologies have exposed smart transportation systems to various cyber threats,making intrusion detection a critical aspect of ensuring their secure operation.Traditional intrusion detection systems have limitations in terms of centralized architecture,lack of transparency,and vulnerability to single points of failure.This is where the integration of blockchain technology with signature-based intrusion detection can provide a robust and decentralized solution for securing smart transportation systems.This study tackles the issue of database manipulation attacks in smart transportation networks by proposing a signaturebased intrusion detection system.The introduced signature facilitates accurate detection and systematic classification of attacks,enabling categorization according to their severity levels within the transportation infrastructure.Through comparative analysis,the research demonstrates that the blockchain-based IDS outperforms traditional approaches in terms of security,resilience,and data integrity.展开更多
Smart contracts(SCs)are crucial in maintaining trust within blockchain networks.However,existing methods for analyzing SC vulnerabilities often lack accuracy and effectiveness,while approaches based on Deep Neural Net...Smart contracts(SCs)are crucial in maintaining trust within blockchain networks.However,existing methods for analyzing SC vulnerabilities often lack accuracy and effectiveness,while approaches based on Deep Neural Networks(DNNs)struggle with detecting complex vulnerabilities due to limited data availability.This paper proposes a novel approach for analyzing SC vulnerabilities.Our method leverages an advanced form of the Genetic Algorithm(GA)and includes the development of a comprehensive benchmark dataset consisting of 36,670 Solidity source code samples.The primary objective of our study is to profile vulnerable SCs effectively.To achieve this goal,we have devised an analyzer called SCsVulLyzer based on GAs,designed explicitly for profiling SCs.Additionally,we have carefully curated a new dataset encompassing a wide range of examples,ensuring the practical validation of our approach.Furthermore,we have established three distinct taxonomies that cover SCs,profiling techniques,and feature extraction.These taxonomies provide a systematic classification and analysis of information,improving the efficiency of our approach.Our methodology underwent rigorous testing through experimentation,and the results demonstrated the superior capabilities of our model in detecting vulnerabilities.Compared to traditional and DNN-based approaches,our approach achieved higher precision,recall,and F1-score,which are widely used metrics for evaluating model performance.Across all these metrics,our model showed exceptional results.The customization and adaptations we implemented within the GA significantly enhanced its effectiveness.Our approach detects SC vulnerabilities more efficiently and facilitates robust exploration.These promising results highlight the potential of GA-based profiling to improve the detection of SC vulnerabilities,contributing to enhanced security in blockchain networks.展开更多
Integer overflow is a common vulnerability in Ethereum Smart Contracts(ESCs)and often causes huge economic losses.Smart contracts cannot be changed once it is deployed on the blockchain and thus demand further testing...Integer overflow is a common vulnerability in Ethereum Smart Contracts(ESCs)and often causes huge economic losses.Smart contracts cannot be changed once it is deployed on the blockchain and thus demand further testing.Mutation testing is a fault-based testing method that can effectively improve the sufficiency of a test for smart contracts.However,existing methods cannot efficiently perform mutation testing specifically for integer overflow in ESCs.Therefore,by analyzing integer overflow in ESCs,we propose five special mutation operators to address such vulnerability in terms of detecting sufficiency in ESC testing.An empirical study on 40 open-source ESCs is conducted to evaluate the effectiveness of the proposed mutation operators.Results show that(1)our proposed mutation operators can reproduce all 179 integer overflow vulnerabilities in 40 smart contracts,and the generated mutants have high compilation pass rate and integer overflow vulnerability generation rate;moreover,(2)the generated mutants can find the shortcomings of existing testing methods for integer overflow vulnerability,thereby providing effective support to improve the sufficiency of the test.展开更多
The development of digital transformation in the construction industry has led to the increasing adoption of smart contracts.As programmable applications to automatically write,verify,and enforce transaction condition...The development of digital transformation in the construction industry has led to the increasing adoption of smart contracts.As programmable applications to automatically write,verify,and enforce transaction conditions,smart contracts can be used in different areas mainly to improve automation level,information security,and built digital environment enhancement.However,the smart contract is commonly mentioned as a blockchain appendage,while its unique connotation and value in the construction industry have not been recognized.Therefore,this study carries out a systematic review based on 81 research articles published from 2014 to 2021 on smart contract applications in construction to explore and highlight their potentials under domain-specific requirements.Results are analyzed according to research type categorization and domain codification.Eight research domains are identified,where the three most highly explored domains are contract and payment,supply chain and logistics,and information management.The integration of smart contracts with other innovative concepts and advanced technologies is analyzed.The applicability,benefits,and challenges of smart contract applications regarding different research domains are discussed.展开更多
