CN115601034A - Attack detection method for decentralized finance - Google Patents

Attack detection method for decentralized finance Download PDF

Info

Publication number
CN115601034A
CN115601034A CN202211207488.6A CN202211207488A CN115601034A CN 115601034 A CN115601034 A CN 115601034A CN 202211207488 A CN202211207488 A CN 202211207488A CN 115601034 A CN115601034 A CN 115601034A
Authority
CN
China
Prior art keywords
model
local
global
features
fusion
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211207488.6A
Other languages
Chinese (zh)
Other versions
CN115601034B (en
Inventor
王伟
王斌
原笑含
王滨
马洪亮
段莉
刘吉强
金�一
李浥东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jiaotong University
Original Assignee
Beijing Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jiaotong University filed Critical Beijing Jiaotong University
Priority to CN202211207488.6A priority Critical patent/CN115601034B/en
Publication of CN115601034A publication Critical patent/CN115601034A/en
Application granted granted Critical
Publication of CN115601034B publication Critical patent/CN115601034B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/049Temporal neural networks, e.g. delay elements, oscillating neurons or pulsed inputs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Computational Linguistics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • General Business, Economics & Management (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides an attack detection method for decentralized finance. The method comprises the following steps: extracting global information and local information in a transaction event facing decentralized finance, extracting global features and local features according to the global information and the local information, and storing parameters of a trained global model and local model; and fusing the global features and the local features through a fusion model, extracting high-level semantic features of different levels, and storing parameters of the trained fusion model. And carrying out attack detection on the transaction event to be detected through the trained global model, local model and fusion model, and judging that the transaction event data to be detected is attack or normal transaction data. The method provides theoretical basis and practical method for automatic attack detection in decentralized finance, provides safety guarantee for the current decentralized finance, and promotes the ecological stability and sustainable development of the decentralized finance.

