Smart contract vulnerability detection method based on pre-training and novel timing graph neural network

ZHUANG Yuan; FAN Zekai; WANG Cheng; SUN Jianguo; LI Yaolin

doi:10.11959/j.issn.1000-436x.2024163

您当前的位置：

首页 >

文章列表页 >

Smart contract vulnerability detection method based on pre-training and novel timing graph neural network

Papers | 更新时间：2024-10-10

- Smart contract vulnerability detection method based on pre-training and novel timing graph neural network
- Journal on Communications Vol. 45, Issue 9, Pages: 101-114(2024)
- 作者机构：
  
  1.哈尔滨工程大学计算机科学与技术学院,黑龙江哈尔滨 150001
  2.西安电子科技大学杭州研究院,浙江杭州 311231
  3.北京理工大学计算机学院,北京 100081
- 作者简介：
- 基金信息：
  
  The National Natural Science Foundation of China(62202121);The National Key Research and Development Program of China(2022YFB4400703);The Fundamental Research Funds for the Central Universities(3072022TS0604)
- DOI：10.11959/j.issn.1000-436x.2024163
  CLC： TP309.2
- Received：18 February 2024，
  
  Revised：2024-08-06，
  
  Published：25 September 2024
- 稿件说明：
移动端阅览
庄园,樊泽楷,王诚等.基于预训练与新型时序图神经网络的智能合约漏洞检测方法[J].通信学报,2024,45(09):101-114.

ZHUANG Yuan,FAN Zekai,WANG Cheng,et al.Smart contract vulnerability detection method based on pre-training and novel timing graph neural network[J].Journal on Communications,2024,45(09):101-114.
庄园,樊泽楷,王诚等.基于预训练与新型时序图神经网络的智能合约漏洞检测方法[J].通信学报,2024,45(09):101-114. DOI： 10.11959/j.issn.1000-436x.2024163.

ZHUANG Yuan,FAN Zekai,WANG Cheng,et al.Smart contract vulnerability detection method based on pre-training and novel timing graph neural network[J].Journal on Communications,2024,45(09):101-114. DOI： 10.11959/j.issn.1000-436x.2024163.

摘要

针对现有深度学习漏洞检测方法对合约字节码特征挖掘不足、漏洞语义表征不精准，且传统图神经网络模型对合约语句的时序信息学习能力不足，提出一种基于预训练与时序图神经网络的智能合约漏洞检测方法。首先，通过预训练模型将智能合约字节码建模为漏洞语义感知的合约图结构。其次，结合自注意力机制，设计了一种新颖的基于事件驱动的时序图神经网络模型，实现对合约执行中时序信息的有效抽取。最后，聚焦于可重入漏洞、时间戳依赖漏洞以及Tx.origin身份认证漏洞，通过120 932份真实合约数据集进行大量的评估实验，结果表明所提方法的检测效果显著优于现有方法。

Abstract

To address the limitations of current deep learning-based methods in extracting contract bytecode features and representing vulnerability semantics

as well as the shortcomings of the traditional graph neural networks in learning temporal information from contract statements

a method for detecting vulnerabilities in contracts was proposed based on pre-trained and temporal graph neural network. Firstly

the pre-trained model was used to transform smart contract bytecode into a vulnerability semantics-aware contract graph structure. Then

combined with a self-attention mechanism

the event-driven temporal graph neural network was designed to extract temporal information during contract execution. Finally

focusing on reentrant vulnerabilities

timestamp dependency vulnerabilities

and Tx.origin authentication vulnerabilities

extensive experiments were conducted on a dataset of 120 932 actual contracts. The results show that the proposed method significantly outperforms existing approaches.

关键词

Keywords

references

王利朋 , 关志 , 李青山 , 等 . 区块链数据安全服务综述 [J ] . 软件学报 , 2023 , 34 ( 1 ): 1 - 32 .

WANG L P , GUAN Z , LI Q S , et al . Survey on blockchain-based security services [J ] . Journal of Software , 2023 , 34 ( 1 ): 1 - 32 .

陈锦富 , 王震鑫 , 蔡赛华 , 等 . 基于蜕变测试的区块链智能合约漏洞检测方法 [J ] . 通信学报 , 2023 , 44 ( 10 ): 164 - 176 .

CHEN J F , WANG Z X , CAI S H , et al . Vulnerability detection method for blockchain smart contracts based on metamorphic testing [J ] . Journal on Communications , 2023 , 44 ( 10 ): 164 - 176 .

吴恺东，马郓，蔡华谦，等 . 面向智能合约分片的联盟区块链系统 [J ] . 软件学报， 2023 , 34 ( 11 ): 5042 - 5057 .

WU K D , MA Y , CAI H Q , et al . Consortium blockchain system based on smart contract-oriented sharding [J ] . Journal of Software , 2023 , 34 ( 11 ): 5042 - 5057 .

BADRUDDOJA S , DANTU R , HE Y Y , et al . Making smart contracts smarter [C ] // Proceedings of the 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) . Piscataway : IEEE Press , 2021 : 1 - 3 .

