网络与信息安全学报 (Apr 2020)
ContractGuard:defend Ethereum smart contract with embedded intrusion detection
Abstract
Ethereum smart contracts are programs that can be collectively executed by a network of mutually untrusted nodes.Smart contracts handle and transfer assets of values,offering strong incentives for malicious attacks.Intrusion attacks are a popular type of malicious attacks.ContractGuard,the first intrusion detection system (IDS) was proposed to defend Ethereum smart contracts against such attacks.Like IDSs for conventional programs,ContractGuard detects intrusion attempts as abnormal control flow.However,existing IDS techniques or tools are inapplicable to Ethereum smart contracts due to Ethereum’s decentralized nature and its highly restrictive execution environment.To address these issues,ContractGuard was designed by embedding it in the contracts.At runtime,ContractGuard protects the smart contract by monitoring the context-tagged acyclic path of the smart contract.As ContractGuard involves deployment overhead and deployment overhead.It was optimized under the Ethereum Gas-oriented performance model to reduce the overheads.The experimental results show that this work can effectively detect 83% of vulnerabilities,ContractGuard only adds to 36.14% of the deployment overhead and 28.27% of the runtime overhead.
