TraceBlock: Cyberattack Traceback System Based on Blockchain

Dagula; Lei Xu; Keke Gai; Liehuang Zhu

doi:10.1007/978-3-032-21600-7_2

TraceBlock: Cyberattack Traceback System Based on Blockchain

Dagula
, Lei Xu^*
, Keke Gai
, Liehuang Zhu

^*此作品的通讯作者

Beijing Institute of Technology

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

摘要

With the continuous development of cyberattack techniques, attack provenance graph has become an important tool for network defense decision-making. Although existing research has made progress in the logical representation and automatic generation of provenance graphs, the provenance graphs constructed by single organization cannot support collaborative traceability. This paper proposes a blockchain-based cyberattack traceback system called TraceBlock to enable the sharing of graphs across multiple organizations. In TraceBlock system, alert records, which are raw data for contracting, are generated by hosts, securely transmitted by oracle, and filtered by CTI filter. The CTI filter uses a pre-trained model to identify critical threat intelligences (CTIs) and uploads CTIs to the blockchain network. Three smart contracts are deployed on the blockchain network, respectively responsible for CTI verification, provenance graph construction, and subgraph extraction. We conduct simulations using an open-source blockchain platform and the DARPA 1999 dataset. The results demonstrate the feasibility of the proposed system.

源语言	英语
主期刊名	Advanced Security on Software and Systems - International Conference, ASSS 2025, Proceedings
编辑	Weizhi Meng, Qingni Shen, Tao Zhang, Jing Yu
出版商	Springer Science and Business Media Deutschland GmbH
页	17-34
页数	18
ISBN（印刷版）	9783032215994
DOI	https://doi.org/10.1007/978-3-032-21600-7_2
出版状态	已出版 - 2026
已对外发布	是
活动	4th International Conference on Advanced Security on Software and Systems, ASSS 2025 - Guilin, 中国期限: 3 12月 2025 → 5 12月 2025

出版系列

姓名	Communications in Computer and Information Science
卷	2903 CCIS
ISSN（印刷版）	1865-0929
ISSN（电子版）	1865-0937

会议

会议	4th International Conference on Advanced Security on Software and Systems, ASSS 2025
国家/地区	中国
市	Guilin
时期	3/12/25 → 5/12/25

访问文件

10.1007/978-3-032-21600-7_2

其它文件与链接

链接到 Scopus 的出版物

引用此

Dagula, Xu, L., Gai, K., & Zhu, L. (2026). TraceBlock: Cyberattack Traceback System Based on Blockchain. 在 W. Meng, Q. Shen, T. Zhang, & J. Yu (编辑), Advanced Security on Software and Systems - International Conference, ASSS 2025, Proceedings (页码 17-34). (Communications in Computer and Information Science; 卷 2903 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-21600-7_2

Dagula, ; Xu, Lei ; Gai, Keke 等. / TraceBlock : Cyberattack Traceback System Based on Blockchain. Advanced Security on Software and Systems - International Conference, ASSS 2025, Proceedings. 编辑 / Weizhi Meng ; Qingni Shen ; Tao Zhang ; Jing Yu. Springer Science and Business Media Deutschland GmbH, 2026. 页码 17-34 (Communications in Computer and Information Science).

@inproceedings{40c8b68142cf4e288a721544c7a67aea,

title = "TraceBlock: Cyberattack Traceback System Based on Blockchain",

abstract = "With the continuous development of cyberattack techniques, attack provenance graph has become an important tool for network defense decision-making. Although existing research has made progress in the logical representation and automatic generation of provenance graphs, the provenance graphs constructed by single organization cannot support collaborative traceability. This paper proposes a blockchain-based cyberattack traceback system called TraceBlock to enable the sharing of graphs across multiple organizations. In TraceBlock system, alert records, which are raw data for contracting, are generated by hosts, securely transmitted by oracle, and filtered by CTI filter. The CTI filter uses a pre-trained model to identify critical threat intelligences (CTIs) and uploads CTIs to the blockchain network. Three smart contracts are deployed on the blockchain network, respectively responsible for CTI verification, provenance graph construction, and subgraph extraction. We conduct simulations using an open-source blockchain platform and the DARPA 1999 dataset. The results demonstrate the feasibility of the proposed system.",

keywords = "Blockchain, Provenance graph, Smart Contract, Subgraph extraction",

author = "Dagula and Lei Xu and Keke Gai and Liehuang Zhu",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.; 4th International Conference on Advanced Security on Software and Systems, ASSS 2025 ; Conference date: 03-12-2025 Through 05-12-2025",

