Smart Contract Vulnerability Detection Using Code Representation Fusion

2021 28th Asia-Pacific Software Engineering Conference (APSEC) Pub Date : 2021-12-01 DOI:10.1109/APSEC53868.2021.00069

Ben Wang, Hanting Chu, Pengcheng Zhang, Hai Dong

{"title":"Smart Contract Vulnerability Detection Using Code Representation Fusion","authors":"Ben Wang, Hanting Chu, Pengcheng Zhang, Hai Dong","doi":"10.1109/APSEC53868.2021.00069","DOIUrl":null,"url":null,"abstract":"At present, most smart contract vulnerability detection use manually-defined patterns, which is time-consuming and far from satisfactory. To address this issue, researchers attempt to deploy deep learning techniques for automatic vulnerability detection in smart contracts. Nevertheless, current work mostly relies on a single code representation such as AST (Abstract Syntax Tree) or code tokens to learn vulnerability characteristics, which might lead to incompleteness of learned semantics information. In addition, the number of available vulnerability datasets is also insufficient. To address these limitations, first, we construct a dataset covering most typical types of smart contract vulnerabilities, which can accurately indicate the specific row number where a vulnerability may exist. Second, for each single code representation, we propose a novel way called AFS (AST Fuse program Slicing) to fuse code characteristic information. AFS can fuse the structured information of AST with program slicing information and detect vulnerabilities by learning new vulnerability characteristic information.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APSEC53868.2021.00069","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

At present, most smart contract vulnerability detection use manually-defined patterns, which is time-consuming and far from satisfactory. To address this issue, researchers attempt to deploy deep learning techniques for automatic vulnerability detection in smart contracts. Nevertheless, current work mostly relies on a single code representation such as AST (Abstract Syntax Tree) or code tokens to learn vulnerability characteristics, which might lead to incompleteness of learned semantics information. In addition, the number of available vulnerability datasets is also insufficient. To address these limitations, first, we construct a dataset covering most typical types of smart contract vulnerabilities, which can accurately indicate the specific row number where a vulnerability may exist. Second, for each single code representation, we propose a novel way called AFS (AST Fuse program Slicing) to fuse code characteristic information. AFS can fuse the structured information of AST with program slicing information and detect vulnerabilities by learning new vulnerability characteristic information.

查看原文本刊更多论文

基于代码表示融合的智能合约漏洞检测

目前，大多数智能合约漏洞检测都使用人工定义的模式，耗时长，效果不理想。为了解决这个问题，研究人员试图在智能合约中部署深度学习技术来自动检测漏洞。然而，目前的工作大多依赖于单一的代码表示，如AST(抽象语法树)或代码令牌来学习漏洞特征，这可能导致学习到的语义信息不完整。此外，可用的漏洞数据集数量也不足。为了解决这些限制，首先，我们构建了一个涵盖最典型类型的智能合约漏洞的数据集，它可以准确地指出漏洞可能存在的特定行号。其次，针对每个单一的代码表示，我们提出了一种称为AFS (AST融合程序切片)的新方法来融合代码特征信息。AFS可以将AST的结构化信息与程序切片信息融合，通过学习新的漏洞特征信息来检测漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 28th Asia-Pacific Software Engineering Conference (APSEC)

自引率

0.00%

发文量