基于预训练与新型时序图神经网络的智能合约漏洞检测方法

庄园; 樊泽楷; 王诚; 孙建国; 李耀麟

doi:10.11959/j.issn.1000-436x.2024163

您当前的位置：

首页 >

文章列表页 >

基于预训练与新型时序图神经网络的智能合约漏洞检测方法

学术论文 | 更新时间：2024-10-10

- 基于预训练与新型时序图神经网络的智能合约漏洞检测方法
- Smart contract vulnerability detection method based on pre-training and novel timing graph neural network
- 通信学报 2024年45卷第9期页码：101-114
- 作者机构：
  
  1.哈尔滨工程大学计算机科学与技术学院,黑龙江哈尔滨 150001
  2.西安电子科技大学杭州研究院,浙江杭州 311231
  3.北京理工大学计算机学院,北京 100081
- 作者简介：
  
  [ "庄园（1988- ），女，黑龙江哈尔滨人，博士，哈尔滨工程大学副教授、硕士生导师，主要研究方向为区块链安全、人工智能和高性能计算。" ]
  [ "樊泽楷（1998- ），男，山西晋城人，哈尔滨工程大学硕士生，主要研究方向为区块链安全、人工智能。" ]
  [ "王诚（2001- ），男，河北定州人，哈尔滨工程大学硕士生，主要研究方向为网络安全、人工智能。" ]
  [ "孙建国（1981- ），男，黑龙江哈尔滨人，博士，西安电子科技大学教授、博士生导师，主要研究方向为数据安全、人工智能和工业互联网。" ]
  [ "李耀麟（1993- ），男，河北邢台人，北京理工大学博士生，主要研究方向为自然语言处理、区块链安全。" ]
- 基金信息：
  
  国家自然科学基金资助项目(62202121);国家重点研发计划基金资助项目(2022YFB4400703);中央高校基本科研业务费专项资金资助项目(3072022TS0604)
- DOI：10.11959/j.issn.1000-436x.2024163
  中图分类号： TP309.2
- 收稿日期：2024-02-18，
  
  修回日期：2024-08-06，
  
  纸质出版日期：2024-09-25
- 稿件说明：
移动端阅览
庄园,樊泽楷,王诚等.基于预训练与新型时序图神经网络的智能合约漏洞检测方法[J].通信学报,2024,45(09):101-114.

ZHUANG Yuan,FAN Zekai,WANG Cheng,et al.Smart contract vulnerability detection method based on pre-training and novel timing graph neural network[J].Journal on Communications,2024,45(09):101-114.
庄园,樊泽楷,王诚等.基于预训练与新型时序图神经网络的智能合约漏洞检测方法[J].通信学报,2024,45(09):101-114. DOI： 10.11959/j.issn.1000-436x.2024163.

ZHUANG Yuan,FAN Zekai,WANG Cheng,et al.Smart contract vulnerability detection method based on pre-training and novel timing graph neural network[J].Journal on Communications,2024,45(09):101-114. DOI： 10.11959/j.issn.1000-436x.2024163.

摘要

针对现有深度学习漏洞检测方法对合约字节码特征挖掘不足、漏洞语义表征不精准，且传统图神经网络模型对合约语句的时序信息学习能力不足，提出一种基于预训练与时序图神经网络的智能合约漏洞检测方法。首先，通过预训练模型将智能合约字节码建模为漏洞语义感知的合约图结构。其次，结合自注意力机制，设计了一种新颖的基于事件驱动的时序图神经网络模型，实现对合约执行中时序信息的有效抽取。最后，聚焦于可重入漏洞、时间戳依赖漏洞以及Tx.origin身份认证漏洞，通过120 932份真实合约数据集进行大量的评估实验，结果表明所提方法的检测效果显著优于现有方法。

Abstract

To address the limitations of current deep learning-based methods in extracting contract bytecode features and representing vulnerability semantics

as well as the shortcomings of the traditional graph neural networks in learning temporal information from contract statements

a method for detecting vulnerabilities in contracts was proposed based on pre-trained and temporal graph neural network. Firstly

the pre-trained model was used to transform smart contract bytecode into a vulnerability semantics-aware contract graph structure. Then

combined with a self-attention mechanism

the event-driven temporal graph neural network was designed to extract temporal information during contract execution. Finally

focusing on reentrant vulnerabilities

timestamp dependency vulnerabilities

and Tx.origin authentication vulnerabilities

extensive experiments were conducted on a dataset of 120 932 actual contracts. The results show that the proposed method significantly outperforms existing approaches.

关键词

Keywords

references

王利朋 , 关志 , 李青山 , 等 . 区块链数据安全服务综述 [J ] . 软件学报 , 2023 , 34 ( 1 ): 1 - 32 .

WANG L P , GUAN Z , LI Q S , et al . Survey on blockchain-based security services [J ] . Journal of Software , 2023 , 34 ( 1 ): 1 - 32 .

陈锦富 , 王震鑫 , 蔡赛华 , 等 . 基于蜕变测试的区块链智能合约漏洞检测方法 [J ] . 通信学报 , 2023 , 44 ( 10 ): 164 - 176 .

