| Blockchain,as an epoch-making computing paradigm,has attracted extensive attention from the academia and industry due to its decentralization,immutability,and traceability.However,the complex underlying technical architecture of the blockchain makes the existing blockchain applications face many security threats,and the emerging blockchain security incidents have seriously hindered the sound development of the blockchain ecosystem.Therefore,blockchain developers are trend to adopt a more secure consensus mechanism,such as Proof-of-Authority(Po A),or employ an attack detection defense system to improve the security and soundness of the blockchain system.Nevertheless,there are still some security risks associated with these solutions.On the one hand,although PoA blockchain can effectively circumvent most of the security problems existing in traditional blockchains,there are still security threats brought by cloning attacks,which provides a feasible way for attackers to achieve double-spending attacks.Meanwhile,the underlying Po A consensus algorithms,Aura and Clique,which makes cloning attacks exist in two different ways,and they have not been solved effectively.On the other hand,the rapid popularization of blockchain technology has triggered an urgent need for blockchain content supervision and attack detection.However,most of the current blockchain attack detection solutions focus on the security threats existing in a single layer of the blockchain,and cannot achieve cross-layer attack correlation analysis,detection,and defense.In addition,the immutability and anonymity of the blockchain make it difficult to supervise data content,track and trace the source,and collect evidence,which seriously affects the sound development of the blockchain ecosystem.In order to solve the security threats existing in the blockchain system and meet the regulatory needs,the main contributions are summarized as follows:(1)We analyze the association of existing blockchain attacks and summarize everal blockchain attack clusters.Furthermore,to solve the cloning attacks in the double spending attack cluster,we propose a practical heartbeat-based defense scheme against cloning attacks in Po A blockchain.Our scheme uses the heartbeat mechanism to detect whether there is a network partition,which can effectively detect cloning attacks without considering the specific underlying Po A consensus algorithm of the blockchain system.We designed an enhanced hierarchical node selection algorithm to reduce the costs and improve the detection efficiency.Finally,the detection precision rate model and effectiveness of our scheme are theoretically analyzed,and a Po A blockchain prototype system is developed to test the performance of our scheme.The experiments results are basically consistent with our theoretical analysis,which prove the efficiency and practicability of our scheme.(2)In order to apply the research based on the blockchain attack cluster into practice,provide comprehensive and multi-level security protection for the blockchain,we designed and developed a ”double-chain parallel” blockchain security supervision system.The system implements a ”one-to-many” supervision mechanism for other blockchains through a supervision chain,and uses smart contract to lower the difficulty of blockchain attack traceability and on-chain information supervision.The system provides detection of various blockchain attacks and security vulnerabilities under three types of blockchain system security threats:malicious information attacks,network penetration attacks,and smart contract vulnerabilities,and has a complete security event evidence and traceability mechanism.We tested and analysis the system,showed that the system can effectively improve the security of the blockchain system. |
PDF Full Text Request