Ethereum smart contracts are computer programs that are deployed and executed on the Ethereum blockchain to enforce agreements among untrusting parties.Being the most prominent platform that supports smart contracts,E...Ethereum smart contracts are computer programs that are deployed and executed on the Ethereum blockchain to enforce agreements among untrusting parties.Being the most prominent platform that supports smart contracts,Ethereum has been targeted by many attacks and plagued by security incidents.Consequently,many smart contract vulnerabilities have been discovered in the past decade.To detect and prevent such vulnerabilities,different security analysis tools,including static and dynamic analysis tools,have been created,but their performance decreases drastically when codes to be analyzed are constantly being rewritten.In this paper,we propose Eth2Vec,a machine-learning-based static analysis tool that detects smart contract vulnerabilities.Eth2Vec maintains its robustness against code rewrites;i.e.,it can detect vulnerabilities even in rewritten codes.Other machine-learning-based static analysis tools require features,which analysts create manually,as inputs.In contrast,Eth2Vec uses a neural network for language processing to automatically learn the features of vulnerable contracts.In doing so,Eth2Vec can detect vulnerabilities in smart contracts by comparing the similarities between the codes of a target contract and those of the learned contracts.We performed experiments with existing open databases,such as Etherscan,and Eth2Vec was able to outperform a recent model based on support vector machine in terms of well-known metrics,i.e.,precision,recall,and F1-score.展开更多
Actual challenges with data in physical infrastructure include:1)the adversity of its velocity based on access and retrieval,thus integration;2)its value as its intrinsic quality;3)its extensive volume with a limited ...Actual challenges with data in physical infrastructure include:1)the adversity of its velocity based on access and retrieval,thus integration;2)its value as its intrinsic quality;3)its extensive volume with a limited variety in terms of systems;and finally,4)its veracity,as data can be modified to obtain an economical advantage.Physical infrastructure design based on Agile project management and minimum viable products provides benefits against the traditional waterfall method.Agile supports an early return on investment that promotes circular reinvesting while making the product more adaptable to variable social-economical environments.However,Agile also presents inherent issues due to its iterative approach.Furthermore,project information requires an efficient record of the aims,requirements,and governance not only for the investors,owners,or users but also to keep evidence in future health&safety and other statutory compliance.In order to address these issues,this article presents a Validation and Verification(V&V)model for data marketplaces with a hierarchical process;each data V&V stage provides a layer of data abstraction,value-added services,and authenticity based on Artificial Intelligence(AI).In addition,this proposed solution applies Distributed Ledger Technology(DLT)for a decentralised approach where each user keeps and maintains the data within a ledger.The presented model is validated in real data marketplace applications:1)live data for the Newcastle Urban Observatory Smart City Project,where data are collected from sensors embedded within the smart city via APIs;2)static data for University College London(UCL)—Real Estate—PEARL Project,where different project users and stakeholders introduce data into a Project Information Model(PIM).展开更多
Blockchains and smart contracts are gaining momentum as enabling technologies for a wide set of applications where data distribution and sharing among decentralized infrastructures is required.In this work,we present ...Blockchains and smart contracts are gaining momentum as enabling technologies for a wide set of applications where data distribution and sharing among decentralized infrastructures is required.In this work,we present a distributed application developed using blockchain technologies that allows individuals and health insurance organizations to come into agreement during the implementation of the healthcare insurance policies in each contract.For this purpose,health standards and semantic web technologies were used for the formal expression of both the insured individual's data and contract terms.Accordingly,a fine-grained data access policy was applied for evaluating contract terms on the basis of relevant data captured in healthcare settings.A prototype was implemented involving the development of several different smart contracts for the Ethereum platform as well as the necessary visual environment for accessing them.The developed system validates various features related to blockchain and smart contract features that are briefly discussed in this work,part of which can be mitigated or resolved through the use of a private permissioned blockchain.The application of well-established techniques for potential malfunctions of external services could also boost the security of the system and prevent it from potential attacks.展开更多
