Search

CN-121980559-A - Sandwich attack detection method and device for cross-signer address and terminal equipment

CN121980559ACN 121980559 ACN121980559 ACN 121980559ACN-121980559-A

Abstract

The application is applicable to the technical field of blockchain, and provides a sandwich attack detection method, device and terminal equipment crossing signer addresses, which comprises the steps of obtaining the addresses of the signers of transaction pairs to be detected; the method comprises the steps of detecting a plurality of target data structures, wherein each target data structure is used for managing the association relation of a plurality of signer addresses, determining the signer addresses of two to-be-detected transactions as the association addresses if the target attributes corresponding to the signer addresses of the two to-be-detected transactions are the same, and carrying out sandwich transaction pattern analysis on the two to-be-detected transactions to obtain a detection result. According to the method and the device, whether the to-be-detected transaction is the associated address for the respective signer address is detected through the target data structure, so that the identification of sandwich attack can be expanded to different signers, and the defense depth of the system is improved.

Inventors

  • Xie Difan
  • Zhu Hanggang
  • YU BOMING
  • WANG XIAOKE
  • DENG JING

Assignees

  • 杭州高新区(滨江)区块链与数据安全研究院

Dates

Publication Date
20260505
Application Date
20251223

Claims (10)

  1. 1. A method for detecting a sandwich attack across signer addresses, comprising: The method comprises the steps of obtaining the addresses of signers of a to-be-detected transaction pair, wherein the to-be-detected transaction pair comprises two to-be-detected transactions, and other transactions exist between the two to-be-detected transactions; Searching target attributes corresponding to the signer addresses of the two transactions to be detected from a target data structure, wherein the target data structure is used for managing the association relation of a plurality of signer addresses; if the target attributes corresponding to the signer addresses of the two transactions to be detected are the same, determining the signer addresses of the two transactions to be detected as associated addresses, and carrying out sandwich transaction mode analysis on the two transactions to be detected to obtain detection results.
  2. 2. The method of claim 1, wherein prior to obtaining the respective signer addresses for the transaction to be detected, further comprising: acquiring data on a chain; if the link data is detected to have the signer address meeting the association condition, storing the signer address in the target data structure in an association way; Or alternatively Acquiring the on-chain data; If the on-chain data is detected to have a first signer address which accords with the association condition with a preset address in the target data structure, storing the first signer address in association with the preset address; Or alternatively And if the target data structure is detected to have at least two preset addresses meeting the association condition, storing the at least two preset addresses in association.
  3. 3. The sandwich attack detection method across signer addresses of claim 2 wherein said conforming association condition comprises: if any one transaction carries an authorized agent instruction, determining that the signer addresses of the granter and the grantee corresponding to the transaction meet the association condition; Or alternatively If the fund flow characteristics between any two addresses meet the set requirements, determining that the addresses of any two signers meet the association conditions; Or alternatively And if the random two signer addresses execute the same operation on the same scarce transaction target within the set time, determining that the random two signer addresses accord with the association condition.
  4. 4. The method for detecting sandwich attack across signer addresses as claimed in claim 2, wherein the target data structure is a union set, and the association storage means specifically that the sets where the signer addresses meeting the association condition are respectively located are merged into the same set based on the merging operation of the union set.
  5. 5. The method of claim 1, wherein the target data structure is a union set, and wherein searching for target attributes from the target data structure that correspond to the signer addresses of two of the transactions to be detected comprises: Searching root nodes corresponding to the signer addresses of the two transactions to be detected from the target data structure based on the query operation of the union; Correspondingly, if the target attributes corresponding to the signer addresses of the two transactions to be detected are the same, determining the signer addresses of the two transactions to be detected as associated addresses, and performing sandwich transaction pattern analysis on the two transactions to be detected to obtain detection results, wherein the method comprises the following steps: if the fact that the root nodes corresponding to the signer addresses of the two transactions to be detected are the same is detected, determining that the signer addresses of the two transactions to be detected are associated addresses, and carrying out sandwich transaction mode analysis on the two transactions to be detected to obtain detection results.
  6. 6. The method of claim 1, wherein the target data structure is a union, the method further comprising: and carrying out serialization processing on the union set based on a preset format to obtain a standard file.
  7. 7. The method for detecting a sandwich attack across signer addresses according to any one of claims 1 to 6, wherein the performing a sandwich transaction pattern analysis on two transactions to be detected to obtain a detection result includes: acquiring respective transaction directions, transaction amounts and transaction time of the two transactions to be detected, and acquiring transaction directions of the other transactions; calculating to obtain a difference value between the transaction amounts of the two transactions to be detected; If the transaction directions of the two transactions to be detected are opposite, the difference value is in a set range, and the transaction directions of the other transactions are the same as the transaction direction of the previous transaction, determining that the detection result is a sandwich attack, wherein the previous transaction refers to the transaction to be detected with earlier transaction time in the transaction pair to be detected.
  8. 8. A sandwich attack detection device across signer addresses, comprising: the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring the addresses of signers of transaction pairs to be detected; The system comprises a first searching unit, a first searching unit and a second searching unit, wherein the first searching unit is used for searching target attributes corresponding to the signer addresses of two transactions to be detected from a target data structure; And the first analysis unit is used for determining the signer addresses of the two transactions to be detected as associated addresses if the target attributes corresponding to the signer addresses of the two transactions to be detected are the same, and carrying out sandwich transaction mode analysis on the two transactions to be detected to obtain a detection result.
  9. 9. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements a sandwich attack detection method across signer addresses according to any of claims 1 to 7 when the computer program is executed.
  10. 10. A computer program product comprising a computer program which, when run, implements the sandwich attack detection method of crossing signer addresses of any of claims 1 to 7.

