Search

EP-4736102-A1 - FEATURES EXTRACTION FOR BLOCKCHAIN TRANSACTIONS AND PROGRAM PROTOCOLS

EP4736102A1EP 4736102 A1EP4736102 A1EP 4736102A1EP-4736102-A1

Abstract

An access control server may receive state information of an autonomous program protocol that is recorded on a blockchain. The access control server may generate a trace log associated with one or more transactions executed by the autonomous program protocol, the trace log comprising machine events executed by the blockchain, the machine actions associated with the one or more transactions. The access control server may extract a set of features from the trace log, wherein a feature in the set comprises a summary of a machine event executed by the blockchain. The access control server may input the set of features to a machine learning model to determine a threat nature associated with the transactions of the autonomous program protocol. The access control server may perform a responsive action to address the threat nature.

Inventors

  • MAROSI-BAUER, Attila

Assignees

  • Cube Security Inc.

Dates

Publication Date
20260506
Application Date
20240627

Claims (20)

  1. 1. A computer-implemented method comprising: receiving state information of an autonomous program protocol that is recorded on a blockchain; generating a trace log associated with one or more transactions executed by the autonomous program protocol, the trace log comprising machine events executed by the blockchain, the machine actions associated with the one or more transactions; extracting a set of features from the trace log, wherein a feature in the set comprises a summary of a machine event executed by the blockchain; inputting the set of features to a machine learning model to determine a threat nature associated with the transactions of the autonomous program protocol; and performing a responsive action to address the threat nature.
  2. 2. The method of claim 1, wherein the trace log associated with the one or more transactions is in opcode.
  3. 3. The method of claim 1, wherein generating the trace log comprises using transaction hashes of the one or more transactions to identify the machine events that are relevant to the one or more transactions.
  4. 4. The method of claim 1, wherein the machine learning model is a supervised learning model.
  5. 5. The method of claim 1, wherein the machine learning model is an unsupervised learning model.
  6. 6. The method of claim 1, wherein the responsive action is an access control action that restricts an access to the autonomous program protocol.
  7. 7. The method of claim 1, wherein the set of features includes: contract size, a confirmation of a jump table, a number of public functions, a number of private functions, a number of pure functions, and/or a number of call functions between a smart contract and another contract or external address.
  8. 8. The method of claim 5, wherein the machine learning model is trained to predict a set of characteristics that include a conformation of a flash loan, a swap within a smart contract, a beacon upgrade, and/or a balance change.
  9. 9. The method of claim 1, wherein the autonomous program protocol is recorded on the blockchain in bytecode and the trace log is in opcode.
  10. 10. A system comprising: one or more processors; and memory configured to store code comprising instructions, wherein the instructions, when executed by the one or more processors, cause the one or more processors to: receive state information of an autonomous program protocol that is recorded on a blockchain; generate a trace log associated with one or more transactions executed by the autonomous program protocol, the trace log comprising machine events executed by the blockchain, the machine actions associated with the one or more transactions; extract a set of features from the trace log, wherein a feature in the set comprises a summary of a machine event executed by the blockchain; input the set of features to a machine learning model to determine a threat nature associated with the transactions of the autonomous program protocol; and perform a responsive action to address the threat nature.
  11. 11. The system of claim 10, wherein the trace log associated with the one or more transactions is in opcode.
  12. 12. The system of claim 10, wherein generating the trace log comprises using transaction hashes of the one or more transactions to identify the machine events that are relevant to the one or more transactions.
  13. 13. The system of claim 10, wherein the machine learning model is a supervised learning model.
  14. 14. The system of claim 10, wherein the machine learning model is an unsupervised learning model.
  15. 15. The system of claim 10, wherein the responsive action is an access control action that restricts an access to the autonomous program protocol.
  16. 16. The system of claim 10, wherein the set of features includes: contract size, a confirmation of a jump table, a number of public functions, a number of private functions, a number of pure functions, and/or a number of call functions between a smart contract and another contract or external address.
  17. 17. The system of claim 14, wherein the machine learning model is trained to predict a set of characteristics that include a conformation of a flash loan, a swap within a smart contract, a beacon upgrade, and/or a balance change.
  18. 18. The system of claim 10, wherein the autonomous program protocol is recorded on the blockchain in bytecode and the trace log is in opcode.
  19. 19. A non-transitory computer-readable medium configured to store code comprising instructions, wherein the instructions, when executed by one or more processors, cause the one or more processors to: receive state information of an autonomous program protocol that is recorded on a blockchain; generate a trace log associated with one or more transactions executed by the autonomous program protocol, the trace log comprising machine events executed by the blockchain, the machine actions associated with the one or more transactions; extract a set of features from the trace log, wherein a feature in the set comprises a summary of a machine event executed by the blockchain; input the set of features to a machine learning model to determine a threat nature associated with the transactions of the autonomous program protocol; and perform a responsive action to address the threat nature.
  20. 20. The non-transitory computer-readable medium of claim 19, wherein the trace log associated with the one or more transactions is in opcode.

