面向以太坊智能合约的图神经网络漏洞检测

doi:10.19665/j.issn1001-2400.20240306

Abstract

Abstract:

A smart contract is an important part of the blockchain,and the Ethereum platform enables decentralized applications by deploying a large number of smart contracts,which is associated with billions of dollars worth of digital currency.However,a smart contract is a piece of code written in a high-level language,which can be vulnerable to attacks and cause huge economic losses.Currently,smart contract vulnerabilities are one of the serious threats to Ethereum.Traditional smart contract vulnerability detection methods rely heavily on fixed expert rules,resulting in low accuracy and time-consuming.In recent years,some researchers have used machine learning methods for vulnerability detection,but the detection methods they use do not fully utilize the semantic information of smart contract source code.In this paper,the smart contract source code is constructed as a smart contract graph with a data flow and control flow information,and the attention mechanism is utilized to assign different weights to the nodes in the graph according to their criticality to update the graph node features for contract vulnerability detection.In the paper,experiments are conducted on reentrant vulnerabilities and timestamp vulnerabilities.Experimental results show that compared with the traditional graph neural network detection model,the model in the paper improves the accuracy in the two vulnerability detections by 11.18% and 10.06%,respectively.The experiments demonstrate that smart contract vulnerabilities are not only related to the structural features of the contract code,but also closely related to different functions and data variables.

Key words: blockchain, ethereum, smart contracts, vulnerability detection, graph neural networks, attention mechanism

CLC Number:

TP311.1

LI Xiaohan, YANG Yanbo, ZHANG Jiawei, LI Baoshan, MA Jianfeng. Graph neural network vulnerability detection for ethernet smart contracts[J].Journal of Xidian University, 2024, 51(4): 139-150.

