- 个人中心
- 退出登录
浏览全部资源
扫码关注微信
- HOME
- ABOUT
- Acta Electronica Sinic About JournalPeer Review ProcessPublication EthicsContactSubscription
- Editorial Board Editorial Board
- Acta Electronica Sinic
- CONTENTS
- Issues Online FirstCurrent IssuePast Issues
- Articles Articles with DataMost Cited ArticlesMost Downloaded Articles
- Special Issues Special IssuesVirtual IssuesCall for Papers
- Issues
- RESOURCES
- Author Guide Manuscript SubmissionPeer Review ProcessProduction ProcessCopyright and LicensingAppeal & Withdraw
- For Guest Editors Proposing Special IssueManaging Special Issue
- Download Center
- Author Guide
SCG-Detector: A Smart Contract Vulnerability Detection Method Based on Graph Attention Networks
- ACTA ELECTRONICA SINICA Vol. 52, Issue 12, Pages: 4101-4112(2024)
- 作者机构:
1.北京信息科技大学计算机学院,北京100101
2.国家网信办数据与技术保障中心,北京100048
3.南通大学信息科学技术学院,江苏南通226019
- 作者简介:
- 基金信息:Jiangsu Provincial Frontier Leading Technology Fundamental Research Project(BK20202001);National Natural Science Foundation of China(61702041);Open Fund of High Trust Embedded Software Engineering Technology Laboratory of Beijing Institute of Control Engineering(LHCESET202307);Beijing Information Science and Technology University “Qin-Xin Talent” Cultivation Project(QXTCP B202406)
DOI:10.12263/DZXB.20231187
CLC: TP311.5Received:21 December 2023,
Revised:2024-08-04,
Published:25 December 2024
- 稿件说明:
移动端阅览
顾锡国, 王志伟, 陈翔, 等. SCG-Detector:基于图注意力网络的智能合约漏洞检测方法[J]. 电子学报, 2024, 52(12): 4101-4112.
GU Xi-guo, WANG Zhi-wei, CHEN Xiang, et al. SCG-Detector: A Smart Contract Vulnerability Detection Method Based on Graph Attention Networks[J]. Acta Electronica Sinica, 2024, 52(12): 4101-4112.
顾锡国, 王志伟, 陈翔, 等. SCG-Detector:基于图注意力网络的智能合约漏洞检测方法[J]. 电子学报, 2024, 52(12): 4101-4112. DOI:10.12263/DZXB.20231187
GU Xi-guo, WANG Zhi-wei, CHEN Xiang, et al. SCG-Detector: A Smart Contract Vulnerability Detection Method Based on Graph Attention Networks[J]. Acta Electronica Sinica, 2024, 52(12): 4101-4112. DOI:10.12263/DZXB.20231187
摘要
随着智能合约被广泛使用,其处理的业务逻辑更加复杂,代码复杂度越来越高,引发了大量安全漏洞.为避免潜在安全漏洞造成的危害,研究人员提出了一系列智能合约漏洞检测方法.但现有方法对合约特征表征不完整,未将合约的语义及结构特征进行统一表征,难以准确、全面地检测和识别智能合约中的潜在漏洞和安全风险.为此,本文提出了基于图注意力网络的智能合约漏洞检测方法SCG-Detector(Smart Contract Graph Detector).首先,通过解析合约源代码构建抽象语法树(Abstract Syntax Tree,AST)以表征合约语法结构信息,并在AST上添加表示语义信息的数据依赖关系和控制依赖关系,以构
建合约图(Smart Contract Graph,SCG)同时表征合约的语法结构及语义信息;然后,将SCG输入到图注意网络模型中进行训练,利用注意力机制学习合约中漏洞的特征;最后,利用训练好的图注意力网络模型检测合约中是否存在漏洞及所存在漏洞的类型.SCG-Detector在12 616个智能合约上进行的实验结果表明,相比于sFuzz、Conkas、ConFuzzius、Mythril、Osiris、Slither、Oyente、MANDO-GURU等8种广泛使用的方法,SCG-Detector的
<math id="M1"><mi mathvariant="normal">P</mi><mi mathvariant="normal">r</mi><mi mathvariant="normal">e</mi><mi mathvariant="normal">c</mi><mi mathvariant="normal">i</mi><mi mathvariant="normal">s</mi><mi mathvariant="normal">i</mi><mi mathvariant="normal">o</mi><mi mathvariant="normal">n</mi></math>
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=73221586&type=
2.28600001
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=73221579&type=
11.76866722
最高提升了26.46%,
<math id="M2"><mi mathvariant="normal">R</mi><mi mathvariant="normal">e</mi><mi mathvariant="normal">c</mi><mi mathvariant="normal">a</mi><mi mathvariant="normal">l</mi><mi mathvariant="normal">l</mi></math>
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=73221581&type=
2.28600001
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=73221598&type=
8.12800026
最高提升了69.64%,
<math id="M3"><msub><mrow><mi>F</mi></mrow><mrow><mn mathvariant="normal">1</mn></mrow></msub></math>
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=73221595&type=
3.21733332
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=73221603&type=
3.04800010
最高提升了59.57%.