Description

Attack detection method for decentralized finance
Technical Field
The invention relates to the technical field of network attack detection, in particular to an attack detection method for decentralized finance.
Background
With the rapid development of decentralized financial applications in public chain ecology of etherhouses and the like, external attacks aiming at the decentralized financial applications also appear, including sandwich attacks, race-robbing attacks, arbitrage, lightning credit attacks and the like, and the economic safety of the decentralized financial ecology is seriously damaged. Attackers make use of code bugs existing in decentralized finance and logic bugs generated in the process of combining various protocols to attack, and thus obtain huge profits. Therefore, it is necessary to design an effective attack detection method for decentralized finance, to enhance the security of decentralized finance ecology and to ensure the healthy and stable development of decentralized finance ecology.
At present, the attack detection method in the prior art mainly detects code vulnerabilities existing in the intelligent contract, such as reentry vulnerabilities, timestamp dependencies, short address tools, and the like.
The above-mentioned drawbacks of the attack detection method in the prior art include: in a decentralized financial ecology, an attacker utilizes logic vulnerabilities generated in the process of combining different protocols, and the method cannot be used for detecting the logic vulnerabilities of a transaction layer, because the attacks are often reflected on semantic information of the transaction layer and are not on a code level. The method cannot process complex internal transactions, external transactions may contain a large number of internal transactions, and data forms presented by the internal transactions are unstructured and cannot be directly input into a model for attack detection.
Disclosure of Invention
The embodiment of the invention provides an attack detection method for decentralized finance, which aims to effectively provide security guarantee for the current decentralized finance.
In order to achieve the purpose, the invention adopts the following technical scheme.
An attack detection method for decentralized finance is used for constructing a global model, a local model and a fusion model, and the method specifically comprises the following steps:
extracting global information and local information in a transaction event facing decentralized finance, extracting global features according to the global information, and extracting local features according to the local information;
inputting the global features into a global model, training the global model, inputting the local features into a local model, training the local model, and storing the parameters of the trained global model and the trained local model;
fusing the global features and the local features through a fusion model, extracting high-level semantic features of different levels, training the fusion model, and storing parameters of the trained fusion model;
the global feature of the transaction event to be detected is extracted through the trained global model, the local feature of the transaction event to be detected is extracted through the trained local model, the global feature and the local feature of the transaction event to be detected are input into the trained fusion model, and the trained fusion model outputs the attack detection result of the transaction event to be detected.
Preferably, the extracting global information and local information in the transaction event facing decentralized finance comprises:
global information G, local information, sent events E, associated accounts, account balances and transaction token amounts in transaction events are obtained by utilizing transaction hash oriented to decentralized finance, the global information G comprises a block number of a transaction place, a timestamp corresponding to a transaction and spent fuel fees, the global information is subjected to standardization processing, and the local information comprises names of transaction platforms and function parameter names of different contracts.
Preferably, the global feature G (G) 1 ,g 2 ,…,g 37 ) Contains 37 dimensions, mostly statistical features including the number of transfer function calls, the number of liquidity function calls retrieved, the number of collateralization function calls, the number of tokens involved, and the maximum amount of transactions in the transaction.
Preferably, the extracting the local feature according to the local information includes:
mapping names of different transaction platforms, function parameter names of different contracts and input parameter values in local information to corresponding constants, converting the constant values into uniform symbolic expressions, converting the local information which is still unstructured after standardization into vectorized forms with fixed lengths by using Word2Vec, and obtaining local features which comprise high-level semantic features.
Preferably, the inputting the global features into the global model, training the global model, inputting the local information into the local model, training the local model, and storing the parameters of the trained global model and the trained local model includes:
the global model is composed of a self-encoder, the local model is composed of a long-short term memory (LSTM) network, global features are input into the global model, local features are input into the local model, the global model and the local model are respectively trained by normal data, and parameters of the global model and the local model are stored after the global model and the local model are converged.
Preferably, the fusing the global features and the local features by the fusion model, extracting high-level semantic features of different levels, training the fusion model, and storing parameters of the trained fusion model, includes:
the fusion model comprises a fusion layer, a depth LSTM layer and a full connection layer, the fusion layer fuses the information of different levels in the global feature and the local feature, and the output of each layer of the LSTM at the time t is
Figure BDA0003874629650000031
Wherein
Figure BDA0003874629650000032
In order to output the output gate, the output gate is provided with a gate,
Figure BDA0003874629650000033
the state of the LSTM neurons is calculated by the following formula:
Figure BDA0003874629650000034
Figure BDA0003874629650000035
Figure BDA0003874629650000036
Figure BDA0003874629650000037
Figure BDA0003874629650000038
