【Author】
Hara, Kazuki; Takahashi, Takeshi; Ishimaki, Motoya; Omote, Kazumasa
【Source】2021 21ST INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY COMPANION (QRS-C 2021)
【Abstract】Smart contracts based on the Ethereum blockchain network have attracted attention from finance, media, and academic domains. As a result, smart contracts have been targeted by cyber attackers for the purpose of cryptocurrency theft. The smart contract honeypot is a commonly used attack method. An attacker who makes a honeypot lures other weak attackers who target vulnerable contracts by seeming to have exploitable flaws. The honeypot attacker then steals cryptocurrency from the weak attackers using a hidden trap. In this paper, we propose a machine-learning model that can detect such honeypots with high performance and prevent theft before it occurs. We use a term-frequency inverse document-frequency method to extract feature words and word2vec to learn distributed representations for the Solidity bytecode. As a result, we achieved higher PR-AUC scores in honeypot detection compared with previous efforts. Based on this, we demonstrate that the smart contract code contains useful information for honeypot detection. Furthermore, our proposed method works without using features that become available after theft. Hence, the method enables us to predict incidents and reduce the number of honeypot victims.
【Keywords】Security Machine learning Data analysis Computer security
评论