区块链作为一种多技术融合的新兴服务架构，因其去中心化、不可篡改等特点，受到了学术界和工业界的广泛关注.然而，由于区块链技术架构的复杂性，针对区块链的攻击方式层出不穷，逐年增加的安全事件导致了巨大的经济损失，严重影响了区块链技术的发展与应用.从层级分类、攻击关联分析两个维度对区块链已有安全问题的系统架构、攻击原理、防御策略展开研究.首先，按照区块链层级架构对现有区块链攻击进行归类，介绍了这些攻击方式的攻击原理，分析了它们的共性与特性；其次，分析总结了已有解决方案的思路，提出了一些有效的建议和防御措施；最后，通过攻击关联分析归纳出多个区块链攻击簇，构建了一个相对完整的区块链安全防御体系，展望了区块链技术在未来复杂服务场景下的安全态势.

Blockchain, as an emerging service architecture integrating multi-technology, has attracted extensive attention from the academia and industry due to its decentralization and immutability. However, blockchain is vulnerable to various attacks due to its complex architecture, and the increasing security incidents year by year lead to huge economic losses, which seriously hampers the development and application of blockchain technology. This work studies the architecture, principle, and defenses of existing blockchain attacks from two dimensions of hierarchical classification and attack association analysis. Firstly, the existing blockchain attacks are classified according to the hierarchical structure of the blockchain, the attack principles of these attacks are introduced, and their commonness and characteristics are analyzed. Secondly, some efficient defenses are given based on the analysis and summary of the existing solutions. Finally, this study constructs a comprehensive blockchain defense system based on several blockchain attack clusters summarized by attack association analysis, and prospects the security situation of blockchain in complex service scenarios in the future.

山东省重点研发计划（2019JZZY020129）