FEIST J , GRIECO G , GROCE A . Slither: a static analysis framework for smart contracts [C ] // Proceedings of the 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB) . Piscataway : IEEE Press , 2019 : 8 - 15 .

JIANG B , LIU Y , CHAN W K . ContractFuzzer: fuzzing smart contracts for vulnerability detection [C ] // Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering . New York : ACM Press , 2018 : 259 - 269 .

王友卫 , 侯玉栋 , 凤丽洲 . 基于源码结构和图注意力网络的以太坊蜜罐合约检测方法 [J ] . 通信学报 , 2023 , 44 ( 9 ): 161 - 172 .

WANG Y W , HOU Y D , FENG L Z . Honeypot contract detection method for Ethereum based on source code structure and graph attention network [J ] . Journal on Communications , 2023 , 44 ( 9 ): 161 - 172 .

MUELLER B , HONIG J , PARASARAM N , et al . Mythril-reversing and bug hunting framework for the Ethereum blockchain [R ] . 2017 .

TSANKOV P , DAN A , DRACHSLER-COHEN D , et al . Securify: practical security analysis of smart contracts [C ] // Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security . New York : ACM Press , 2018 : 67 - 82 .

KALRA S , GOEL S , DHAWAN M , et al . ZEUS: analyzing safety of smart contracts [C ] // Proceedings of the 2018 Network and Distributed System Security Symposium . Reston : Internet Society , 2018 : 26 - 35 .

MA F C , XU Z Y , REN M , et al . Pluto: exposing vulnerabilities in inter-contract scenarios [J ] . IEEE Transactions on Software Engineering , 2022 , 48 ( 11 ): 4380 - 4396 .

CAMINO R , TORRES C F , BADEN M , et al . A data science approach for detecting honeypots in ethereum [C ] // Proceedings of the 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) . Piscataway : IEEE Press , 2020 : 1 - 9 .

张红霞 , 王琪 , 王登岳 , 等 . 基于深度学习的区块链蜜罐陷阱合约检测 [J ] . 通信学报 , 2022 , 43 ( 1 ): 194 - 202 .

ZHANG H X , WANG Q , WANG D Y , et al . Honeypot contract detection of blockchain based on deep learning [J ] . Journal on Communications , 2022 , 43 ( 1 ): 194 - 202 .

MI F , WANG Z Y , ZHAO C , et al . VSCL: automating vulnerability detection in smart contracts with deep learning [C ] // Proceedings of the 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) . Piscataway : IEEE Press , 2021 : 1 - 9 .

ZHANG L J , WANG J L , WANG W Z , et al . A novel smart contract vulnerability detection method based on information graph and ensemble learning [J ] . Sensors , 2022 , 22 ( 9 ): 3581 .

HUANG J J , HAN S M , YOU W , et al . Hunting vulnerable smart contracts via graph embedding based bytecode matching [J ] . IEEE Transactions on Information Forensics and Security , 2021 , 16 : 2144 - 2156 .

FAN Y Q , SHANG S Y , DING X . Smart contract vulnerability detection based on dual attention graph convolutional network [C ] // Proceedings of the International Conference on Collaborative Computing: Networking, Applications and Worksharing . Berlin : Springer , 2021 : 335 - 351 .

ANGELO M D , SALZER G . A survey of tools for analyzing ethereum smart contracts [C ] // Proceedings of the 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON) . Piscataway : IEEE Press , 2019 : 69 - 78 .

DEVLIN J , CHANG M W , LEE K , et al . BERT: pre-training of deep bidirectional transformers for language understanding [J ] . arXiv Preprint , arXiv: 1810 . 04805 v 2 , 2018 .

ZENG Q R , HE J H , ZHAO G S , et al . EtherGIS: a vulnerability detection framework for ethereum smart contracts based on graph learning features [C ] // Proceedings of the 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC) . Piscataway : IEEE Press , 2022 : 1742 - 1749 .

ZHUANG Y , LIU Z G , QIAN P , et al . Smart contract vulnerability detection using graph neural network [C ] // Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence . California : International Joint Conferences on Artificial Intelligence Organization , 2020 : 3283 .

Views

2025

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Smart contract vulnerability detection method based on Bi-modal cross-attention mechanism

Byzantine fault-tolerant distributed access control mechanism for the Internet of things

Vulnerability detection method for blockchain smart contracts based on metamorphic testing

BFV-Blockchainvoting: blockchain-based electronic voting systems with BFV full homomorphic encryption

Honeypot contract detection of blockchain based on deep learning

Related Author

CHEN Jinfu

HU Xinyi

CAI Saihua

MIN Xirun

CHAI Rong

AI Liping

YANG Ningyu

LIANG Chengchao

Related Institution

School of Computer Science and Communication Engineering, Jiangsu University

Jiangsu Key Laboratory of Security Technology for Industrial Cyberspace, Jiangsu University

School of Communications and Information Engineering, Chongqing University of Posts and Telecommunications

Chongqing Key Laboratory of Mobile Communication Technology

Department of Business Computing, Wisconsin International University College, Accra RE

AI问答

⁰