面向以太坊智能合约的图神经网络漏洞检测

李小涵; 杨颜博; 张嘉伟; 李宝山; 马建峰

doi:10.19665/j.issn1001-2400.20240306

您当前的位置：

首页 >

文章列表页 >

面向以太坊智能合约的图神经网络漏洞检测

计算机科学与技术 & 网络空间安全 | 更新时间：2024-11-13

- 面向以太坊智能合约的图神经网络漏洞检测
- Graph neural network vulnerability detection for ethernet smart contracts
- 西安电子科技大学学报 2024年51卷第4期页码：139-150
- 作者机构：
  
  1. 内蒙古科技大学数智产业学院,内蒙古包头 014010
  2. 西安电子科技大学网络与信息安全学院,陕西西安 710071
- 作者简介：
  
  [ "李小涵(1999—),女,内蒙古科技大学硕士研究生,E-mail:[email protected]" ]
  杨颜博(1983—),男,副教授,E-mail:[email protected]
  [ "张嘉伟(1985—),男,讲师,E-mail:[email protected]" ]
  [ "李宝山(1965—),男,教授,E-mail:[email protected]" ]
  [ "马建峰(1963—),男,教授,E-mail:[email protected]" ]
- 基金信息：
  
  内蒙古自治区教育厅直属高校基本科研项目(0406082219);内蒙古自治区科技重大专项(2019ZD025);内蒙古包头市昆都仑区科技计划(YF2021011)
- DOI：10.19665/j.issn1001-2400.20240306
  中图分类号： TP311.1
- 纸质出版日期：2024-08-20，
  
  网络出版日期：2024-03-21，
  
  收稿日期：2023-10-03，
- 稿件说明：
移动端阅览
李小涵, 杨颜博, 张嘉伟, 等. 面向以太坊智能合约的图神经网络漏洞检测[J]. 西安电子科技大学学报, 2024,51(4):139-150.

Xiaohan LI, Yanbo YANG, Jiawei ZHANG, et al. Graph neural network vulnerability detection for ethernet smart contracts. [J]. Journal of Xidian University, 2024,51(4):139-150.
李小涵, 杨颜博, 张嘉伟, 等. 面向以太坊智能合约的图神经网络漏洞检测[J]. 西安电子科技大学学报, 2024,51(4):139-150. DOI： 10.19665/j.issn1001-2400.20240306.

Xiaohan LI, Yanbo YANG, Jiawei ZHANG, et al. Graph neural network vulnerability detection for ethernet smart contracts. [J]. Journal of Xidian University, 2024,51(4):139-150. DOI： 10.19665/j.issn1001-2400.20240306.

摘要

智能合约是区块链的重要组成部分

以太坊平台通过部署大量智能合约实现去中心化应用

且智能合约关联着价值数十亿的美元数字货币。但智能合约是由高级语言编写的一段代码

可能存在易受攻击的漏洞

造成巨大的经济损失。目前智能合约漏洞是以太坊面临的严重威胁之一。传统的智能合约漏洞检测方法严重依赖于固定的专家规则

导致准确率低、耗时长。近年来有研究者使用机器学习方法进行漏洞检测

但其所使用的检测方法没有充分利用智能合约源代码的语义信息。文中将智能合约源代码构建为具有数据流和控制流信息的智能合约图

利用注意力机制为图中节点按照其关键程度分配不同的权重更新图节点特征进行合约漏洞检测

对可重入漏洞和时间戳漏洞进行了实验。实验结果显示

与传统的图神经网络检测模型相比

文中模型在两种漏洞检测中准确度分别提高了11.18%

10.06%。实验证明

智能合约漏洞不仅与合约代码的结构特征相关

而且与不同的函数和数据变量有密切的联系。

Abstract

A smart contract is an important part of the blockchain

and the Ethereum platform enables decentralized applications by deploying a large number of smart contracts

which is associated with billions of dollars worth of digital currency.However

a smart contract is a piece of code written in a high-level language

which can be vulnerable to attacks and cause huge economic losses.Currently

smart contract vulnerabilities are one of the serious threats to Ethereum.Traditional smart contract vulnerability detection methods rely heavily on fixed expert rules

