TY - GEN
T1 - Evil under the sun
T2 - 30th USENIX Security Symposium, USENIX Security 2021
AU - Su, Liya
AU - Shen, Xinyue
AU - Du, Xiangyu
AU - Liao, Xiaojing
AU - Wang, Xiao Feng
AU - Xing, Luyi
AU - Liu, Baoxu
N1 - We wish to acknowledge the efforts of the anonymous reviewers for their insightful comments and suggestions to improve the quality of our manuscript. We also thank Boxify to share invaluable Ethereum transaction datasets with us. This work was supported in part by the NSF CNS-1618493, 1801432, 1838083 and 1850725. CAS authors was supported in part by the Key Laboratory of Network Assessment Technology of Chinese Academy of Sciences and Beijing Key Laboratory of Network Security and Protection Technology. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the view of our funders.
PY - 2021
Y1 - 2021
N2 - The popularity of Ethereum decentralized applications (Dapps) also brings in new security risks: it has been reported that these Dapps have been under various kinds of attacks from cybercriminals to gain profit. To the best of our knowledge, little has been done so far to understand this new cybercrime, in terms of its scope, criminal footprints and attack operational intents, not to mention any efforts to investigate these attack incidents automatically on a large scale. In this paper, we performed the first measurement study on real-world Dapp attack instances to recover critical threat intelligence (e.g., kill chain and attack patterns). Utilizing such threat intelligence, we proposed the first technique DEFIER to automatically investigate attack incidents on a large scale. Running DEFIER on 2.3 million transactions from 104 Ethereum on-chain Dapps, we were able to identify 476,342 exploit transactions on 85 target Dapps, which related to 75 0-day victim Dapps and 17K previously-unknown attacker EOAs. To the best of our knowledge, it is the largest Ethereum on-chain Dapp attack incidents dataset ever reported.
AB - The popularity of Ethereum decentralized applications (Dapps) also brings in new security risks: it has been reported that these Dapps have been under various kinds of attacks from cybercriminals to gain profit. To the best of our knowledge, little has been done so far to understand this new cybercrime, in terms of its scope, criminal footprints and attack operational intents, not to mention any efforts to investigate these attack incidents automatically on a large scale. In this paper, we performed the first measurement study on real-world Dapp attack instances to recover critical threat intelligence (e.g., kill chain and attack patterns). Utilizing such threat intelligence, we proposed the first technique DEFIER to automatically investigate attack incidents on a large scale. Running DEFIER on 2.3 million transactions from 104 Ethereum on-chain Dapps, we were able to identify 476,342 exploit transactions on 85 target Dapps, which related to 75 0-day victim Dapps and 17K previously-unknown attacker EOAs. To the best of our knowledge, it is the largest Ethereum on-chain Dapp attack incidents dataset ever reported.
UR - https://www.scopus.com/pages/publications/85106148768
UR - https://www.scopus.com/pages/publications/85106148768#tab=citedBy
M3 - Conference contribution
AN - SCOPUS:85106148768
T3 - Proceedings of the 30th USENIX Security Symposium
SP - 1307
EP - 1324
BT - Proceedings of the 30th USENIX Security Symposium
PB - USENIX Association
Y2 - 11 August 2021 through 13 August 2021
ER -