Search Icon
Register

HOUSTON: Real-Time Anomaly Detection of Attacks against Ethereum DeFi Protocols

Dongyu Meng (UC Santa Barbara), Fabio Gritti (UC Santa Barbara), Robert McLaughlin (UC Santa Barbara), Nicola Ruaro (UC Santa Barbara), Ilya Grishchenko (University of Toronto), Christopher Kruegel (UC Santa Barbara), Giovanni Vigna (UC Santa Barbara)

As decentralized finance (DeFi) continues to innovate the financial system, the security of its building blocks remains a critical concern to its large-scale adoption. In DeFi, the stakes are exceptionally high, marked by recurring instances of financial losses totaling millions of dollars every week. All major blockchain-based financial applications (i.e., DeFi protocols) are built from – and interact with – programs known as smart contracts. While many security tools have been developed to identify specific classes of vulnerabilities (e.g., reentrancy) in individual smart contracts, considerably less effort has been invested in automatically identifying – in real time – attacks against DeFi protocols.

In this paper, we propose a novel approach for real-time, generic, explainable identification of attacks against DeFi protocols. Specifically, we identify potentially risky transactions without relying on any known vulnerability patterns. Our approach, implemented in HOUSTON, first automatically identifies the set of smart contracts that together implement a DeFi application, and then, while monitoring new relevant transactions, builds and updates custom anomaly-detection models. Our models include information about typical execution paths (control flows) as well as information about how the protocol processes data, captured as likely invariants between the contract functions’ arguments and storage variables. HOUSTON offers explainable warnings that can be used for attack triaging.

We evaluated HOUSTON on a large corpus of over 22 million transactions, covering 115 DeFi incidents. In our experiments, HOUSTON achieved a detection true-positive rate of 94.8% while maintaining a low false-positive rate. When compared with state-of-the-art anomaly detection systems, HOUSTON achieves a higher number of true positives and lower false-positive rates. Finally, we deployed HOUSTON in a real-world setting, where it demonstrated real-time monitoring capabilities on commodity hardware while sustaining high accuracy

Paper

View More Papers

Characterizing the Implementation of Censorship Policies in Chinese LLM...

Anna Ablove (University of Michigan), Shreyas Chandrashekaran (University of Michigan), Xiao Qiang (University of California at Berkeley), Roya Ensafi (University of Michigan)

Read More

FLIPPYRAM: A Large-Scale Study of Rowhammer Prevalence

Martin Heckel (Hof University of Applied Sciences), Nima Sayadi (Hof University of Applied Sciences), Jonas Juffinger (Unaffiliated), Carina Fiedler (Graz University of Technology), Daniel Gruss (Graz University of Technology), Florian Adamsky (Hof University of Applied Sciences)

Read More

Insights from GitHub Community on the Matter Standard: Developer...

Muhammad Hassan (University of Illinois Urbana Champaign), Carl Gunter (University of Illinois Urbana Champaign), Susan Landau (Tufts University), Masooda Bashir (University of Illinois Urbana Champaign)

Read More