resulting in low accuracy and time-consuming.In recent years

some researchers have used machine learning methods for vulnerability detection

but the detection methods they use do not fully utilize the semantic information of smart contract source code.In this paper

the smart contract source code is constructed as a smart contract graph with a data flow and control flow information

and the attention mechanism is utilized to assign different weights to the nodes in the graph according to their criticality to update the graph node features for contract vulnerability detection.In the paper

experiments are conducted on reentrant vulnerabilities and timestamp vulnerabilities.Experimental results show that compared with the traditional graph neural network detection model

the model in the paper improves the accuracy in the two vulnerability detections by 11.18% and 10.06%

respectively.The experiments demonstrate that smart contract vulnerabilities are not only related to the structural features of the contract code

but also closely related to different functions and data variables.

关键词

区块链以太坊智能合约漏洞检测图神经网络注意力机制

Keywords

blockchainethereumsmart contractsvulnerability detectiongraph neural networksattention mechanism

references

王慧, 王励成, 柏雪, 等. 区块链隐私保护和扩容关键技术研究[J]. 西安电子科技大学学报, 2020, 47(5):28-39.

WANG Hui, WANG Licheng, BAI Xue, et al. Research on Key Technology of Blockchain Privacy Protection and Scalability[J]. Journal of Xidian University, 2020, 47(5):28-39.

YING Z B, SONG L C, CHEN D, et al. AWI-BS:An Adaptive Weight Incentive for Blockchain Sharding[J]. Journal of Information and Intelligence, 2023, 1(2):87-103.

杨颜博, 张嘉伟, 马建峰. 一种使用区块链保护车联网数据隐私的方法[J]. 西安电子科技大学学报. 2021, 48(3):21-30.

YANG Yanbo, ZHANG Jiawei, MA Jianfeng. Method for Using the Blockchain to Protect Data Privacy of IoV[J]. Journal of Xidian University, 2021, 48(3):21-30.

刘远振, 杨颜博, 张嘉伟, 等. 一种抗分布式机器学习恶意节点的区块链方案[J]. 西安电子科技大学学报, 2023, 50(2):178-187.

LIU Yuanzhen, YANG Yanbo, ZHANG Jiawei, et al. Blockchain Scheme for Anti Malicious Nodes in Distributed Machine Learning[J]. Journal of Xidian University, 2023, 50(2):178-187.

李雪莲, 张夏川, 高军涛, 等. 支持属性和代理重加密的区块链数据共享方案[J]. 西安电子科技大学学报, 2022, 49(1):1-16.

LI Xuelian, ZHANG Xiachuan, GAO Juntao, et al. Blockchain Data Sharing Scheme Supporting Attribute and Proxy Re-Encryption[J]. Journal of Xidian University, 2022, 49(1):1-16.

KIAYIAS A, MILLER A, ZINDROS D. Non-Interactive Proofs of Proof-of-Work[C]//International Conference on Financial Cryptography and Data Security. Heidelberg:Springer, 2022:505-522.

ZOU W Q, LO D, KOCHHAR A, et al. Smart Contract Development:Challenges and Opportunities[J]. IEEE Transactions on Software Engineering, 2021, 47(10):2084-2106.

闫凯伦, 刁文瑞, 郭山清. 智能合约安全漏洞及检测技术综述[J]. 信息对抗技术, 2023, 2(3):1-17.

YAN Kailun, DIAO Wenrui, GUO Shanqing. A Survey of Smart Contract Vulnerabilities and Detection Techniques[J]. Information Countermeasure Technology, 2023, 2(3):1-17.

KUSHWAHA S, JOSHI S, SINGH D, et al. Systematic Review of Security Vulnerabilities in Ethereum Blockchain Smart Contract[J]. IEEE Access, 2022,10:6605-6621.