From 26 to 27 October 2017, the Centre for Cross-Border Commercial Law in Asia of Singapore Management University (SMU) Law School held an international conference entitled "Future of Law Conference: The Internet ...From 26 to 27 October 2017, the Centre for Cross-Border Commercial Law in Asia of Singapore Management University (SMU) Law School held an international conference entitled "Future of Law Conference: The Internet of Things, Smart Contracts and Intelligent Machines" in Singapore. The conference brought together the leading thinkers in academia and practice in the field of information technology law to discuss the legal and regulatory implications of recent technological developments. Associate Professor ZHANG Jiyu and Associate Professor DING Xiaodong of the Law and Technology Institute of Renmin Law School were invited to attend the conference.展开更多
基金supported by the Key Project of Joint Fund of the National Natural Science Foundation of China“Research on Key Technologies and Demonstration Applications for Trusted and Secure Data Circulation and Trading”(U24A20241)the National Natural Science Foundation of China“Research on Trusted Theories and Key Technologies of Data Security Trading Based on Blockchain”(62202118)+4 种基金the Major Scientific and Technological Special Project of Guizhou Province([2024]014)Scientific and Technological Research Projects from the Guizhou Education Department(Qian jiao ji[2023]003)the Hundred-Level Innovative Talent Project of the Guizhou Provincial Science and Technology Department(Qiankehe Platform Talent-GCC[2023]018)the Major Project of Guizhou Province“Research and Application of Key Technologies for Trusted Large Models Oriented to Public Big Data”(Qiankehe Major Project[2024]003)the Guizhou Province Computational Power Network Security Protection Science and Technology Innovation Talent Team(Qiankehe Talent CXTD[2025]029).
文摘As blockchain technology rapidly evolves,smart contracts have seen widespread adoption in financial transactions and beyond.However,the growing prevalence of malicious Ponzi scheme contracts presents serious security threats to blockchain ecosystems.Although numerous detection techniques have been proposed,existing methods suffer from significant limitations,such as class imbalance and insufficient modeling of transaction-related semantic features.To address these challenges,this paper proposes an oversampling-based detection framework for Ponzi smart contracts.We enhance the Adaptive Synthetic Sampling(ADASYN)algorithm by incorporating sample proximity to decision boundaries and ensuring realistic sample distributions.This enhancement facilitates the generation of high-quality minority class samples and effectively mitigates class imbalance.In addition,we design a Contract Transaction Graph(CTG)construction algorithm to preserve key transactional semantics through feature extraction from contract code.A graph neural network(GNN)is then applied for classification.This study employs a publicly available dataset from the XBlock platform,consisting of 318 verified Ponzi contracts and 6498 benign contracts.Sourced from real Ethereum deployments,the dataset reflects diverse application scenarios and captures the varied characteristics of Ponzi schemes.Experimental results demonstrate that our approach achieves an accuracy of 96%,a recall of 92%,and an F1-score of 94%in detecting Ponzi contracts,outperforming state-of-the-art methods.
文摘Industrial Cyber-Physical Systems(ICPSs)play a vital role in modern industries by providing an intellectual foundation for automated operations.With the increasing integration of information-driven processes,ensuring the security of Industrial Control Production Systems(ICPSs)has become a critical challenge.These systems are highly vulnerable to attacks such as denial-of-service(DoS),eclipse,and Sybil attacks,which can significantly disrupt industrial operations.This work proposes an effective protection strategy using an Artificial Intelligence(AI)-enabled Smart Contract(SC)framework combined with the Heterogeneous Barzilai-Borwein Support Vector(HBBSV)method for industrial-based CPS environments.The approach reduces run time and minimizes the probability of attacks.Initially,secured ICPSs are achieved through a comprehensive exchange of views on production plant strategies for condition monitoring using SC and blockchain(BC)integrated within a BC network.The SC executes the HBBSV strategy to verify the security consensus.The Barzilai-Borwein Support Vectorized algorithm computes abnormal attack occurrence probabilities to ensure that components operate within acceptable production line conditions.When a component remains within these conditions,no security breach occurs.Conversely,if a component does not satisfy the condition boundaries,a security lapse is detected,and those components are isolated.The HBBSV method thus strengthens protection against DoS,eclipse,and Sybil attacks.Experimental results demonstrate that the proposed HBBSV approach significantly improves security by enhancing authentication accuracy while reducing run time and authentication time compared to existing techniques.