Description

Sandwich attack detection method and device for cross-signer address and terminal equipment Technical Field The application belongs to the technical field of blockchains, and particularly relates to a sandwich attack detection method, device and terminal equipment for cross-signer addresses. Background Sandwich attacks (SANDWICH ATTACK) are a common type of arbitrage on a decentralised exchange (Decentralized Exchange, DEX). Such an attack involves an attacker, when a transaction is about to be executed, rapidly executing two transactions before and after the transaction, with the normal transaction sandwiched in between, in an effort to gain advantage. Therefore, to avoid the blockchain security problem caused by the sandwich attack as much as possible, it is necessary to implement the sandwich attack detection. However, the prior art is usually focused on the adjacent transactions initiated by the same transaction initiator, and judges whether the adjacent transactions accord with the characteristics of sandwich attack or not, so that the sandwich detection is performed, and the problems that consideration is not comprehensive enough and actual requirements are difficult to meet exist. Disclosure of Invention The embodiment of the application provides a sandwich attack detection method, device and terminal equipment for cross-signer addresses, which are used for solving the problems that consideration of the prior art is not comprehensive enough and actual requirements are difficult to meet. In a first aspect, an embodiment of the present application provides a method for detecting a sandwich attack across signer addresses, including: The method comprises the steps of obtaining the addresses of signers of a to-be-detected transaction pair, wherein the to-be-detected transaction pair comprises two to-be-detected transactions, and other transactions exist between the two to-be-detected transactions; Searching target attributes corresponding to the signer addresses of the two transactions to be detected from a target data structure, wherein the target data structure is used for managing the association relation of a plurality of signer addresses; if the target attributes corresponding to the signer addresses of the two transactions to be detected are the same, determining the signer addresses of the two transactions to be detected as associated addresses, and carrying out sandwich transaction mode analysis on the two transactions to be detected to obtain detection results. Optionally, before the obtaining the address of the signer of each transaction to be detected, the method further includes: acquiring data on a chain; if the link data is detected to have the signer address meeting the association condition, storing the signer address in the target data structure in an association way; And/or the number of the groups of groups, Acquiring the on-chain data; If the on-chain data is detected to have a first signer address which accords with the association condition with a preset address in the target data structure, storing the first signer address in association with the preset address; And/or the number of the groups of groups, And if the target data structure is detected to have at least two preset addresses meeting the association condition, storing the at least two preset addresses in association. Optionally, the meeting the association condition includes: if any one transaction carries an authorized agent instruction, determining that the signer addresses of the granter and the grantee corresponding to the transaction meet the association condition; Or alternatively If the fund flow characteristics between any two addresses meet the set requirements, determining that the addresses of any two signers meet the association conditions; Or alternatively And if the random two signer addresses execute the same operation on the same scarce transaction target within the set time, determining that the random two signer addresses accord with the association condition. The association storage specifically means that the sets where the signer addresses meeting the association conditions are respectively located are merged into the same set based on merging operation of the merging sets. Optionally, the target data structure is a union set, and searching target attributes corresponding to the signer addresses of the two transactions to be detected from the target data structure comprises: Searching root nodes corresponding to the signer addresses of the two transactions to be detected from the target data structure based on the query operation of the union; Correspondingly, if the target attributes corresponding to the signer addresses of the two transactions to be detected are the same, determining the signer addresses of the two transactions to be detected as associated addresses, and performing sandwich transaction pattern analysis on the two transactions to be detected to obtain detection results, wherein the me