BAGHANI S, RAHIMPOUR S, KHABBAZIAN M, et al. The DAO Induction Attack:Analysis and Countermeasure[J]. IEEE Internet of Things Journal, 2022, 9(7):4875-4887.

SALEHIN I, ISLAM S, SAHA P, et al. AutoML:A Systematic Review on Automated Machine Learning with Neural Architecture Search[J]. Journal of Information and Intelligence, 2024, 2(1):52-81.

MUMUNI A, MUMUNI F. Automated Data Processing and Feature Engineering for Deep Learning and Big Data Applications:A Survey(2024)[J/OL]. Journal of Information and Intelligence.[2024-01-08]. https://www.sciencedirect.com/science/article/pii/S2949715924000027. https://www.sciencedirect.com/science/article/pii/S2949715924000027https://www.sciencedirect.com/science/article/pii/S2949715924000027

GONG M G, HE Y J, LI H, et al. Frontiers of Collaborative Intelligence Systems[J]. Journal of Information and Intelligence, 2024, 2(1):14-27.

QIAN P, LIU Z G, HE Q M, et al. Towards Automated Reentrancy Detection for Smart Contracts Based on Sequential Models[J]. IEEE Access, 2020,8:19685-19695.

HUANG Y, LIU Z G, QIAN P, et al. Smart Contract Vulnerability Detection Using Graph Neural Networks[C]//International Joint Conferences on Artificial Intelligence Organization. Piscataway:IEEE, 2020:3283-3290.

王侃, 王孟洋, 刘鑫, 等. 融合自注意力机制与CNN-BiGRU的事件检测[J]. 西安电子科技大学学报, 2022, 49(5):181-188.

WANG Kan, WANG Mengyang, LIU Xin, et al. Event Detection by Combining Self-Attention and CNN-BiGRU[J]. Journal of Xidian University, 2022, 49(5):181-188.

李雷孝, 郑岳, 高昊昱, 等. 智能合约漏洞检测研究综述[J]. 计算机科学与探索, 2022, 16(11):2456-2470. DOI:10.3778/j.issn.1673-9418.2203024http://doi.org/10.3778/j.issn.1673-9418.2203024

LI Leixiao, ZHENG Yue, GAO Haoyu, et al. Survey of Research on Smart Contract Vulnerability Detection[J]. Journal of Frontiers of Computer Science and Technology, 2022, 16(11):2456-2470.

FEIST J, GRIECO G, GROCE A. Slither:A Static Analysis Framework for Smart Contracts[C]//2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain(WETSEB).Piscataway:IEEE, 2019: 8-15.

TIKHOMIROV S, VOSKRESENSKAYA E, IVANITSKIY I, et al. SmartCheck:Static Analysis of Ethereum Smart Contracts[C]//Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. New York: ACM, 2018:9-16.

KALRA S, GOEL S, DHAWAN M, et al. ZEUS:Analyzing Safety of Smart Contracts[C]//Network and Distributed System Security Symposium. San Diego: NDSS, 2018:1-12.

JIANG B, LIU Y, CHAN W K. Contractfuzzer:Fuzzing Smart Contracts for Vulnerability Detection[C]//2018 33rd IEEE/ACM International Conference on Automated Software Engineering(ASE).Piscataway:IEEE, 2018: 259-269.

LIU Z G, QIAN P, YANG J X, et al. Rethinking Smart Contract Fuzzing:Fuzzing with Invocation Ordering and Important Branch Revisiting[J]. IEEE Transactions on Information Forensics and Security, 2023,12:1237-1251.

ZHANG L J, MA J F. A Spatiotemporal Graph Wavelet Neural Network for Traffic Flow Prediction(2023)[J/OL]. Journal of Information and Intelligence.[2023-03-16]. https://www.sciencedirect.com/science/article/pii/S2949715923000021. https://www.sciencedirect.com/science/article/pii/S2949715923000021https://www.sciencedirect.com/science/article/pii/S2949715923000021

胡建伟, 赵伟, 崔艳鹏, 等. 一种改进ASTNN网络的PHP代码漏洞挖掘方法[J]. 西安电子科技大学学报, 2020, 47(6):164-173.