Figures/Tables 15

References 35

[1]	王慧, 王励成, 柏雪, 等. 区块链隐私保护和扩容关键技术研究[J]. 西安电子科技大学学报, 2020, 47(5):28-39.
	WANG Hui, WANG Licheng, BAI Xue, et al. Research on Key Technology of Blockchain Privacy Protection and Scalability[J]. Journal of Xidian University, 2020, 47(5):28-39.
[2]	YING Z B, SONG L C, CHEN D, et al. AWI-BS:An Adaptive Weight Incentive for Blockchain Sharding[J]. Journal of Information and Intelligence, 2023, 1(2):87-103.
[3]	杨颜博, 张嘉伟, 马建峰. 一种使用区块链保护车联网数据隐私的方法[J]. 西安电子科技大学学报. 2021, 48(3):21-30.
	YANG Yanbo, ZHANG Jiawei, MA Jianfeng. Method for Using the Blockchain to Protect Data Privacy of IoV[J]. Journal of Xidian University, 2021, 48(3):21-30.
[4]	刘远振, 杨颜博, 张嘉伟, 等. 一种抗分布式机器学习恶意节点的区块链方案[J]. 西安电子科技大学学报, 2023, 50(2):178-187.
	LIU Yuanzhen, YANG Yanbo, ZHANG Jiawei, et al. Blockchain Scheme for Anti Malicious Nodes in Distributed Machine Learning[J]. Journal of Xidian University, 2023, 50(2):178-187.
[5]	李雪莲, 张夏川, 高军涛, 等. 支持属性和代理重加密的区块链数据共享方案[J]. 西安电子科技大学学报, 2022, 49(1):1-16.
	LI Xuelian, ZHANG Xiachuan, GAO Juntao, et al. Blockchain Data Sharing Scheme Supporting Attribute and Proxy Re-Encryption[J]. Journal of Xidian University, 2022, 49(1):1-16.
[6]	KIAYIAS A, MILLER A, ZINDROS D. Non-Interactive Proofs of Proof-of-Work[C]//International Conference on Financial Cryptography and Data Security. Heidelberg:Springer, 2022:505-522.
[7]	ZOU W Q, LO D, KOCHHAR A, et al. Smart Contract Development:Challenges and Opportunities[J]. IEEE Transactions on Software Engineering, 2021, 47(10):2084-2106.
[8]	闫凯伦, 刁文瑞, 郭山清. 智能合约安全漏洞及检测技术综述[J]. 信息对抗技术, 2023, 2(3):1-17.
	YAN Kailun, DIAO Wenrui, GUO Shanqing. A Survey of Smart Contract Vulnerabilities and Detection Techniques[J]. Information Countermeasure Technology, 2023, 2(3):1-17.
[9]	KUSHWAHA S, JOSHI S, SINGH D, et al. Systematic Review of Security Vulnerabilities in Ethereum Blockchain Smart Contract[J]. IEEE Access, 2022,10:6605-6621.
[10]	BAGHANI S, RAHIMPOUR S, KHABBAZIAN M, et al. The DAO Induction Attack:Analysis and Countermeasure[J]. IEEE Internet of Things Journal, 2022, 9(7):4875-4887.
[11]	SALEHIN I, ISLAM S, SAHA P, et al. AutoML:A Systematic Review on Automated Machine Learning with Neural Architecture Search[J]. Journal of Information and Intelligence, 2024, 2(1):52-81.
[12]	MUMUNI A, MUMUNI F. Automated Data Processing and Feature Engineering for Deep Learning and Big Data Applications:A Survey(2024)[J/OL]. Journal of Information and Intelligence.[2024-01-08]. https://www.sciencedirect.com/science/article/pii/S2949715924000027.
[13]	GONG M G, HE Y J, LI H, et al. Frontiers of Collaborative Intelligence Systems[J]. Journal of Information and Intelligence, 2024, 2(1):14-27.
[14]	QIAN P, LIU Z G, HE Q M, et al. Towards Automated Reentrancy Detection for Smart Contracts Based on Sequential Models[J]. IEEE Access, 2020,8:19685-19695.
[15]	HUANG Y, LIU Z G, QIAN P, et al. Smart Contract Vulnerability Detection Using Graph Neural Networks[C]//International Joint Conferences on Artificial Intelligence Organization. Piscataway:IEEE, 2020:3283-3290.
[16]	王侃, 王孟洋, 刘鑫, 等. 融合自注意力机制与CNN-BiGRU的事件检测[J]. 西安电子科技大学学报, 2022, 49(5):181-188.
	WANG Kan, WANG Mengyang, LIU Xin, et al. Event Detection by Combining Self-Attention and CNN-BiGRU[J]. Journal of Xidian University, 2022, 49(5):181-188.
[17]	李雷孝, 郑岳, 高昊昱, 等. 智能合约漏洞检测研究综述[J]. 计算机科学与探索, 2022, 16(11):2456-2470. doi: 10.3778/j.issn.1673-9418.2203024
	LI Leixiao, ZHENG Yue, GAO Haoyu, et al. Survey of Research on Smart Contract Vulnerability Detection[J]. Journal of Frontiers of Computer Science and Technology, 2022, 16(11):2456-2470.
[18]	FEIST J, GRIECO G, GROCE A. Slither:A Static Analysis Framework for Smart Contracts[C]//2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain(WETSEB).Piscataway:IEEE, 2019: 8-15.