Description

FEATURES EXTRACTION FOR BLOCKCHAIN TRANSACTIONS AND PROGRAM PROTOCOLS INVENTOR(S): ATTILA MAROSI-BAUER CROSS REFERENCE TO RELATED APPLICATION [0001] This application claims the benefit of, and priority to, U.S. Provisional Patent Application 63/523,840, filed June 28, 2023, the content of which is incorporated by reference herein in its entirety for all purposes. FIELD [0002] The disclosure generally relates to access control security and, more specifically, to the extraction of features of program protocols recorded on a blockchain and blockchain transactions for use in a machine learning model to identify security threats in blockchain transactions. BACKGROUND [0003] The blockchain and smart contract ecosystem currently do not provide transparency describing the features of a smart contract, or particular blockchain transaction. Items such as the opcode of the smart contract or the trace log of a transaction are not easily legible by humans, and therefore make it more difficult to monitor. The lack of transparency can lead to malicious or vulnerable smart contracts, as well as the inability to know specifically what has occurred during a transaction beyond the status update that the transaction has succeeded or failed. The extraction of features to describe a smart contract, or the log of a transaction, allows for more transparency, easier monitoring, and more secured use smart contracts on the blockchain. BRIEF DESCRIPTION OF THE DRAWINGS [0004] FIG. (Figure) l is a block diagram that illustrates a system environment of an example computing server, in accordance with an embodiment. [0005] FIG. 2 is a block diagram representing an example access control server, in accordance with an embodiment. [0006] FIG. 3A is a block diagram illustrating an example access control 300 and the message control flow of the system, in accordance with some embodiments. [0007] FIG. 3B is a block diagram illustrating how features may be extracted from an autonomous program protocol for training and inference of a machine learning model, in accordance with some embodiments. [0008] FIG. 3C is a block diagram illustrating how features may be extracted from transactions of an autonomous program protocol for training and inference of a machine learning model, in accordance with some embodiments. [0009] FIG. 4 is a flowchart depicting an example process for using a feature extraction process on code associated to an autonomous program protocol, in accordance with some embodiments. [0010] FIG. 5 is a system flowchart depicted the process of providing the extracted feature data to a machine learning model, in accordance with some embodiments. [0011] FIG. 6 is a block diagram illustrating the structure of a machine learning model, in accordance with some embodiments. [0012] FIG. 7A is a block diagram illustrating a chain of transactions broadcasted and recorded on a blockchain, in accordance with an embodiment. [0013] FIG. 7B is a block diagram illustrating a connection of multiple blocks in a blockchain, in accordance with an embodiment. [0014] FIG. 8 is a block diagram illustrating components of an example computing machine that is capable of reading instructions from a computer-readable medium and execute them in a processor (or controller). [0015] The figures depict, and the detail description describes, various nonlimiting embodiments for purposes of illustration only. DETAILED DESCRIPTION [0016] The figures (FIGs.) and the following description relate to preferred embodiments by way of illustration only. One of skill in the art may recognize alternative embodiments of the structures and methods disclosed herein as viable alternatives that may be employed without departing from the principles of what is disclosed. [0017] Reference will now be made in detail to several embodiments, examples of which are illustrated in the accompanying figures. It is noted that wherever practicable similar or like reference numbers may be used in the figures and may indicate similar or like functionality. The figures depict embodiments of the disclosed system (or method) for purposes of illustration only. One skilled in the art will readily recognize from the following description that alternative embodiments of the structures and methods illustrated herein may be employed without departing from the principles described herein. SYSTEM OVERVIEW [0018] FIG. (Figure) l is a block diagram that illustrates a system environment 100 of an example computing server, in accordance with an embodiment. By way of example, the system environment 100 includes a user device 110, an application publisher 120, an access control server 130, a data store 135, a blockchain 150, and an autonomous program protocol 152. The entities and components in the system environment 100 communicate with each other through the network 160. In various embodiments, the system environment 100 may include different, fewer, or additional components. The components in the blockchain sy