Abstract
With the widespread of smart contracts
the business logic has become more complex
causing a large number of security vulnerabilities. In order to avoid huge losses caused by potential vulnerabilities
a series of smart contract vulnerability detection methods were proposed. However
existing methods cannot comprehensively represent semantic and structural features of the contract
making it difficult to accurately detect potential vulnerabilities and security risks in smart contracts. To address this issue
this paper proposes a smart contract vulnerability detection method based on graph attention networks
named SCG-Detector (Smart Contract Graph Detector). Firstly
an abstract syntax tree (AST) is constructed by parsing the contract source code to represent the contract’s syntactic structure information. Data dependency relationships and control dependency relationships
which represent semantic information
are added to the AST to construct a smart contract graph (SCG) that characterizes the contract’s syntactic structure and semantic information. Secondly
using the SCG as input
the graph attention network model is trained with an attention mechanism to learn the features of vulnerabilities in the contract. Finally
the trained graph attention network model is used to detect whether there are vulnerabilities in the contract and the types of vulnerabilities present. Experiments are conducted on 12 616 smart contracts to compare with 8 widely used methods
including sFuzz
Conkas
ConFuzzius
Mythril
Osiris
Slither
Oyente
and M
ANDO-GURU. The experimental results shows that the
<math id="M4"><mi mathvariant="normal">P</mi><mi mathvariant="normal">r</mi><mi mathvariant="normal">e</mi><mi mathvariant="normal">c</mi><mi mathvariant="normal">i</mi><mi mathvariant="normal">s</mi><mi mathvariant="normal">i</mi><mi mathvariant="normal">o</mi><mi mathvariant="normal">n</mi></math>
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=73221615&type=
2.28600001
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=73221617&type=
11.76866722
of SCG-Detector is improved by up to 26.46%
<math id="M5"><mi mathvariant="normal">r</mi><mi mathvariant="normal">e</mi><mi mathvariant="normal">c</mi><mi mathvariant="normal">a</mi><mi mathvariant="normal">l</mi><mi mathvariant="normal">l</mi></math>
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=73221610&type=
2.28600001
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=73221612&type=
7.02733374
is improved by up to 69.64%
and
<math id="M6"><msub><mrow><mi>F</mi></mrow><mrow><mn mathvariant="normal">1</mn></mrow></msub></math>
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=73221628&type=
3.21733332
https://html.publish.founderss.cn/rc-pub/api/common/picture?pictureId=73221627&type=
3.04800010
is improved by up to 59.57%.
关键词
Keywords
references
唐飞 , 冯卓 , 黄永洪 . 基于区块链的公平可验证数据持有方案 [J ] . 电子学报 , 2023 , 51 ( 2 ): 406 - 415 .
TANG F , FENG Z , HUANG Y H . Fair provable data possession scheme based on blockchain [J ] . Acta Electronica Sinica , 2023 , 51 ( 2 ): 406 - 415 . (in Chinese)
YANG S , GU X , SHEN B . Self-supervised learning of smart contract representations [C ] // Proceedings of the 30th IEEE/ACM International Conference on Program Comprehension . Piscataway : IEEE , 2022 : 82 - 93 .
DEL CASTILLO M . The DAO attacked: Code issue leads to $60 million ether theft [EB/OL ] . ( 2016 )[2023 ] . https://www.baypayforum.com/blockchain-coins/the-dao-attacke d-code-issue-leads-to-60-million-ether-theft https://www.baypayforum.com/blockchain-coins/the-dao-attacked-code-issue-leads-to-60-million-ether-theft .
WANG W , SONG J , XU G , et al . Contractward: Automated vulnerability detection models for ethereum smart contracts [J ] . IEEE Transactions on Network Science and Engineering , 2021 , 8 ( 2 ): 1133 - 1144 .
ZHUANG Y , LIU Z , QIAN P , et al . Smart contract vulnerability detection using graph neural network [C ] // Proceedings of the 29th International Joint Conference on Artificial Intelligence . California : CAIO , 2020 : 3283 - 3290 .
NGUYEN T D , PHAM L H , SUN J , et al . SFuzz: An efficient adaptive fuzzer for solidity smart contracts [C ] // Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering . New York : ACM , 2020 : 778 - 788 .