wherein, each dimension in the vector is multiplied correspondingly,
Figure BDA0003874629650000039
representing the operation of the concatenation of the vectors,
Figure BDA0003874629650000041
and
Figure BDA0003874629650000042
for the purpose of the corresponding activation function,
Figure BDA0003874629650000043
Figure BDA0003874629650000044
is a weight matrix for the LSTM,
Figure BDA0003874629650000045
represents the output of the l-1 (l > 1) th layer,
Figure BDA0003874629650000046
representing the output value of the LSTM at the last moment of t-1, b is a bias matrix, representing the transaction event information after vectorization when l =1, and acquiring a fusion feature f through a feature fusion layer f The fusion feature f f For different levels of high-level semantic features:
Figure BDA0003874629650000047
wherein, f f For fusion features, M g Then the global model, M l Is a local model;
and training the fusion model by using the reconstruction loss until the fusion model is converged, and storing the parameters of the trained fusion model.
Preferably, the extracting the global feature of the transaction event to be detected through the trained global model, extracting the local feature of the transaction event to be detected through the trained local model, inputting the global feature and the local feature of the transaction event to be detected into the trained fusion model, and outputting the attack detection result of the transaction event to be detected through the trained fusion model includes:
inputting transaction event data to be detected into a global model and a local model respectively as input samples, outputting global features and local features respectively by the global model and the local model, inputting the global features and the local features into a fusion model, and taking high-level semantic features of different levels output by the fusion model as output samples;
and calculating the reconstruction loss between the input sample and the output sample, if the reconstruction loss is greater than a given threshold value, judging the transaction event data to be detected as an attack, otherwise, judging the transaction event data to be detected as normal transaction data.
According to the technical scheme provided by the embodiment of the invention, the method provides theoretical basis and practical method for automatic attack detection in decentralized finance, provides safety guarantee for the current decentralized finance, and promotes the ecological stability and sustainable development of the decentralized finance.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart illustrating a decentralized finance-oriented attack detection method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a working principle of a fusion model according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are exemplary only for explaining the present invention and are not construed as limiting the present invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or coupled. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
For the convenience of understanding the embodiments of the present invention, the following description will be further explained by taking several specific embodiments as examples in conjunction with the drawings, and the embodiments are not to be construed as limiting the embodiments of the present invention.
The embodiment of the invention designs an attack detection method for decentralized finance, which enhances the safety of decentralized finance ecology so as to ensure the healthy and stable development of decentralized finance ecology. The method designs an attack method for decentralized finance, automatically processes unstructured data of events generated by transactions based on a deep learning method, and constructs a fusion model for extracting semantic information of different levels contained in the transaction data, thereby realizing decentralized finance attack detection.
The model of the attack detection method for decentralized finance, which is provided by the embodiment of the invention, is shown in figure 1 and comprises the following specific steps:
step 1, utilizing transaction hash to obtain global information G, local information, sent event E, associated account, account balance and transaction token amount in the transaction events facing decentralized finance. The global information comprises a block number of an exchange, a timestamp corresponding to the transaction and a spent fuel (Gas) fee, and is subjected to standardization processing. The local information includes the name of the trading platform and the names of the function parameters of different contracts.
Step 2, extracting global features G (G) contained in global information 1 ,g 2 ,…,g 37 ) The global feature contains 37 dimensions, most of which are statistical features, such as the number of transfer function calls, the number of fetch (liquidity) function calls, the number of mortgage function calls, the number of involved tokens, the maximum transaction amount in the transaction, etc., and are denoted as G (G) 1 ,g 2 ,…,g 37 )。
TABLE 1 Global features
Figure BDA0003874629650000071
And 3, marking a corresponding real label on the relevant transaction information collected by using each transaction hash, wherein the normal transaction label is 0, and the attack transaction label is 1. The source of the real tags is the official website for decentralized finance-related applications, and the portal website for etherhouses.
Step 4, because different transactions comprise different decentralized financial platforms and related protocol combinations are different, the effectiveness of subsequent semantic feature extraction will be affected, and therefore, local information such as names of different transaction platforms and function parameter names of different contracts included in transaction events is mapped to corresponding constants and then converted into uniform symbolic expressions, so that interference information caused by different names is filtered and marked as S 1 =Map(S)。
Specifically, names of different trading platforms and function parameter names of different contracts are renamed according to respective occurrence sequences, for example, plat _0, plat _1, varb _0, varb _1:
Figure BDA0003874629650000072