year = "2026",

doi = "10.1007/978-3-032-21600-7\_2",

language = "English",

isbn = "9783032215994",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "17--34",

editor = "Weizhi Meng and Qingni Shen and Tao Zhang and Jing Yu",

booktitle = "Advanced Security on Software and Systems - International Conference, ASSS 2025, Proceedings",

address = "Germany",

}

Dagula, , Xu, L , Gai, K & Zhu, L 2026, TraceBlock: Cyberattack Traceback System Based on Blockchain. 在 W Meng, Q Shen, T Zhang & J Yu (编辑), Advanced Security on Software and Systems - International Conference, ASSS 2025, Proceedings. Communications in Computer and Information Science, 卷 2903 CCIS, Springer Science and Business Media Deutschland GmbH, 页码 17-34, 4th International Conference on Advanced Security on Software and Systems, ASSS 2025, Guilin, 中国, 3/12/25. https://doi.org/10.1007/978-3-032-21600-7_2

TraceBlock: Cyberattack Traceback System Based on Blockchain. / Dagula, ; Xu, Lei ; Gai, Keke 等.
Advanced Security on Software and Systems - International Conference, ASSS 2025, Proceedings. 编辑 / Weizhi Meng; Qingni Shen; Tao Zhang; Jing Yu. Springer Science and Business Media Deutschland GmbH, 2026. 页码 17-34 (Communications in Computer and Information Science; 卷 2903 CCIS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - TraceBlock

T2 - 4th International Conference on Advanced Security on Software and Systems, ASSS 2025

AU - Dagula,

AU - Xu, Lei

AU - Gai, Keke

AU - Zhu, Liehuang

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

PY - 2026

Y1 - 2026

N2 - With the continuous development of cyberattack techniques, attack provenance graph has become an important tool for network defense decision-making. Although existing research has made progress in the logical representation and automatic generation of provenance graphs, the provenance graphs constructed by single organization cannot support collaborative traceability. This paper proposes a blockchain-based cyberattack traceback system called TraceBlock to enable the sharing of graphs across multiple organizations. In TraceBlock system, alert records, which are raw data for contracting, are generated by hosts, securely transmitted by oracle, and filtered by CTI filter. The CTI filter uses a pre-trained model to identify critical threat intelligences (CTIs) and uploads CTIs to the blockchain network. Three smart contracts are deployed on the blockchain network, respectively responsible for CTI verification, provenance graph construction, and subgraph extraction. We conduct simulations using an open-source blockchain platform and the DARPA 1999 dataset. The results demonstrate the feasibility of the proposed system.

AB - With the continuous development of cyberattack techniques, attack provenance graph has become an important tool for network defense decision-making. Although existing research has made progress in the logical representation and automatic generation of provenance graphs, the provenance graphs constructed by single organization cannot support collaborative traceability. This paper proposes a blockchain-based cyberattack traceback system called TraceBlock to enable the sharing of graphs across multiple organizations. In TraceBlock system, alert records, which are raw data for contracting, are generated by hosts, securely transmitted by oracle, and filtered by CTI filter. The CTI filter uses a pre-trained model to identify critical threat intelligences (CTIs) and uploads CTIs to the blockchain network. Three smart contracts are deployed on the blockchain network, respectively responsible for CTI verification, provenance graph construction, and subgraph extraction. We conduct simulations using an open-source blockchain platform and the DARPA 1999 dataset. The results demonstrate the feasibility of the proposed system.

KW - Blockchain

KW - Provenance graph

KW - Smart Contract

KW - Subgraph extraction

UR - https://www.scopus.com/pages/publications/105039851772

U2 - 10.1007/978-3-032-21600-7_2

DO - 10.1007/978-3-032-21600-7_2

M3 - Conference contribution

AN - SCOPUS:105039851772

SN - 9783032215994

T3 - Communications in Computer and Information Science

SP - 17

EP - 34

BT - Advanced Security on Software and Systems - International Conference, ASSS 2025, Proceedings

A2 - Meng, Weizhi

A2 - Shen, Qingni

A2 - Zhang, Tao

A2 - Yu, Jing

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 3 December 2025 through 5 December 2025

ER -

Dagula , Xu L , Gai K , Zhu L. TraceBlock: Cyberattack Traceback System Based on Blockchain. 在 Meng W, Shen Q, Zhang T, Yu J, 编辑, Advanced Security on Software and Systems - International Conference, ASSS 2025, Proceedings. Springer Science and Business Media Deutschland GmbH. 2026. 页码 17-34. (Communications in Computer and Information Science). doi: 10.1007/978-3-032-21600-7_2

TraceBlock: Cyberattack Traceback System Based on Blockchain

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此