[19]	TIKHOMIROV S, VOSKRESENSKAYA E, IVANITSKIY I, et al. SmartCheck:Static Analysis of Ethereum Smart Contracts[C]//Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. New York: ACM, 2018:9-16.
[20]	KALRA S, GOEL S, DHAWAN M, et al. ZEUS:Analyzing Safety of Smart Contracts[C]//Network and Distributed System Security Symposium. San Diego: NDSS, 2018:1-12.
[21]	JIANG B, LIU Y, CHAN W K. Contractfuzzer:Fuzzing Smart Contracts for Vulnerability Detection[C]//2018 33rd IEEE/ACM International Conference on Automated Software Engineering(ASE).Piscataway:IEEE, 2018: 259-269.
[22]	LIU Z G, QIAN P, YANG J X, et al. Rethinking Smart Contract Fuzzing:Fuzzing with Invocation Ordering and Important Branch Revisiting[J]. IEEE Transactions on Information Forensics and Security, 2023,12:1237-1251.
[23]	ZHANG L J, MA J F. A Spatiotemporal Graph Wavelet Neural Network for Traffic Flow Prediction(2023)[J/OL]. Journal of Information and Intelligence.[2023-03-16]. https://www.sciencedirect.com/science/article/pii/S2949715923000021.
[24]	胡建伟, 赵伟, 崔艳鹏, 等. 一种改进ASTNN网络的PHP代码漏洞挖掘方法[J]. 西安电子科技大学学报, 2020, 47(6):164-173.
	HU Jianwei, ZHAO Wei, CUI Yanpeng, et al. PHP Code Vulnerability Mining Technology Based on Theimproved ASTNN[J]. Journal of Xidian University, 2020, 47(6):164-173.
[25]	顾守珂, 陈文. 基于增强AST的图神经网络函数级代码漏洞检测方法[J]. 计算机科学, 2023, 50(6):283-290. doi: 10.11896/jsjkx.220600131
	GU Shouke, CHEN Wen. Function Level Code Vulnerability Detection Method of Graph Neural Network Based on Extended AST[J]. Computer Science, 2023, 50(6):283-290. doi: 10.11896/jsjkx.220600131
[26]	WU H J, ZHANG Z, WANG S W, et al. Peculiar:Smart Contract Vulnerability Detection Based on Crucial Data Flow Graph and Pre-training Techniques[C]//2021 IEEE 32nd International Symposium on Software Reliability Engineering(ISSRE).Piscataway:IEEE, 2021: 378-389.
[27]	LIU Z G, PENG Q, WANG X, et al. Smart Contract Vulnerability Detection:From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion(2021)[J/OL].[2021-06-14]. https://arxiv.org/abs/2106.09282.
[28]	LIU Z G, PENG Q, WANG X Y, et al. Combining Graph Neural Networks with Expert Knowledge for Smart Contract Vulnerability Detection[J]. IEEE Transactions on Knowledge and Data Engineering, 2023,2:1296-1310.
[29]	ZHANG L J, CHEN W J, WANG W Z, et al. CBGRU:A Detection Method of Smart Contract Vulnerability Based on a Hybrid Model[J]. Sensors, 2022, 22(9):3577.
[30]	张玉健, 刘代富, 童飞. 基于局部图匹配的智能合约重入漏洞检测方法[J]. 信息网络安全, 2022, 22(8):1-7.
	ZHANG Yujian, LIU Daifu, TONG Fei. Reentrancy Vulnerability Detection in Smart Contracts Based on Local Graph Matching[J]. Netinfo Security, 2022, 22(8):1-7.
[31]	陆璐, 赖锦雄. 基于胶囊网络和注意力机制的智能合约漏洞检测方法[J]. 华南理工大学学报:自然科学版, 2023, 51(5):36-44.
	LU Lu, LAI Jinxiong. Smart Contract Vulnerability Detection Method Based on Capsule Network and Attention Mechanism[J]. Journal of South China University of Technology(Natural Science Edition), 2023, 51(5):36-44. doi: 10.12141/j.issn.1000-565X.220167
[32]	HUANG J J, HAN S M, YOU W, et al. Hunting Vulnerable Smart Contracts via Graph Embedding Based Bytecode Matching[J]. IEEE Transactions on Information Forensics and Security, 2021,16:2144-2156.
[33]	XU Y, WEI K, CHENG D. CSC-GCN:ContrastiveSemantic Calibration for Graph Convolution Network[J]. Journal of Information and Intelligence, 2023, 1(4):295-307.
[34]	NARAYANAN A, CHANDRAMOHAN M, VENKATESAN R, et al. Graph2vec:Learning Distributed Representations of Graphs(2017)[J/OL].[2017-07-17]. https://arxiv.org/abs/1707.05005.
[35]	JUSTIN G, SAMUEL S S, PATRICK F R, et al. Neural Message Passing for Quantum Chemistry[C]//International Conference on Machine Learning(ICML). New York: ACM, 2017:1263-1272.

类别	语义边
控制流边	require{X}
	assert{X}
	if{…} else{…}
	if{…} throw{…}
	if{…} then{…}
	if{…} revert
	while{X} do{…}
	for{X} do{…}
数据流边	assign{X}
	access{X}
前向执行边	顺序执行的程序流
回调执行边	与fallback函数交互的程序流

方法	可重入漏洞检测率/%				时间戳漏洞检测率/%
方法	Acc	Recall	Pre	F1	Acc	Recall	Pre	F1
LSTM	53.68	67.82	51.65	58.64	50.79	59.23	50.32	54.41
GCN	77.85	78.79	70.02	74.15	74.21	75.97	68.35	71.96
DR-GCN	81.47	80.89	72.36	76.39	78.86	78.91	71.29	74.91
文中模型	92.65	96.27	84.46	89.98	88.92	86.23	86.86	86.54

方法	可重入漏洞检测率/%				时间戳漏洞检测率/%
方法	Acc	Recall	Pre	F1	Acc	Recall	Pre	F1
采用RNN网络	91.29	94.17	83.19	88.03	84.43	81.88	80.71	81.29
采用GRU网络	92.65	96.27	84.46	89.98	88.92	86.23	86.86	86.54

方法	可重入漏洞检测率/%				时间戳漏洞检测率/%
方法	Acc	Recall	Pre	F1	Acc	Recall	Pre	F1
模型(无注意力机制)	84.48	82.63	74.06	78.11	83.45	83.82	75.05	79.19
文中模型	92.65	96.27	84.46	89.98	88.92	86.23	86.86	86.54

Graph neural network vulnerability detection for ethernet smart contracts

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 15

References 35

Related Articles 15

Metrics

Comments

Recommended 0

[1]	LIANG Liming, DONG Xin, LEI Kun, XIA Yuchen, WU Jian. Retinal image quality grading for fused attention spectrum non-local blocks [J]. Journal of Xidian University, 2024, 51(4): 102-113.
[2]	ZHAI Sheping, ZHANG Ruiting, YANG Rui, CAO Yongqiang. Blockchain searchable encryption scheme for multi-user environment [J]. Journal of Xidian University, 2024, 51(4): 151-169.
[3]	GUAN Yepeng, SU Guangyao, SHENG Yi. Time series prediction method based on the bidirectional long short-term memory network [J]. Journal of Xidian University, 2024, 51(3): 103-112.
[4]	XIA Yilan, WANG Xiumei, CHENG Peitao. Texture-aware video inpainting algorithm based on the multi-attention mechanism [J]. Journal of Xidian University, 2024, 51(3): 136-146.
[5]	PENG Yongxiang, MA Yong, LIU Zhiquan, WANG Libo, WU Yongdong, CHEN Ning, TANG Yong. Efficient smart contract testing scheme supporting transactions filtering [J]. Journal of Xidian University, 2024, 51(3): 194-202.
[6]	LIU Zhenyan, ZHANG Hua, LIU Yong, YANG Libo, WANG Mengdi. Efficient seed generation method for software fuzzing [J]. Journal of Xidian University, 2024, 51(2): 126-136.
[7]	ZHAI Sheping, LU Xianjing, HUO Yuanyuan, YANG Rui. Improved data sharing scheme based on conditional broadcast proxy re-encryptionn [J]. Journal of Xidian University, 2024, 51(2): 224-238.
[8]	DING Xinmiao, WANG Jiaxing, GUO Wen. Three-dimensional attention-enhanced algorithm for violence scene detection [J]. Journal of Xidian University, 2024, 51(1): 114-124.
[9]	ZHONG Hao, BIAN Shan, WANG Chuntao. Real world image tampering localization combining the self-attention mechanism and convolutional neural networks [J]. Journal of Xidian University, 2024, 51(1): 135-146.
[10]	GUO Qing, TIAN Youliang. Medicaldata privacy protection scheme supporting controlled sharing [J]. Journal of Xidian University, 2024, 51(1): 165-176.
[11]	PENG Yongxiang, LIU Zhiquan, WANG Libo, WU Yongdong, MA Jianfeng, CHEN Ning. Contract vulnerability repair scheme supporting inline data processing [J]. Journal of Xidian University, 2024, 51(1): 178-186.
[12]	ZHENG Kengtao, LI Bin, ZENG Jinhua. Document image forgery localization and desensitization localization using the attention mechanism [J]. Journal of Xidian University, 2023, 50(6): 207-218.
[13]	XIONG Jingwei, PAN Jifei, BI Daping, DU Mingyang. Multi-scale convolutional attention network for radar behavior recognition [J]. Journal of Xidian University, 2023, 50(6): 62-74.
[14]	ZHOU Hao,MA Jianfeng,LIU Zhiquan,WANG Libo,WU Yongdong,FAN Wenjie. Blockchain-assisted solution for emergency message trust evaluation in the VANET [J]. Journal of Xidian University, 2023, 50(4): 148-156.
[15]	YANG Yanyan,DU Yanhui,LIU Hongmeng,ZHAO Jiapeng,SHI Jinqiao,WANG Xuebin. Dark web author alignment based on attention augmented convolutional networks [J]. Journal of Xidian University, 2023, 50(4): 206-214.