西安电子科技大学学报 ›› 2024, Vol. 51 ›› Issue (4): 139-150.doi: 10.19665/j.issn1001-2400.20240306

• 计算机科学与技术 & 网络空间安全 • 上一篇    下一篇

面向以太坊智能合约的图神经网络漏洞检测

李小涵1(), 杨颜博1(), 张嘉伟2(), 李宝山1(), 马建峰2()   

  1. 1.内蒙古科技大学 数智产业学院,内蒙古 包头 014010
    2.西安电子科技大学 网络与信息安全学院,陕西 西安 710071
  • 收稿日期:2023-10-03 出版日期:2024-08-20 发布日期:2024-03-21
  • 通讯作者: 杨颜博(1983—),男,副教授,E-mail:yangyanbo@imust.edu.cn
  • 作者简介:李小涵(1999—),女,内蒙古科技大学硕士研究生,E-mail:257459218@qq.com
    张嘉伟(1985—),男,讲师,E-mail:jiaweizhang@xidian.edu.cn
    李宝山(1965—),男,教授,E-mail:libaoshan@imust.edu.cn
    马建峰(1963—),男,教授,E-mail:jfma@mail.xidian.edu.cn
  • 基金资助:
    内蒙古自治区教育厅直属高校基本科研项目(0406082219);内蒙古自治区科技厅重大专项(2019ZD025);内蒙古包头市昆都仑区科技计划(YF2021011)

Graph neural network vulnerability detection for ethernet smart contracts

LI Xiaohan1(), YANG Yanbo1(), ZHANG Jiawei2(), LI Baoshan1(), MA Jianfeng2()   

  1. 1. School of Digtial and Intelligence Industry,Inner Mongolia University of Science & Technology,Baotou 014010,China
    2. School of Cyber Engineering,Xidian University,Xi’an 710071,China
  • Received:2023-10-03 Online:2024-08-20 Published:2024-03-21

摘要:

智能合约是区块链的重要组成部分,以太坊平台通过部署大量智能合约实现去中心化应用,且智能合约关联着价值数十亿的美元数字货币。但智能合约是由高级语言编写的一段代码,可能存在易受攻击的漏洞,造成巨大的经济损失。目前智能合约漏洞是以太坊面临的严重威胁之一。传统的智能合约漏洞检测方法严重依赖于固定的专家规则,导致准确率低、耗时长。近年来有研究者使用机器学习方法进行漏洞检测,但其所使用的检测方法没有充分利用智能合约源代码的语义信息。文中将智能合约源代码构建为具有数据流和控制流信息的智能合约图,利用注意力机制为图中节点按照其关键程度分配不同的权重更新图节点特征进行合约漏洞检测,对可重入漏洞和时间戳漏洞进行了实验。实验结果显示,与传统的图神经网络检测模型相比,文中模型在两种漏洞检测中准确度分别提高了11.18%,10.06%。实验证明,智能合约漏洞不仅与合约代码的结构特征相关,而且与不同的函数和数据变量有密切的联系。

关键词: 区块链, 以太坊, 智能合约, 漏洞检测, 图神经网络, 注意力机制

Abstract:

A smart contract is an important part of the blockchain,and the Ethereum platform enables decentralized applications by deploying a large number of smart contracts,which is associated with billions of dollars worth of digital currency.However,a smart contract is a piece of code written in a high-level language,which can be vulnerable to attacks and cause huge economic losses.Currently,smart contract vulnerabilities are one of the serious threats to Ethereum.Traditional smart contract vulnerability detection methods rely heavily on fixed expert rules,resulting in low accuracy and time-consuming.In recent years,some researchers have used machine learning methods for vulnerability detection,but the detection methods they use do not fully utilize the semantic information of smart contract source code.In this paper,the smart contract source code is constructed as a smart contract graph with a data flow and control flow information,and the attention mechanism is utilized to assign different weights to the nodes in the graph according to their criticality to update the graph node features for contract vulnerability detection.In the paper,experiments are conducted on reentrant vulnerabilities and timestamp vulnerabilities.Experimental results show that compared with the traditional graph neural network detection model,the model in the paper improves the accuracy in the two vulnerability detections by 11.18% and 10.06%,respectively.The experiments demonstrate that smart contract vulnerabilities are not only related to the structural features of the contract code,but also closely related to different functions and data variables.

Key words: blockchain, ethereum, smart contracts, vulnerability detection, graph neural networks, attention mechanism

中图分类号: 

  • TP311.1