Please use this identifier to cite or link to this item:
Title: EtherClue : digital investigation of attacks on Ethereum smart contracts
Authors: Aquilina, Simon Joseph
Casino, Fran
Vella, Mark Joseph
Ellul, Joshua
Patsakis, Constantinos
Keywords: Blockchains (Databases)
Computer crimes
Malware (Computer software)
Computer security
Criminal investigation -- Technological innovations
Issue Date: 2021
Publisher: Elsevier Ltd.
Citation: Aquilina, S. J., Casino, F., Vella, M., Ellul, J., & Patsakis, C. (2021). EtherClue: Digital investigation of attacks on Ethereum smart contracts. Blockchain: Research and Applications, 2(4), 100028
Abstract: Programming errors in Ethereum smart contracts can result in catastrophic financial losses from stolen cryptocurrency. While vulnerability detectors can prevent vulnerable contracts from being deployed, this does not mean that such contracts will not be deployed. Once a vulnerable contract is instantiated on the blockchain and becomes the target of attacks, the identification of exploit transactions becomes indispensable in assessing whether it has been actually exploited and identifying which malicious or subverted accounts were involved. In this work, we study the problem of post-factum investigation of Ethereum attacks using Indicators of Compromise (IoC) specially crafted for use in the blockchain. IoC definitions need to capture the side-effects of successful exploitation in the context of the Ethereum blockchain. Therefore, we define a model for smart contract execution, comprising multiple abstraction levels that mirror the multiple views of code execution on a blockchain. Subsequently, we compare IoCs defined across the different levels in terms of their effectiveness and practicality through EtherClue, a prototype tool for investigating Ethereum security incidents. Our results illustrate that coarse-grained IoCs defined over blocks of transactions can detect exploit transactions with less computation. However, they are contract-specific and suffer from false negatives. On the other hand, fine-grained IoCs defined over virtual machine instructions can avoid these pitfalls at the expense of increased computation, which is nevertheless applicable for practical use.
Appears in Collections:Scholarly Works - FacICTCS

Files in This Item:
File Description SizeFormat 
EtherClue__Digital_investigation_of_attacks_on_Ethereum_smart_contracts(2021).pdf2.45 MBAdobe PDFView/Open

Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.