however, no standardized mapping of function names to parameter names is performed, since function names are typically named standardized in smart contracts for decentralized finance. Then, converting the symbolized transaction event data into a corresponding Word bank through semantic analysis, wherein the Word bank comprises a transaction platform name, a parameter name of a function and an incoming parameter value, and in order to control the scale of the Word bank to a certain scale, converting the normalized local information which is still unstructured into a vectorization form with a fixed length by using Word2Vec to obtain a local feature V, wherein the local feature V comprises a high-level semantic feature.
V=word2vec(S 1 )=(v 1 ,v 2 ,…,v m )
Then, the global features G and the local features V are input into a global model and a local model, respectively, wherein the global model is composed of a self-encoder, and the local model is composed of an LSTM (Long Short-Term Memory) network. And training the global model and the local model by using normal data respectively, and storing parameters of the global model and the local model after the global model and the local model are converged. The normal data refers to normal transaction data in decentralized finance, such as normal transfer transaction data, normal exchange token transaction data, normal mortgage token transaction data, and the like, that is, transaction data without attacks.
Step 5, a schematic diagram of a working principle of the fusion model provided by the embodiment of the present invention is shown in fig. 2. The global feature is obtained by using the global model, the vectorized transaction event is input into the local model to obtain the local feature, namely the high-level semantic feature, and then the global feature and the local feature are fused by the constructed fusion model and the high-level semantic features of different levels are extracted, as shown in fig. 2.
The global model is composed of a self-coder, the local model is a Long Short-Term Memory (LSTM) network, the fusion model comprises a fusion layer, a depth LSTM layer and a full connection layer, wherein the fusion layer is used for fully fusing global features and local features so as to fuse information of different layers and improve detection effect, and the output of each layer of the LSTM at the time t is
Figure BDA0003874629650000081
Wherein
Figure BDA0003874629650000082
In order to output the gate, the gate is provided with a gate,
Figure BDA0003874629650000083
the state of the neuron is calculated by the following formula:
Figure BDA0003874629650000084
Figure BDA0003874629650000085
Figure BDA0003874629650000086
Figure BDA0003874629650000087
Figure BDA0003874629650000088
wherein, multiplying is corresponding to each dimension in the vector,
Figure BDA0003874629650000091
representing the operation of the concatenation of the vectors,
Figure BDA0003874629650000092
and with
Figure BDA0003874629650000093
For the purpose of the corresponding activation function,
Figure BDA0003874629650000094
Figure BDA0003874629650000095
is a weight matrix for the LSTM,
Figure BDA0003874629650000096
represents the output of the l-1 (l > 1) th layer,
Figure BDA0003874629650000097
the output value of the LSTM at the last moment of t-1 is shown, b is a bias matrix, when l =1, the transaction event information after vectorization is shown, and since the global feature and the local feature are respectively obtained through a self-encoder and an LSTM model, a feature fusion layer is designed to further obtain high-level semantic features of different levels:
Figure BDA0003874629650000098
wherein, f f For fusion features, M g Then the global model, M l As a local model
And training a fusion model by using the reconstruction loss based on the fused characteristics, and performing attack detection by using the output value of the fusion model as an abnormal value.
Figure BDA0003874629650000099
Where i represents the ith transaction data for training.
And 6, in the attack detection process of the actual data, detecting the transaction event data to be detected by using the global model, the local model and the fusion model obtained in the training process. And respectively inputting the transaction event data to be detected into the global model and the local model as input samples, and respectively outputting the global features and the local features by the global model and the local model. Then, the global features and the local features are input into the fusion model, and the high-level semantic features of different levels output by the fusion model are used as output samples. And calculating the reconstruction loss between the input sample and the output sample, taking the reconstruction loss as a basis for judging whether the transaction is an attack, if the reconstruction loss is greater than a given threshold value, judging the transaction to be an attack, and if not, judging the transaction to be normal transaction data.
In summary, the attack detection method for decentralized finance, which is disclosed by the embodiment of the invention, can utilize Word2Vec to automatically process unstructured data, and a fusion model is established for extracting semantic features of different levels for attack detection. While filtering irrelevant interference information, the semantic information is kept as much as possible, so that the automatic attack detection facing decentralized finance can be realized.
The method provides theoretical basis and practical method for automatic attack detection in decentralized finance, provides safety guarantee for the current decentralized finance, and promotes the stable and sustainable development of decentralized finance ecology.
Those of ordinary skill in the art will understand that: the figures are merely schematic representations of one embodiment, and the blocks or flow diagrams in the figures are not necessarily required to practice the present invention.
From the above description of the embodiments, it is clear to those skilled in the art that the present invention can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present invention may be embodied in the form of software products, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and include instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
All the embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for apparatus or system embodiments, since they are substantially similar to method embodiments, they are described in relative terms, as long as they are described in partial descriptions of method embodiments. The above-described embodiments of the apparatus and system are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement without inventive effort.
While the invention has been described with reference to specific preferred embodiments, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the following claims. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (7)