文摘This article explores the characteristics of data resources from the perspective of production factors,analyzes the demand for trustworthy circulation technology,designs a fusion architecture and related solutions,including multi-party data intersection calculation,distributed machine learning,etc.It also compares performance differences,conducts formal verification,points out the value and limitations of architecture innovation,and looks forward to future opportunities.
基金supported by theHigher Education Research Project of Jilin Province:JGJX24C118the National Defense Basic Scientific Research Program of China(No.JCKY2023602C026).
文摘With the rapid proliferation of Internet ofThings(IoT)devices,ensuring their communication security has become increasingly important.Blockchain and smart contract technologies,with their decentralized nature,provide strong security guarantees for IoT.However,at the same time,smart contracts themselves face numerous security challenges,among which reentrancy vulnerabilities are particularly prominent.Existing detection tools for reentrancy vulnerabilities often suffer from high false positive and false negative rates due to their reliance on identifying patterns related to specific transfer functions.To address these limitations,this paper proposes a novel detection method that combines pattern matching with deep learning.Specifically,we carefully identify and define three common patterns of reentrancy vulnerabilities in smart contracts.Then,we extract key vulnerability features based on these patterns.Furthermore,we employ a Graph Attention Neural Network to extract graph embedding features from the contract graph,capturing the complex relationships between different components of the contract.Finally,we use an attention mechanism to fuse these two sets of feature information,enhancing the weights of effective information and suppressing irrelevant information,thereby significantly improving the accuracy and robustness of vulnerability detection.Experimental results demonstrate that our proposed method outperforms existing state-ofthe-art techniques,achieving a 3.88%improvement in accuracy compared to the latest vulnerability detection model AME(Attentive Multi-Encoder Network).This indicates that our method effectively reduces false positives and false negatives,significantly enhancing the security and reliability of smart contracts in the evolving IoT ecosystem.
基金This work was partially supported by FEDER/Ministerio de Ciencia e Innovación-Agencia Estatal de Investigación under project HORATIO(RTI2018-101204-B-C21)by Junta de Andalucía under projects APOLO(US-1264651)and EKIPMENT-PLUS(P18-FR-2895)by the TU Wien Research Cluster Smart CT.
文摘In this paper,we deal with questions related to blockchains in complex Internet of Things(IoT)-based ecosystems.Such ecosystems are typically composed of IoT devices,edge devices,cloud computing software services,as well as people,who are decision makers in scenarios such as smart cities.Many decisions related to analytics can be based on data coming from IoT sensors,software services,and people.However,they are typically based on different levels of abstraction and granularity.This poses a number of challenges when multiple blockchains are used together with smart contracts.This work proposes to apply our concept of elasticity to smart contracts and thereby enabling analytics in and between multiple blockchains in the context of IoT.We propose a reference architecture for Elastic Smart Contracts and evaluate the approach in a smart city scenario,discussing the benefits in terms of performance and self-adaptability of our solution.
基金This work was supported by the Scientific and Technological Project of Henan Province(Grant No.202102310340)Foundation of University Young Key Teacher of Henan Province(Grant Nos.2019GGJS040,2020GGJS027)+1 种基金Key Scientific Research Projects of Colleges and Universities in Henan Province(Grant No.21A110005)National Natual Science Foundation of China(61701170).
文摘The emergence of smart contracts has increased the attention of industry and academia to blockchain technology,which is tamper-proofing,decentralized,autonomous,and enables decentralized applications to operate in untrustworthy environments.However,these features of this technology are also easily exploited by unscrupulous individuals,a typical example of which is the Ponzi scheme in Ethereum.The negative effect of unscrupulous individuals writing Ponzi scheme-type smart contracts in Ethereum and then using these contracts to scam large amounts of money has been significant.To solve this problem,we propose a detection model for detecting Ponzi schemes in smart contracts using bytecode.In this model,our innovation is shown in two aspects:We first propose to use two bytes as one characteristic,which can quickly transform the bytecode into a high-dimensional matrix,and this matrix contains all the implied characteristics in the bytecode.Then,We innovatively transformed the Ponzi schemes detection into an anomaly detection problem.Finally,an anomaly detection algorithm is used to identify Ponzi schemes in smart contracts.Experimental results show that the proposed detection model can greatly improve the accuracy of the detection of the Ponzi scheme contracts.Moreover,the F1-score of this model can reach 0.88,which is far better than those of other traditional detection models.
