WEKO3
アイテム
EtherWatch: A Framework for Detecting Suspicious Ethereum Accounts and Their Activities
https://ipsj.ixsq.nii.ac.jp/records/239373
https://ipsj.ixsq.nii.ac.jp/records/2393739cceb2af-9836-4b39-87ec-b55c80f4ae28
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6509019.pdf (1.1 MB)
2026年9月15日からダウンロード可能です。
|
Copyright (c) 2024 by the Information Processing Society of Japan
|
|
| 非会員:¥0, IPSJ:学会員:¥0, 論文誌:会員:¥0, DLIB:会員:¥0 | ||
| Item type | Journal(1) | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2024-09-15 | |||||||||||||||
| タイトル | ||||||||||||||||
| タイトル | EtherWatch: A Framework for Detecting Suspicious Ethereum Accounts and Their Activities | |||||||||||||||
| タイトル | ||||||||||||||||
| 言語 | en | |||||||||||||||
| タイトル | EtherWatch: A Framework for Detecting Suspicious Ethereum Accounts and Their Activities | |||||||||||||||
| 言語 | ||||||||||||||||
| 言語 | eng | |||||||||||||||
| キーワード | ||||||||||||||||
| 主題Scheme | Other | |||||||||||||||
| 主題 | [特集:サプライチェーンを安全にするサイバーセキュリティ技術] cyberattacks, blockchain, ethereum, honeypot, JSON-RPC, proxy | |||||||||||||||
| 資源タイプ | ||||||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||||
| 資源タイプ | journal article | |||||||||||||||
| 著者所属 | ||||||||||||||||
| Yokohama National University | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Yokohama National University | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| University of Tsukuba | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Yokohama National University | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Yokohama National University | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Yokohama National University | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Yokohama National University | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| University of Tsukuba | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Yokohama National University | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Yokohama National University | ||||||||||||||||
| 著者名 |
Takayuki, Sasaki
× Takayuki, Sasaki
× Jia, Wang
× Kazumasa, Omote
× Katsunari, Yoshioka
× Tsutomu, Matsumoto
|
|||||||||||||||
| 著者名(英) |
Takayuki, Sasaki
× Takayuki, Sasaki
× Jia, Wang
× Kazumasa, Omote
× Katsunari, Yoshioka
× Tsutomu, Matsumoto
|
|||||||||||||||
| 論文抄録 | ||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||
| 内容記述 | In recent years, Ethereum, which is a leading application for realizing blockchain services, has received much attention for its usability and functionality. Ethereum executes smart contracts and arbitrary programmable calculations, in addition to cryptocurrency trading. However, cyberattacks target misconfigured Ethereum clients with application programming interface (API) enabled, specifically JSON-RPC. Herein, we propose EtherWatch, a framework to detect and analyze malicious and/or suspicious Ethereum accounts using three data sources (a honeypot, an internet-wide scanner, and a blockchain explorer). The honeypot, named Etherpot, leverages a proxy server placed between a real Ethereum client and the internet. It modifies client responses to attract attackers, identifies malicious accounts, and analyzes their behaviors. Using scan results from Shodan, we also detect suspicious Ethereum accounts registered on multiple nodes. Finally, we utilize Etherscan, a well-known blockchain explorer, to track and analyze the activities of the detected accounts. During six weeks of observations, we discovered 538 hosts attempting to call JSON-RPC of our honeypots using 41 types of methods, including a type of unreported attack in the wild. Specifically, we observed account hijacking, mining, and smart contract attacks. We detected 16 malicious accounts using the honeypots and 64 suspicious accounts from the Shodan scan results, with five overlapping accounts. Finally, from Etherscan, we collected records of activities related to the detected accounts, including transactions of 21.50 ETH and mining of 22.61 ETH (equivalent to 39,494 US$ and 41,533 US$, respectively, as of June 9, 2023). ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.32(2024) (online) DOI http://dx.doi.org/10.2197/ipsjjip.32.789 ------------------------------ |
|||||||||||||||
| 論文抄録(英) | ||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||
| 内容記述 | In recent years, Ethereum, which is a leading application for realizing blockchain services, has received much attention for its usability and functionality. Ethereum executes smart contracts and arbitrary programmable calculations, in addition to cryptocurrency trading. However, cyberattacks target misconfigured Ethereum clients with application programming interface (API) enabled, specifically JSON-RPC. Herein, we propose EtherWatch, a framework to detect and analyze malicious and/or suspicious Ethereum accounts using three data sources (a honeypot, an internet-wide scanner, and a blockchain explorer). The honeypot, named Etherpot, leverages a proxy server placed between a real Ethereum client and the internet. It modifies client responses to attract attackers, identifies malicious accounts, and analyzes their behaviors. Using scan results from Shodan, we also detect suspicious Ethereum accounts registered on multiple nodes. Finally, we utilize Etherscan, a well-known blockchain explorer, to track and analyze the activities of the detected accounts. During six weeks of observations, we discovered 538 hosts attempting to call JSON-RPC of our honeypots using 41 types of methods, including a type of unreported attack in the wild. Specifically, we observed account hijacking, mining, and smart contract attacks. We detected 16 malicious accounts using the honeypots and 64 suspicious accounts from the Shodan scan results, with five overlapping accounts. Finally, from Etherscan, we collected records of activities related to the detected accounts, including transactions of 21.50 ETH and mining of 22.61 ETH (equivalent to 39,494 US$ and 41,533 US$, respectively, as of June 9, 2023). ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.32(2024) (online) DOI http://dx.doi.org/10.2197/ipsjjip.32.789 ------------------------------ |
|||||||||||||||
| 書誌レコードID | ||||||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||||||
| 収録物識別子 | AN00116647 | |||||||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 65, 号 9, 発行日 2024-09-15 |
|||||||||||||||
| ISSN | ||||||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||||||
| 公開者 | ||||||||||||||||
| 言語 | ja | |||||||||||||||
| 出版者 | 情報処理学会 | |||||||||||||||