VELOSO N , TECNICO I S . Conkas: A modular and static analysis tool for Ethereum bytecode [EB/OL ] . [2023 ] . https://fenix.tecnico.ulisboa.pt/downloadFile/1689244997262417/94080-Nuno-Veloso_resumo.pdf https://fenix.tecnico.ulisboa.pt/downloadFile/1689244997262417/94080-Nuno-Veloso_resumo.pdf .
TORRES C F , IANNILLO A K , GERVAISA , et al . Confuzzius: A data dependency-aware hybrid fuzzer for smart contracts [C ] // 2021 IEEE European Symposium on Security and Privacy . Piscataway : IEEE , 2021 : 103 - 119 .
MUELLER B . Smashing ethereum smart contracts for fun and real profit [J ] . HITB SECCONF Amsterdam , 2018 , 9 : 54 .
TORRES C F , SCHÜTTE J , STATE R . Osiris: Hunting for integer bugs in ethereum smart contracts [C ] // Proceedings of the 34th Annual Computer Security Applications Conference . New York : ACM , 2018 : 664 - 676 .
FEIST J , GRIECO G , GROCE A . Slither: A static analysis framework for smart contracts [C ] // 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain . Piscataway : IEEE , 2019 : 8 - 15 .
BADRUDDOJA S , DANTU R , HE Y Y , et al . Making smart contracts smarter [C ] // 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) . Piscataway : IEEE , 2021 : 1 - 3 .
NGUYEN H H , NGUYEN N M , XIE C Y , et al . MANDO-HGT: Heterogeneous graph transformers for smart contract vulnerability detection [C ] // 2023 IEEE/ACM 20th International Conference on Mining Software Repositories . Piscataway : IEEE , 2023 : 334 - 346 .
YAO W , SHAFIQ M , LIN X , et al . A software defect prediction method based on program semantic feature mining [J ] . Electronics , 2023 , 12 ( 7 ): 1546 .
凌春阳 , 邹艳珍 , 林泽琦 , 等 . 基于图嵌入的软件项目源代码检索方法 [J ] . 软件学报 , 2019 , 30 ( 5 ): 1481 - 1497 .
LING C Y , ZOU Y Z , LIN Z Q , et al . Approach to searching software source code with graph embedding [J ] . Journal of Software , 2019 , 30 ( 5 ): 1481 - 1497 . (in Chinese)
MENG Y , XU D , ZHANG Z , et al . System dependency graph construction algorithm based on equivalent substitution [C ] // Proceedings of the Eighth International Conference on Internet Computing for Science and Engineering (ICICSE) . Piscataway : IEEE , 2015 : 106 - 110 .
ZHANG W , WEI L , CHEUNG S C , et al . Combatting front-running in smart contracts: Attack mining, benchmark construction and vulnerability detector evaluati-on [J ] . IEEE Transactions on Software Engineering , 2023 , 49 ( 6 ): 3630 - 3646 .
LIU Z , QIAN P , YANG J , et al . Rethinking smart contract fuzzing: Fuzzing with invocation ordering and important branch revisiting [EB/OL ] . [2023 ] . http://arxiv.org/abs/2301.03943 http://arxiv.org/abs/2301.03943 .
QIAN P , LIU Z , YIN Y , et al . Cross-modality mutual learning for enhancing smart contract vulnerability detection on bytecode [C ] // Proceedings of the ACM Web Conference 2023 . New York : ACM , 2023 : 2220 - 2229 .
SO S , LEE M , PARK J , et al . VeriSmart: A highly precise safety verifier for ethereum smart contracts [C ] // 2020 IEEE Symposium on Security and Privacy . Piscataway : IEEE , 2020 : 1678 - 1694 .
LIU Z , QIAN P , WANG X , et al . Smart contract vulnerability detection: From pure neural network to interpretable graph feature and expert pattern fusion [EB/OL ] . [2023 ] . http://arxiv.org/abs/2106.09282 http://arxiv.org/abs/2106.09282 .
PASQUA M , BENINI A , CONTRO F , et al . Enhancing ethereum smart-contracts static analysis by computing a precise control-flow graph of ethereum bytecode [J ] . Journal of Systems and Software , 2023 , 200 : 111653 .
0
Views
15
下载量
0
CSCD
- L-PDFDownload
- Meta-XMLDownload
- BibTeXDownload
- EndnoteDownload
- RefMan Download
- NoteExpressDownload
- NoteFirstDownload
Publicity Resources
Related Articles
Related Author
Related Institution
- Technical support is provided by Beijing Founder electronics co., LTD 京ICP备09064830号-19
京公网安备11010802024621 - It is recommended to read the content of this site in Chrome&IE9+. Please switch to extreme mode in browser 360.
- Cookies We use cookies to help provide and enhance our service and tailor content. By continuing, you agree to the use of cookies.