文摘Cloud computing has emerged as a viable alternative to traditional computing infrastructures,offering various benefits.However,the adoption of cloud storage poses significant risks to data secrecy and integrity.This article presents an effective mechanism to preserve the secrecy and integrity of data stored on the public cloud by leveraging blockchain technology,smart contracts,and cryptographic primitives.The proposed approach utilizes a Solidity-based smart contract as an auditor for maintaining and verifying the integrity of outsourced data.To preserve data secrecy,symmetric encryption systems are employed to encrypt user data before outsourcing it.An extensive performance analysis is conducted to illustrate the efficiency of the proposed mechanism.Additionally,a rigorous assessment is conducted to ensure that the developed smart contract is free from vulnerabilities and to measure its associated running costs.The security analysis of the proposed system confirms that our approach can securely maintain the confidentiality and integrity of cloud storage,even in the presence of malicious entities.The proposed mechanism contributes to enhancing data security in cloud computing environments and can be used as a foundation for developing more secure cloud storage systems.
基金funded by the Major PublicWelfare Special Fund of Henan Province(No.201300210200)the Major Science and Technology Research Special Fund of Henan Province(No.221100210400).
文摘In recent years,the number of smart contracts deployed on blockchain has exploded.However,the issue of vulnerability has caused incalculable losses.Due to the irreversible and immutability of smart contracts,vulnerability detection has become particularly important.With the popular use of neural network model,there has been a growing utilization of deep learning-based methods and tools for the identification of vulnerabilities within smart contracts.This paper commences by providing a succinct overview of prevalent categories of vulnerabilities found in smart contracts.Subsequently,it categorizes and presents an overview of contemporary deep learning-based tools developed for smart contract detection.These tools are categorized based on their open-source status,the data format and the type of feature extraction they employ.Then we conduct a comprehensive comparative analysis of these tools,selecting representative tools for experimental validation and comparing them with traditional tools in terms of detection coverage and accuracy.Finally,Based on the insights gained from the experimental results and the current state of research in the field of smart contract vulnerability detection tools,we suppose to provide a reference standard for developers of contract vulnerability detection tools.Meanwhile,forward-looking research directions are also proposed for deep learning-based smart contract vulnerability detection.
文摘The rapid increase in vehicle traffic volume in modern societies has raised the need to develop innovative solutions to reduce traffic congestion and enhance traffic management efficiency.Revolutionary advanced technology,such as Intelligent Transportation Systems(ITS),enables improved traffic management,helps eliminate congestion,and supports a safer environment.ITS provides real-time information on vehicle traffic and transportation systems that can improve decision-making for road users.However,ITS suffers from routing issues at the network layer when utilising Vehicular Ad Hoc Networks(VANETs).This is because each vehicle plays the role of a router in this network,which leads to a complex vehicle communication network,causing issues such as repeated link breakages between vehicles resulting from the mobility of the network and rapid topological variation.This may lead to loss or delay in packet transmissions;this weakness can be exploited in routing attacks,such as black-hole and gray-hole attacks,that threaten the availability of ITS services.In this paper,a Blockchain-based smart contracts model is proposed to offer convenient and comprehensive security mechanisms,enhancing the trustworthiness between vehicles.Self-Classification Blockchain-Based Contracts(SCBC)and Voting-Classification Blockchain-Based Contracts(VCBC)are utilised in the proposed protocol.The results show that VCBC succeeds in attaining better results in PDR and TP performance even in the presence of Blackhole and Grayhole attacks.
基金supported by the National Natural Science Foundation of China,Grant Number:U1603115Science and Technology Project of Autonomous Region,Grant Number:2020A02001-1Research on Short-Term and Impending Precipitation Prediction Model and Accuracy Evaluation in Northern Xinjiang Based on Deep Learning,Grant Number:2021D01C080.
