Recently, cybersecurity becomes more and more important due to the rapid development of Internet. However, existing methods are in reality highly sensitive to attacks and are far more vulnerable than expected, as they are lack of trustable measures. In this paper, to address the aforementioned problems, we propose a blockchain-based cybersecurity framework, termed as Sapiens Chain, which can protect the privacy of the anonymous users and ensure that the transactions are immutable by providing decentralized and trustable services. Integrating semantic analysis, symbolic execution, and routing learning methods into intelligent auditing, this framework can achieve good accuracy for detecting hidden vulnerabilities. In addition, a revenue incentive mechanism, which aims to donate participants, is built. The practical results demonstrate the effectiveness of the proposed framework.
In recent years, the applications of Internet of Things, Internet of Vehicles, and Mobile Payment have been more and more popular and deeply affect human life [1] [2]. However, these applications face more serious security risks than before [3]. For example, more than 70 countries and regions were attacked by the newly produced computer virus WannaCrypt0r 2.0 and suffered high damages [4]. Uber lost large scales of sensitive information, which may be related to 57 million users and 7 million drivers [5]. Besides the traditional security problems, new techniques, such as blockchain, may become exposed to security threats. For example, the famous incident DAO occurred in Ethereum and the attackers stole about 3.5 million Ether, which was worth about 60 million dollars at that time, owing to a smart contract vulnerability [5] [6]. The high yield of successful attacks drives the "prosperity" of the black industry.
To deal with the aforementioned cybersecurity problems, many studies are proposed [7][8][9][10]. Not surprisingly, existing methods mostly focus on centralized models and have the following drawbacks. First, it’s difficult to manage data storage and security dynamically. Traditional data storage and security management are always built in the trust and centralized environment, while attacks on the central management nodes may devastate private data and the networks [11]. Second, it’s hard to cope with the high-intensity attacks timely with limited resources. In addition, the participants require a security interactive platform, which can protect their privacy and avoid information leakage. Third, the white hat hackers can only obtain little revenue from the security vendors, such that they have low interests in helping vendors fix their vulnerabilities.
To tackle these challenges, we design a blockchain-based framework, named by Sapiens Chain, that protects all participants by using a decentralized, non-monopoly and non-intermediate model. We make the following contributions in this work.
First, we design a smart contract for all participants, where the transactions are written into blocks and almost impossible to be modified. By defining the incentive mechanism on smart contracts, the Proof-Of-Cnocept (POC) providers can be awarded if the task result is adopted by the framework. The task details and identities of participants will be disclosed, such that the privacy of participants is guaranteed.
Second, we introduce two kinds of nodes, including the ordinary nodes and the fog nodes. Ordinary nodes perform task assignment, vulnerability detection, POC construction, and POC auditing, while the fog nodes perform node scheduling and storage for POCs and vulnerabilities. For reducing the computational resource overhead as much as possible, we propose a novel node scheduling method, which combines the proof of work with the distances between nodes.
Third, we propose a novel model that can audit websites, applications and smart contracts automatically. For websites, the model can automatically identify network assets and vulnerabilities through knowledge graphs and association rules. For applications and smart contracts, the model first extracts basic semantic information through dependency graphs, and then discover vulnerabilities within the codes by performing analysis on the semantic information.
The rest of the paper is organized as follows. We review the related work in Section 2 and propose the framework in Section 3. Section 4 introduces roles, techniques and operational modes of the framework. We introduce the typical application in Section 5 and conclude the paper in Section 6.
In this section, we review some related work, including the existing blockchain-based cybersecurity protection methods and systems.
Many novel cybersecurity techniques have been used in website security [12] [13], application security [14] and blockchain security [15]. For example, Nikolic et al. [16] present MAIAN, the first tool for precisely specifying and reasoning about trace properties, which employs interprocedural symbolic analysis and concrete validator for exhibiting exploits. Tsankoc et al. [8] present Securify, a security analyzer for Ethereum smart contracts that is scalable, and able to prove contract behaviors as safe/unsafe with respect to a given property.
Recently, blockchain technology has made significant contributions to cybersecurity due to its immutability, traceability, decentralization, and transparency [12][13][14][15][16][17]. Zyskind et al. [18] propose to protect application data using blockchain, which separates data from permissions, records permission settings and data access in blockchain, enabling full control of data access permissions and transparent access procedures. Azaria et al. [19] propose a medical data management model based on blockchain and smart contract, which records data permissions and operations in the blockchain, and is executed by smart contracts to implement da
This content is AI-processed based on open access ArXiv data.