CHEN J F , WANG Z X , CAI S H , et al . Vulnerability detection method for blockchain smart contracts based on metamorphic testing [J ] . Journal on Communications , 2023 , 44 ( 10 ): 164 - 176 .

吴恺东，马郓，蔡华谦，等 . 面向智能合约分片的联盟区块链系统 [J ] . 软件学报， 2023 , 34 ( 11 ): 5042 - 5057 .

WU K D , MA Y , CAI H Q , et al . Consortium blockchain system based on smart contract-oriented sharding [J ] . Journal of Software , 2023 , 34 ( 11 ): 5042 - 5057 .

BADRUDDOJA S , DANTU R , HE Y Y , et al . Making smart contracts smarter [C ] // Proceedings of the 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) . Piscataway : IEEE Press , 2021 : 1 - 3 .

FEIST J , GRIECO G , GROCE A . Slither: a static analysis framework for smart contracts [C ] // Proceedings of the 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB) . Piscataway : IEEE Press , 2019 : 8 - 15 .

JIANG B , LIU Y , CHAN W K . ContractFuzzer: fuzzing smart contracts for vulnerability detection [C ] // Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering . New York : ACM Press , 2018 : 259 - 269 .

王友卫 , 侯玉栋 , 凤丽洲 . 基于源码结构和图注意力网络的以太坊蜜罐合约检测方法 [J ] . 通信学报 , 2023 , 44 ( 9 ): 161 - 172 .

WANG Y W , HOU Y D , FENG L Z . Honeypot contract detection method for Ethereum based on source code structure and graph attention network [J ] . Journal on Communications , 2023 , 44 ( 9 ): 161 - 172 .

MUELLER B , HONIG J , PARASARAM N , et al . Mythril-reversing and bug hunting framework for the Ethereum blockchain [R ] . 2017 .

TSANKOV P , DAN A , DRACHSLER-COHEN D , et al . Securify: practical security analysis of smart contracts [C ] // Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security . New York : ACM Press , 2018 : 67 - 82 .

KALRA S , GOEL S , DHAWAN M , et al . ZEUS: analyzing safety of smart contracts [C ] // Proceedings of the 2018 Network and Distributed System Security Symposium . Reston : Internet Society , 2018 : 26 - 35 .

MA F C , XU Z Y , REN M , et al . Pluto: exposing vulnerabilities in inter-contract scenarios [J ] . IEEE Transactions on Software Engineering , 2022 , 48 ( 11 ): 4380 - 4396 .

CAMINO R , TORRES C F , BADEN M , et al . A data science approach for detecting honeypots in ethereum [C ] // Proceedings of the 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) . Piscataway : IEEE Press , 2020 : 1 - 9 .

张红霞 , 王琪 , 王登岳 , 等 . 基于深度学习的区块链蜜罐陷阱合约检测 [J ] . 通信学报 , 2022 , 43 ( 1 ): 194 - 202 .

ZHANG H X , WANG Q , WANG D Y , et al . Honeypot contract detection of blockchain based on deep learning [J ] . Journal on Communications , 2022 , 43 ( 1 ): 194 - 202 .

MI F , WANG Z Y , ZHAO C , et al . VSCL: automating vulnerability detection in smart contracts with deep learning [C ] // Proceedings of the 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) . Piscataway : IEEE Press , 2021 : 1 - 9 .

ZHANG L J , WANG J L , WANG W Z , et al . A novel smart contract vulnerability detection method based on information graph and ensemble learning [J ] . Sensors , 2022 , 22 ( 9 ): 3581 .

HUANG J J , HAN S M , YOU W , et al . Hunting vulnerable smart contracts via graph embedding based bytecode matching [J ] . IEEE Transactions on Information Forensics and Security , 2021 , 16 : 2144 - 2156 .

FAN Y Q , SHANG S Y , DING X . Smart contract vulnerability detection based on dual attention graph convolutional network [C ] // Proceedings of the International Conference on Collaborative Computing: Networking, Applications and Worksharing . Berlin : Springer , 2021 : 335 - 351 .

ANGELO M D , SALZER G . A survey of tools for analyzing ethereum smart contracts [C ] // Proceedings of the 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON) . Piscataway : IEEE Press , 2019 : 69 - 78 .

DEVLIN J , CHANG M W , LEE K , et al . BERT: pre-training of deep bidirectional transformers for language understanding [J ] . arXiv Preprint , arXiv: 1810 . 04805 v 2 , 2018 .

ZENG Q R , HE J H , ZHAO G S , et al . EtherGIS: a vulnerability detection framework for ethereum smart contracts based on graph learning features [C ] // Proceedings of the 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC) . Piscataway : IEEE Press , 2022 : 1742 - 1749 .

ZHUANG Y , LIU Z G , QIAN P , et al . Smart contract vulnerability detection using graph neural network [C ] // Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence . California : International Joint Conferences on Artificial Intelligence Organization , 2020 : 3283 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于蜕变测试的区块链智能合约漏洞检测方法

BFV-Blockchainvoting：支持BFV全同态加密的区块链电子投票系统

基于深度学习的区块链蜜罐陷阱合约检测

基于区块链的多用户环境中公钥可搜索加密方案

编排图驱动的区块链业务过程管理框架