文摘With the increasing popularity of Ethereum,smart contracts have become a prime target for fraudulent activities such as Ponzi,honeypot,gambling,and phishing schemes.While some researchers have studied intelligent fraud detection,most research has focused on identifying Ponzi contracts,with little attention given to detecting and preventing gambling or phishing contracts.There are three main issues with current research.Firstly,there exists a severe data imbalance between fraudulent and non-fraudulent contracts.Secondly,the existing detection methods rely on diverse raw features that may not generalize well in identifying various classes of fraudulent contracts.Lastly,most prior studies have used contract source code as raw features,but many smart contracts only exist in bytecode.To address these issues,we propose a fraud detection method that utilizes Efficient Channel Attention EfficientNet(ECA-EfficientNet)and data enhancement.Our method begins by converting bytecode into Red Green Blue(RGB)three-channel images and then applying channel exchange data enhancement.We then use the enhanced ECA-EfficientNet approach to classify fraudulent smart contract RGB images.Our proposed method achieves high F1-score and Recall on both publicly available Ponzi datasets and self-built multi-classification datasets that include Ponzi,honeypot,gambling,and phishing smart contracts.The results of the experiments demonstrate that our model outperforms current methods and their variants in Ponzi contract detection.Our research addresses a significant problem in smart contract security and offers an effective and efficient solution for detecting fraudulent contracts.
基金supported by the Basic Research Program(No.JCKY2019210B029)Network threat depth analysis software(KY10800210013).
文摘Recently,security issues of smart contracts are arising great attention due to the enormous financial loss caused by vulnerability attacks.There is an increasing need to detect similar codes for hunting vulnerability with the increase of critical security issues in smart contracts.Binary similarity detection that quantitatively measures the given code diffing has been widely adopted to facilitate critical security analysis.However,due to the difference between common programs and smart contract,such as diversity of bytecode generation and highly code homogeneity,directly adopting existing graph matching and machine learning based techniques to smart contracts suffers from low accuracy,poor scalability and the limitation of binary similarity on function level.Therefore,this paper investigates graph neural network to detect smart contract binary code similarity at the program level,where we conduct instruction-level normalization to reduce the noise code for smart contract pre-processing and construct contract control flow graphs to represent smart contracts.In particular,two improved Graph Convolutional Network(GCN)and Message Passing Neural Network(MPNN)models are explored to encode the contract graphs into quantitatively vectors,which can capture the semantic information and the program-wide control flow information with temporal orders.Then we can efficiently accomplish the similarity detection by measuring the distance between two targeted contract embeddings.To evaluate the effectiveness and efficient of our proposed method,extensive experiments are performed on two real-world datasets,i.e.,smart contracts from Ethereum and Enterprise Operation System(EOS)blockchain-based platforms.The results show that our proposed approach outperforms three state-of-the-art methods by a large margin,achieving a great improvement up to 6.1%and 17.06%in accuracy.
基金supported by the National Key Research and Development Program of China(2020YFB1005704).
文摘Since the advent of smart contracts,security vulnerabilities have remained a persistent challenge,compromsing both the reliability of contract execution and the overall stability of the virtual currency market.Consequently,the academic community has devoted increasing attention to these security risks.However,conventional approaches to vulnerability detection frequently exhibit limited accuracy.To address this limitation,the present study introduces a novel vulnerability detection framework called GNNSE that integrates symbolic execution with graph neural networks(GNNs).The proposedmethod first constructs semantic graphs to comprehensively capture the control flow and data flow dependencies within smart contracts.These graphs are subsequently processed using GNNs to efficiently identify contracts with a high likelihood of vulnerabilities.For these high-risk contracts,symbolic execution is employed to perform fine-grained,path-level analysis,thereby improving overall detection precision.Experimental results on a dataset comprising 10,079 contracts demonstrate that the proposed method achieves detection precisions of 93.58% for reentrancy vulnerabilities and 92.73% for timestamp-dependent vulnerabilities.
基金supported by the National Research Foundation(NRF),Republic of Korea,under project BK21 FOUR(4299990213939).
文摘The increased connectivity and reliance on digital technologies have exposed smart transportation systems to various cyber threats,making intrusion detection a critical aspect of ensuring their secure operation.Traditional intrusion detection systems have limitations in terms of centralized architecture,lack of transparency,and vulnerability to single points of failure.This is where the integration of blockchain technology with signature-based intrusion detection can provide a robust and decentralized solution for securing smart transportation systems.This study tackles the issue of database manipulation attacks in smart transportation networks by proposing a signaturebased intrusion detection system.The introduced signature facilitates accurate detection and systematic classification of attacks,enabling categorization according to their severity levels within the transportation infrastructure.Through comparative analysis,the research demonstrates that the blockchain-based IDS outperforms traditional approaches in terms of security,resilience,and data integrity.
