HOU Yishan,WANG Yi.Smart Contract Vulnerability Detection based on Heterogeneous Graph[J].Journal of Chengdu University of Information Technology,2025,40(01):7-13.[doi:10.16836/j.cnki.jcuit.2025.01.002]
异构图的智能合约漏洞检测方法
- Title:
- Smart Contract Vulnerability Detection based on Heterogeneous Graph
- 文章编号:
- 2096-1618(2025)01-0007-07
- 分类号:
- TP183
- 文献标志码:
- A
- 摘要:
- 针对现有的基于深度学习智能合约漏洞检测方法无法有效利用上下文信息,提出一种基于异构图的智能合约漏洞检测方法。通过将合约源码解析为包含数据流和控制流的符号图,然后使用图神经网络对图进行表征学习,并通过神经网络进行漏洞预测。在ESC和VSC两个数据集上进行实验,和现有工具以及模型进行对比,结果表明该方法在准确率、召回率、精度、F1分数4个指标均取得提升。
- Abstract:
- To address that the existing smart contract vulnerability detection-based deep learning cannot effectively use context information,This paper proposes a smart contract vulnerability detection based on a heterogeneous graph,Which parses the contract into a Symbol diagram containing data-flow edge and control-flow edge.Then it uses graph neural networks to perform representation learning on the graph,finally,the vulnerability prediction is performed through the neural networks. Experiments are conducted on ESC and VSC data sets,and comparing them with existing tools and models,the results show that the method has improved in the four indicators of accuracy,recall,precision,and F1-score.
参考文献/References:
[1] Huang K,Mu Y,Rezaeibagha F,et al.Design and analysis of cryptographic algorithms in blockchain[M].Crc Press,2021.
[2] Nakamoto S.Bitcoin: A peer-to-peer electronic cash system[C].Decentralized business review,2008.
[3] Li X,Jiang P,Chen T,et al.A survey on the security of blockchain systems[J].Future generation computer systems,2020,107: 841-853.
[4] Chen T,Li X,Wang Y,et al.An adaptive gas cost mechanism for ethereum to defend against under-priced dos attacks[C].Information Security Practice and Experience: 13th International Conference,ISPEC 2017,Melbourne,VIC,Australia,December 13-15,2017,Proceedings 13.Springer International Publishing,2017: 3-24.
[5] Luu L,Chu D H,Olickel H,et al.Making smart contracts smarter[C].Proceedings of the 2016 ACM SIGSAC conference on computer and communications security,2016:254-269.
[6] Kalra S,Goel S,Dhawan M,et al.Zeus: analyzing safety of smart contracts[C].Ndss,2018: 1-12.
[7] Bhargavan K,Delignat-Lavaud A,Fournet C,et al.Formal verification of smart contracts: Short paper[C].Proceedings of the 2016 ACM workshop on programming languages and analysis for security,2016: 91-96.
[8] Yang Z,Lei H.Fether: An extensible definitional interpreter for smart-contract verifications in coq[J].ieee access,2019,7: 37770-37791.
[9] Jiang B,Liu Y,Chan W K.Contractfuzzer: Fuzzing smart contracts for vulnerability detection[C].Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering,2018: 259-269.
[10] Chen T,Zhang Y,Li Z,et al.Tokenscope: Automatically detecting inconsistent behaviors of cryptocurrency tokens in ethereum[C].Proceedings of the 2019 ACM SIGSAC conference on computer and communications security,2019:1503-1520.
[11] Tsankov P,Dan A,Drachsler-Cohen D,et al.Securify: Practical security analysis of smart contracts[C].Proceedings of the 2018 ACM SIGSAC conference on computer and communications security,2018:67-82.
[12] Tikhomirov S,Voskresenskaya E,Ivanitskiy I,et al.Smartcheck: Static analysis of ethereum smart contracts[C].Proceedings of the 1st international workshop on emerging trends in software engineering for blockchain,2018: 9-16.
[13] Feist J,Grieco G,Groce A.Slither: a static analysis framework for smart contracts[C].2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain(WETSEB).IEEE,2019: 8-15.
[14] Carbin M,Misailovic S,Kling M,et al.Detecting and escaping infinite loops with jolt[C].ECOOP 2011–Object-Oriented Programming: 25th European Conference,Lancaster,Uk,July 25-29,2011 Proceedings 25.Springer Berlin Heidelberg,2011: 609-633.
[15] Ibing A,Mai A.A fixed-point algorithm for automated static detection of infinite loops[C].2015 IEEE 16th International Symposium on High Assurance Systems Engineering.IEEE,2015:44-51.
[16] Kling M,Misailovic S,Carbin M,et al.Bolt: on-demand infinite loop escape in unmodified binaries[J].ACM SIGPLAN Notices,2012,47(10): 431-450.
[17] Burnim J,Jalbert N,Stergiou C,et al.Looper: Lightweight detection of infinite loops at runtime[C].2009 IEEE/ACM International Conference on Automated Software Engineering.IEEE,2009: 161-169.
[18] Zhuang Y,Liu Z,Qian P,et al.Smart contract vulnerability detection using graph neural networks[C].Proceedings of the Twenty-Ninth International Conference on International Joint Conferences on Artificial Intelligence,2021:3283-3290.
[19] Liu Z,Qian P,Wang X,et al.Smart contract vulnerability detection: from pure neural network to interpretable graph feature and expert pattern fusion[J].arXiv preprint arXiv:2106,09282:2021.
[20] Zhang C,Song D,Huang C,et al.Heterogeneous graph neural network[C].Proceedings of the 25th ACM SIGKDD international conference on knowledge discovery & data mining,2019:793-803.
[21] Allamanis M,Brockschmidt M,Khademi M.Learning to represent programs with graphs[J].arXiv preprint arXiv:1711.00740,2017.
[22] Hamilton W,Ying Z,Leskovec J.Inductive representation learning on large graphs[J].Advances in neural information processing systems,2017,30.
[23] Kipf T N,Welling M.Semi-supervised classification with graph convolutional networks[J].arXiv preprint arXiv:1609.02907,2016.
[24] Brockschmidt M.Gnn-film: Graph neural networks with feature-wise linear modulation[C].International Conference on Machine Learning.PMLR,2020: 1144-1152.
[25] Qian P,Liu Z,He Q,et al.Towards automated reentrancy detection for smart contracts based on sequential models[J].IEEE Access,2020,8: 19685-19695.
备注/Memo
收稿日期:2023-09-15
基金项目:四川省科技计划资助项目(2023DYF0380、2021ZYD0011); 国家社会科学基金资助项目(23BSH061)
通信作者:王燚.Email:wangyi1177@cuit.edu.cn