1. An attack detection method for decentralized finance is characterized in that a global model, a local model and a fusion model are constructed, and the method specifically comprises the following steps:
extracting global information and local information in a transaction event facing decentralized finance, extracting global features according to the global information, and extracting local features according to the local information;
inputting the global features into a global model, training the global model, inputting the local features into a local model, training the local model, and storing the parameters of the trained global model and the trained local model;
fusing the global features and the local features through a fusion model, extracting high-level semantic features of different levels, training the fusion model, and storing parameters of the trained fusion model;
the global feature of the transaction event to be detected is extracted through the trained global model, the local feature of the transaction event to be detected is extracted through the trained local model, the global feature and the local feature of the transaction event to be detected are input into the trained fusion model, and the trained fusion model outputs the attack detection result of the transaction event to be detected.
2. The method of claim 1, wherein extracting global and local information in the decentralized financial oriented transaction event comprises:
the method comprises the steps of utilizing transaction hash oriented to decentralized finance to obtain global information G, local information, sent events E, associated accounts, account balances and transaction token amount in transaction events, wherein the global information G comprises a block number of a transaction place, a timestamp corresponding to the transaction and spent fuel charge, the global information is subjected to standardization processing, and the local information comprises names of transaction platforms and function parameter names of different contracts.
3. The method of claim 2, wherein the global feature G (G) 1 ,g 2 ,…,g 37 ) Contains 37 dimensions, mostly statistical features including the number of transfer function calls, the number of liquidity function calls retrieved, the number of collateralization function calls, the number of tokens involved, and the maximum amount of transactions in the transaction.
4. The method of claim 2, wherein extracting local features from the local information comprises:
the names of different transaction platforms, the function parameter names of different contracts and the input parameter values in the local information are mapped to corresponding constants and converted into uniform symbolic expressions, the Word2Vec is used for converting the normalized local information which is still unstructured into a vectorization form with fixed length, and local features are obtained and comprise high-level semantic features.
5. The method of claim 2, wherein the inputting global features into a global model, training the global model, inputting local information into a local model, training the local model, and saving parameters of the trained global model and local model comprises:
the global model is composed of a self-encoder, the local model is composed of a long-short term memory (LSTM) network, global features are input into the global model, local features are input into the local model, the global model and the local model are respectively trained by normal data, and parameters of the global model and the local model are stored after the global model and the local model are converged.
6. The method according to claim 2, wherein the fusing the global features and the local features through the fusion model, extracting high-level semantic features of different levels, training the fusion model, and storing parameters of the trained fusion model comprises:
the fusion model comprises a fusion layer, a depth LSTM layer and a full connection layer, the fusion layer fuses the information of different levels in the global feature and the local feature, and the output of each layer of the LSTM at the moment t is
Figure FDA0003874629640000021
Wherein
Figure FDA0003874629640000022
In order to output the gate, the gate is provided with a gate,
Figure FDA0003874629640000023
the state of the neuron is calculated by the following formula:
Figure FDA0003874629640000024
Figure FDA0003874629640000025
Figure FDA0003874629640000026
Figure FDA0003874629640000027
Figure FDA0003874629640000028
wherein, multiplying is corresponding to each dimension in the vector,
Figure FDA0003874629640000031
representing the operation of the concatenation of the vectors,
Figure FDA0003874629640000032
and
Figure FDA0003874629640000033
for the purpose of the corresponding activation function,
Figure FDA0003874629640000034
Figure FDA0003874629640000035
weight matrix, V, for LSTM t l Represents the output of the l-1 (l > 1) th layer,
Figure FDA0003874629640000036
the output value of the LSTM at the last time of t-1 is shown, b is a bias matrix, when l =1, the transaction event information after vectorization is shown, and a fusion feature f is obtained through a feature fusion layer f The fusion feature f f For different levels of high-level semantic features:
Figure FDA0003874629640000037
wherein f is f For fusion features, M g Then the global model, M l Is a local model;
and training the fusion model by using the reconstruction loss until the fusion model is converged, and storing the parameters of the trained fusion model.
7. The method according to any one of claims 1 to 6, wherein the extracting global features of the transaction event to be detected through a trained global model, extracting local features of the transaction event to be detected through a trained local model, inputting the global features and the local features of the transaction event to be detected into a trained fusion model, and outputting attack detection results of the transaction event to be detected through the trained fusion model comprises:
respectively inputting transaction event data to be detected into a global model and a local model as input samples, respectively outputting global features and local features by the global model and the local model, inputting the global features and the local features into a fusion model, and taking high-level semantic features of different levels output by the fusion model as output samples;
and calculating the reconstruction loss between the input sample and the output sample, if the reconstruction loss is greater than a given threshold value, judging the transaction event data to be detected as an attack, otherwise, judging the transaction event data to be detected as normal transaction data.
CN202211207488.6A 2022-09-30 2022-09-30 Attack detection method for decentralised finance Active CN115601034B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211207488.6A CN115601034B (en) 2022-09-30 2022-09-30 Attack detection method for decentralised finance