基金the Natural Sciences and Engineering Re-search Council grant from Canada-NSERC(#RGPIN-2020-04701)-to Arash Habibi Lashkari.
文摘Smart contracts(SCs)are crucial in maintaining trust within blockchain networks.However,existing methods for analyzing SC vulnerabilities often lack accuracy and effectiveness,while approaches based on Deep Neural Networks(DNNs)struggle with detecting complex vulnerabilities due to limited data availability.This paper proposes a novel approach for analyzing SC vulnerabilities.Our method leverages an advanced form of the Genetic Algorithm(GA)and includes the development of a comprehensive benchmark dataset consisting of 36,670 Solidity source code samples.The primary objective of our study is to profile vulnerable SCs effectively.To achieve this goal,we have devised an analyzer called SCsVulLyzer based on GAs,designed explicitly for profiling SCs.Additionally,we have carefully curated a new dataset encompassing a wide range of examples,ensuring the practical validation of our approach.Furthermore,we have established three distinct taxonomies that cover SCs,profiling techniques,and feature extraction.These taxonomies provide a systematic classification and analysis of information,improving the efficiency of our approach.Our methodology underwent rigorous testing through experimentation,and the results demonstrated the superior capabilities of our model in detecting vulnerabilities.Compared to traditional and DNN-based approaches,our approach achieved higher precision,recall,and F1-score,which are widely used metrics for evaluating model performance.Across all these metrics,our model showed exceptional results.The customization and adaptations we implemented within the GA significantly enhanced its effectiveness.Our approach detects SC vulnerabilities more efficiently and facilitates robust exploration.These promising results highlight the potential of GA-based profiling to improve the detection of SC vulnerabilities,contributing to enhanced security in blockchain networks.
基金supported by National Key R&D Program of China(No.2018YFB1403400)the National Natural Science Foundation of China(No.61702544)+1 种基金Natural Science Foundation of Jiangsu Province,China(Nos.BK20160769 and BK20141072)China Postdoctoral Science Foundation(No.2016M603031)。
文摘Integer overflow is a common vulnerability in Ethereum Smart Contracts(ESCs)and often causes huge economic losses.Smart contracts cannot be changed once it is deployed on the blockchain and thus demand further testing.Mutation testing is a fault-based testing method that can effectively improve the sufficiency of a test for smart contracts.However,existing methods cannot efficiently perform mutation testing specifically for integer overflow in ESCs.Therefore,by analyzing integer overflow in ESCs,we propose five special mutation operators to address such vulnerability in terms of detecting sufficiency in ESC testing.An empirical study on 40 open-source ESCs is conducted to evaluate the effectiveness of the proposed mutation operators.Results show that(1)our proposed mutation operators can reproduce all 179 integer overflow vulnerabilities in 40 smart contracts,and the generated mutants have high compilation pass rate and integer overflow vulnerability generation rate;moreover,(2)the generated mutants can find the shortcomings of existing testing methods for integer overflow vulnerability,thereby providing effective support to improve the sufficiency of the test.
基金This study was carried out as part of the BIMcontracts research project funded by the German Federal Ministry for Economic Affairs and Energy(BMWi)within the“Smart Data Economy”technology program(Grant No.01MD19006B).
文摘The development of digital transformation in the construction industry has led to the increasing adoption of smart contracts.As programmable applications to automatically write,verify,and enforce transaction conditions,smart contracts can be used in different areas mainly to improve automation level,information security,and built digital environment enhancement.However,the smart contract is commonly mentioned as a blockchain appendage,while its unique connotation and value in the construction industry have not been recognized.Therefore,this study carries out a systematic review based on 81 research articles published from 2014 to 2021 on smart contract applications in construction to explore and highlight their potentials under domain-specific requirements.Results are analyzed according to research type categorization and domain codification.Eight research domains are identified,where the three most highly explored domains are contract and payment,supply chain and logistics,and information management.The integration of smart contracts with other innovative concepts and advanced technologies is analyzed.The applicability,benefits,and challenges of smart contract applications regarding different research domains are discussed.
基金This research was supported in part by the Japan Society for the Promotion of Science KAKENHI Number 22H03591the MEXT"Innovation Platform for Society 5.0"Program Grant Number JPMXP0518071489.
文摘Ethereum smart contracts are computer programs that are deployed and executed on the Ethereum blockchain to enforce agreements among untrusting parties.Being the most prominent platform that supports smart contracts,Ethereum has been targeted by many attacks and plagued by security incidents.Consequently,many smart contract vulnerabilities have been discovered in the past decade.To detect and prevent such vulnerabilities,different security analysis tools,including static and dynamic analysis tools,have been created,but their performance decreases drastically when codes to be analyzed are constantly being rewritten.In this paper,we propose Eth2Vec,a machine-learning-based static analysis tool that detects smart contract vulnerabilities.Eth2Vec maintains its robustness against code rewrites;i.e.,it can detect vulnerabilities even in rewritten codes.Other machine-learning-based static analysis tools require features,which analysts create manually,as inputs.In contrast,Eth2Vec uses a neural network for language processing to automatically learn the features of vulnerable contracts.In doing so,Eth2Vec can detect vulnerabilities in smart contracts by comparing the similarities between the codes of a target contract and those of the learned contracts.We performed experiments with existing open databases,such as Etherscan,and Eth2Vec was able to outperform a recent model based on support vector machine in terms of well-known metrics,i.e.,precision,recall,and F1-score.
文摘Actual challenges with data in physical infrastructure include:1)the adversity of its velocity based on access and retrieval,thus integration;2)its value as its intrinsic quality;3)its extensive volume with a limited variety in terms of systems;and finally,4)its veracity,as data can be modified to obtain an economical advantage.Physical infrastructure design based on Agile project management and minimum viable products provides benefits against the traditional waterfall method.Agile supports an early return on investment that promotes circular reinvesting while making the product more adaptable to variable social-economical environments.However,Agile also presents inherent issues due to its iterative approach.Furthermore,project information requires an efficient record of the aims,requirements,and governance not only for the investors,owners,or users but also to keep evidence in future health&safety and other statutory compliance.In order to address these issues,this article presents a Validation and Verification(V&V)model for data marketplaces with a hierarchical process;each data V&V stage provides a layer of data abstraction,value-added services,and authenticity based on Artificial Intelligence(AI).In addition,this proposed solution applies Distributed Ledger Technology(DLT)for a decentralised approach where each user keeps and maintains the data within a ledger.The presented model is validated in real data marketplace applications:1)live data for the Newcastle Urban Observatory Smart City Project,where data are collected from sensors embedded within the smart city via APIs;2)static data for University College London(UCL)—Real Estate—PEARL Project,where different project users and stakeholders introduce data into a Project Information Model(PIM).
文摘Blockchains and smart contracts are gaining momentum as enabling technologies for a wide set of applications where data distribution and sharing among decentralized infrastructures is required.In this work,we present a distributed application developed using blockchain technologies that allows individuals and health insurance organizations to come into agreement during the implementation of the healthcare insurance policies in each contract.For this purpose,health standards and semantic web technologies were used for the formal expression of both the insured individual's data and contract terms.Accordingly,a fine-grained data access policy was applied for evaluating contract terms on the basis of relevant data captured in healthcare settings.A prototype was implemented involving the development of several different smart contracts for the Ethereum platform as well as the necessary visual environment for accessing them.The developed system validates various features related to blockchain and smart contract features that are briefly discussed in this work,part of which can be mitigated or resolved through the use of a private permissioned blockchain.The application of well-established techniques for potential malfunctions of external services could also boost the security of the system and prevent it from potential attacks.
文摘From 26 to 27 October 2017, the Centre for Cross-Border Commercial Law in Asia of Singapore Management University (SMU) Law School held an international conference entitled "Future of Law Conference: The Internet of Things, Smart Contracts and Intelligent Machines" in Singapore. The conference brought together the leading thinkers in academia and practice in the field of information technology law to discuss the legal and regulatory implications of recent technological developments. Associate Professor ZHANG Jiyu and Associate Professor DING Xiaodong of the Law and Technology Institute of Renmin Law School were invited to attend the conference.
