HOUSTON: Real-Time Anomaly Detection of Attacks against Ethereum DeFi Protocols
Dongyu Meng
Network and Distributed System Security (NDSS) Symposium 2026 · Day 1 · Distributed Computation
With the DeFi ecosystem holding roughly **$100 billion in total value locked** and billions stolen annually through protocol hacks -- including by state-sponsored groups -- the need for real-time attack detection has never been more urgent. This talk introduces **HOUSTON**, an anomaly detection system that learns per-protocol behavior specifications directly from transaction traces and flags deviations in real time. Evaluated against **115 real-world Ethereum attack incidents from 2020 to 2024**, HOUSTON achieved a **94.8% true positive rate** with only a **16% false positive rate** (approximately 0.4 false positives per protocol per day), outperforming all compared state-of-the-art systems.
AI review
A well-engineered behavioral anomaly detection system for DeFi protocols that achieves 94.8% TPR on 115 real-world Ethereum attacks while keeping false positives to 0.4 per protocol per day. The per-protocol specification learning, aggressive call trace normalization, and invariant mining are technically sound, and the system was actually deployed live for 40 days. Practical blockchain security work with real results.