HU Jianwei, ZHAO Wei, CUI Yanpeng, et al. PHP Code Vulnerability Mining Technology Based on Theimproved ASTNN[J]. Journal of Xidian University, 2020, 47(6):164-173.

顾守珂, 陈文. 基于增强AST的图神经网络函数级代码漏洞检测方法[J]. 计算机科学, 2023, 50(6):283-290. DOI:10.11896/jsjkx.220600131http://doi.org/10.11896/jsjkx.220600131

GU Shouke, CHEN Wen. Function Level Code Vulnerability Detection Method of Graph Neural Network Based on Extended AST[J]. Computer Science, 2023, 50(6):283-290. DOI:10.11896/jsjkx.220600131http://doi.org/10.11896/jsjkx.220600131

WU H J, ZHANG Z, WANG S W, et al. Peculiar:Smart Contract Vulnerability Detection Based on Crucial Data Flow Graph and Pre-training Techniques[C]//2021 IEEE 32nd International Symposium on Software Reliability Engineering(ISSRE).Piscataway:IEEE, 2021: 378-389.

LIU Z G, PENG Q, WANG X, et al. Smart Contract Vulnerability Detection:From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion(2021)[J/OL].[2021-06-14]. https://arxiv.org/abs/2106.09282. https://arxiv.org/abs/2106.09282https://arxiv.org/abs/2106.09282

LIU Z G, PENG Q, WANG X Y, et al. Combining Graph Neural Networks with Expert Knowledge for Smart Contract Vulnerability Detection[J]. IEEE Transactions on Knowledge and Data Engineering, 2023,2:1296-1310.

ZHANG L J, CHEN W J, WANG W Z, et al. CBGRU:A Detection Method of Smart Contract Vulnerability Based on a Hybrid Model[J]. Sensors, 2022, 22(9):3577.

张玉健, 刘代富, 童飞. 基于局部图匹配的智能合约重入漏洞检测方法[J]. 信息网络安全, 2022, 22(8):1-7.

ZHANG Yujian, LIU Daifu, TONG Fei. Reentrancy Vulnerability Detection in Smart Contracts Based on Local Graph Matching[J]. Netinfo Security, 2022, 22(8):1-7.

陆璐, 赖锦雄. 基于胶囊网络和注意力机制的智能合约漏洞检测方法[J]. 华南理工大学学报:自然科学版, 2023, 51(5):36-44.

LU Lu, LAI Jinxiong. Smart Contract Vulnerability Detection Method Based on Capsule Network and Attention Mechanism[J]. Journal of South China University of Technology(Natural Science Edition), 2023, 51(5):36-44. DOI:10.12141/j.issn.1000-565X.220167http://doi.org/10.12141/j.issn.1000-565X.220167

HUANG J J, HAN S M, YOU W, et al. Hunting Vulnerable Smart Contracts via Graph Embedding Based Bytecode Matching[J]. IEEE Transactions on Information Forensics and Security, 2021,16:2144-2156.

XU Y, WEI K, CHENG D. CSC-GCN:ContrastiveSemantic Calibration for Graph Convolution Network[J]. Journal of Information and Intelligence, 2023, 1(4):295-307.

NARAYANAN A, CHANDRAMOHAN M, VENKATESAN R, et al. Graph2vec:Learning Distributed Representations of Graphs(2017)[J/OL].[2017-07-17]. https://arxiv.org/abs/1707.05005. https://arxiv.org/abs/1707.05005https://arxiv.org/abs/1707.05005

JUSTIN G, SAMUEL S S, PATRICK F R, et al. Neural Message Passing for Quantum Chemistry[C]//International Conference on Machine Learning(ICML). New York: ACM, 2017:1263-1272.

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

区块链隐私保护和扩容关键技术研究

多用户环境的区块链可搜索加密方案

一种支持交易筛选的高性能智能合约测试方案

双向长短期记忆网络的时间序列预测方法

一种改进条件广播代理重加密的数据共享方案