Research On Security Threats Of Blockchain Distributed Computing Environment

Blockchain technology has become a research hotspot in academia and industry in recent years.The application scenarios of blockchain have also been extended to finance,healthcare,government,culture,art,Internet of Things,software engineering,and other fields.Therefore,blockchain is often referred to as the next-generation Internet.However,there are still a series of problems in the blockchain,such as those related to consensus algorithm mechanism,system performance and operational efficiency,storage methods,the contradiction between anonymity and trustworthiness,and regulatory issues,and se-curity threats are always present in particular.Security incidents against blockchain sys-tems,contracts and applications are currently occurring frequently,causing significant economic losses to individuals,businesses and even countries.Therefore,research on the security threats to the blockchain distributed computing environment has important social and practical implications.This dissertation carries out research on the security threats and countermeasures of blockchain distributed computing environment,and focused on smart contract security,account and private key security,data and privacy security,and management issues in the blockchain.Research on data analysis for blockchain decentralized applications,research on data analysis and detection approach for smart contracts,research on identity identifi-cation approach for blockchain,and research on data privacy protection and traceability approach for blockchain are conducted.The approaches proposed in this dissertation mit-igate contract security threats,account security threats,and data security threats in the blockchain distributed computing environment,and also provides necessary theoretical and technical support for the future development and application of blockchain technol-ogy.This dissertation is organized into the following four parts.First,in-depth research and analysis of DApp data and its phenomena is conducted to investigate the current status of applications in the blockchain distributed computing envi-ronment,so as to discover existing security threats in the blockchain.Data analysis of de-centralized blockchain applications is performed for this purpose.Specifically,a relatively complete DApp data set is first built,including a total of 2,565 DApps of 21 categories and related data from July 30,2015 to May 4,2020(about 10 million block height).Next,an in-depth analysis of DApp distribution is conducted from four perspectives: number,time,category,and smart contract.The research results can provide DApp developers,users,and researchers with reference for the security and performance of blockchain and smart contracts.This part provides research requirements and data support for the follow-up research of this dissertation as well.Second,in order to mitigate smart contract security threats,this dissertation delves into the data behaviors in smart contracts and their intrinsic connections,and proposes a transaction-based classification and detection approach for Ethereum smart contracts,thus achieving the identification and detection of malicious contracts and vulnerable contracts.This is done by first collecting more than 10,000 smart contracts from Ethereum and fo-cusing on studying the behaviors of smart contracts and user-generated data.Through manual analysis,four behavior patterns are identified from the transactions that can be used to distinguish between different categories of contracts.Next,14 basic features of smart contracts are constructed based on these four behavioral patterns.This dissertation also proposes a data slicing algorithm for constructing an experimental dataset,slicing the collected smart contracts' transactions data,and finally using the LSTM model and its im-proved GRU model to train and test the dataset.Extensive experimental results show that this approach can distinguish between different categories of contracts and can be applied to anomaly detection and malicious contract identification with satisfactory precision,re-call,and F1 values.Third,a continuous identification approach based on mouse bio-behavioral features and deep learning is proposed to accurately and efficiently perform continuous identifi-cation of current blockchain users,and therefore to mitigate the account security threats faced by the blockchain distributed computing environment.It provides better accuracy and shorter verification time compared with existing methods.The specific method is de-scribed as follows: First,an open-source dataset covering user mouse behaviors is used in this dissertation,and maps mouse behavior features to an image dataset.A 7-layer CNN network is constructed on this basis for training and testing.The experimental results show that the approach is able to complete the user authentication task about every 7 seconds with the FAR and FRR of 2.94% and 2.28%,respectively.The approach is then applied to the private key protection of blockchain wallets,and is able to protect the private key security of users in blockchain wallets in real-time.Once a wallet detects a mismatch of user identity,it can immediately quit or block the transaction,thus effectively alleviate the risk of user private key leakage.Based on the existing research,the CNN network has been optimized,and the experimental results show that the method is able to authenticate every 1 second with an average FAR and FRR of 6.92% and 6.18%,respectively.Fourth,this dissertation also covers research on data privacy protection and trace-ability methods in the blockchain.It therefore helps alleviates the contradiction between protecting the privacy of data in the blockchain and ensuring traceability of data and user behavior in the consortium chain and private chain.This dissertation proposes a dual blockchain system that can balance the integrity of traceability data with privacy pro-tection of sensitive information,thus effectively alleviating the privacy,traceability,and management issues faced by the current blockchain.In this dissertation,the system is also applied to a real security threat scenario(insider threat).An insider threat model is built,to analyze how the system tracks the attacker and obtains evidence after an insider threat occurs.Finally,the performance and effectiveness of the blockchain system are evaluated through simulation experiments.