Quantitative Runtime Monitoring of Ethereum Transaction Attacks
Track: Security and privacy
Keywords: Ethereum, Runtime Monitoring, Ethereum Attack Detection
Abstract: The rapid growth of decentralized applications, while revolutionizing financial transactions, has created an attractive target for malicious attacks. Existing approaches to detecting attacks often rely on predefined rules or simplistic and overly-specialized models, which lack the flexibility to handle the wide spectrum of diverse and dynamically changing attack types.
To address this challenge, we present a general, extensible framework, MoE (Monitoring Ethereum), that leverages runtime verification to detect a wide range of attacks on Ethereum. MoE features an expressive attack modeling language, based on Metric First-order Temporal Logic, that can formalize a wide range of attacks. We integrate a novel semantic lifting approach that extracts vital system behaviors for various attacks utilizing the monitoring tool MonPoly. We further equip MoE with quantitative capabilities to evaluate the similarity between a transaction and an attack formula to identify more attacks, including near-miss attacks.
We carry out extensive experiments with MoE on a labeled benchmark and a large-scale dataset containing over one million transactions. On the labeled benchmark, MoE successfully detects 92.0% attacks and achieves 45.0% more recall rate than another state-of-the-art tool. MoE finds 3,319 attacks with 95.4% precision on the large dataset. Furthermore, MoE uses quantitative analysis to uncover 8% more attacks. Notably, the average time for monitoring a transaction is less than 23 ms, positioning MoE as a promising practical solution for real-time attack detection for Ethereum.
Submission Number: 1975
Loading