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211207488.6A CN115601034B (en) 2022-09-30 2022-09-30 Attack detection method for decentralised finance

Publications (2)

Publication Number Publication Date
CN115601034A true CN115601034A (en) 2023-01-13
CN115601034B CN115601034B (en) 2023-05-12

Family

ID=84845477

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211207488.6A Active CN115601034B (en) 2022-09-30 2022-09-30 Attack detection method for decentralised finance

Country Status (1)

Country Link
CN (1) CN115601034B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109446991A (en) * 2018-10-30 2019-03-08 北京交通大学 Gait recognition method based on global and local Fusion Features
CN110572362A (en) * 2019-08-05 2019-12-13 北京邮电大学 network attack detection method and device for multiple types of unbalanced abnormal traffic
CN111930598A (en) * 2020-08-28 2020-11-13 张坚伟 Information processing method based on block chain and big data analysis and big data platform
CN113984068A (en) * 2021-11-16 2022-01-28 浙江商汤科技开发有限公司 Positioning method, positioning apparatus, and computer-readable storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109446991A (en) * 2018-10-30 2019-03-08 北京交通大学 Gait recognition method based on global and local Fusion Features
CN110572362A (en) * 2019-08-05 2019-12-13 北京邮电大学 network attack detection method and device for multiple types of unbalanced abnormal traffic
CN111930598A (en) * 2020-08-28 2020-11-13 张坚伟 Information processing method based on block chain and big data analysis and big data platform
CN113984068A (en) * 2021-11-16 2022-01-28 浙江商汤科技开发有限公司 Positioning method, positioning apparatus, and computer-readable storage medium

Also Published As

Publication number Publication date
CN115601034B (en) 2023-05-12

Similar Documents

Publication Publication Date Title
CN109345260B (en) Method for detecting abnormal operation behavior
Wang et al. Ponzi scheme detection via oversampling-based long short-term memory for smart contracts
CN110473083B (en) Tree risk account identification method, device, server and storage medium
US20190130116A1 (en) Method and device for controlling data risk
CN108734380B (en) Risk account determination method and device and computing equipment
CN111539811B (en) Risk account identification method and device
CN110705996A (en) User behavior identification method, system and device based on feature mask
CN109523117A (en) Risk Forecast Method, device, computer equipment and storage medium
CN108492001A (en) A method of being used for guaranteed loan network risk management
CN115378629A (en) Ether mill network anomaly detection method and system based on graph neural network and storage medium
Barua et al. Swindle: Predicting the probability of loan defaults using catboost algorithm
CN113139876A (en) Risk model training method and device, computer equipment and readable storage medium
CN116342141A (en) Method, device and equipment for identifying empty shell enterprises
CN115601034A (en) Attack detection method for decentralized finance
CN115600211A (en) CNN-BilSTM multi-label classification-based intelligent contract unknown vulnerability detection method
CN115641202A (en) Small loan industry group lending risk measurement method based on knowledge graph and graph calculation
CN105991609A (en) Risk event determining method and device
Azamuke et al. Scenario-based synthetic dataset generation for mobile money transactions
CN112132690B (en) Method and device for pushing foreign exchange product information, computer equipment and storage medium
CN110322252B (en) Risk subject identification method and device
CN113159834A (en) Commodity information sorting method, device and equipment
Khang et al. Detecting Fraud Transaction using Ripper Algorithm Combines with Ensemble Learning Model
Meltsov et al. Development of an Intelligent Module for Monitoring and Analysis of Client's Bank Transactions
Kang Fraud Detection in Mobile Money Transactions Using Machine Learning
CN117495551B (en) Logistics financial product analysis method, device, system and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant