Enhanced Smart Contract Vulnerability Detection via Graph Neural Networks: Achieving High Accuracy and Efficiency

IF 6.5 1区 计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING
Chang Xu;Huaiyu Xu;Liehuang Zhu;Xiaodong Shen;Kashif Sharif
{"title":"Enhanced Smart Contract Vulnerability Detection via Graph Neural Networks: Achieving High Accuracy and Efficiency","authors":"Chang Xu;Huaiyu Xu;Liehuang Zhu;Xiaodong Shen;Kashif Sharif","doi":"10.1109/TSE.2025.3570421","DOIUrl":null,"url":null,"abstract":"As blockchain technology becomes prevalent, smart contracts have shown significant utility in finance and supply chain management. However, vulnerabilities in smart contracts pose serious threats to blockchain security, leading to substantial economic losses. Therefore, developing effective vulnerability detection solutions is urgent. To address this issue, we propose a method for detecting vulnerabilities in smart contracts using graph neural networks (GNNs) that can identify eight common vulnerabilities. Our method is fully automated, applicable to all Ethereum smart contracts, and does not require expert-defined rules or manually defined features. We extract the Control Flow Graph and Abstract Syntax Graph from the smart contract code, which are then processed by a GNN to generate feature vectors for classification. Experiments on a real Ethereum dataset demonstrate that our method significantly outperforms existing state-of-the-art approaches. For individual detection tasks, the combined source code and bytecode method achieves an average accuracy of 95.78%, with a peak of 99.13%, and an average F1 score of 93.80%. Compared to competitors, our method shows an average improvement of 51.92% in accuracy and 47.21% in F1 score. The bytecode-only method achieves an average accuracy of 94.68% and an F1 score of 92.36%. For multi-class tasks, both methods achieve high accuracies of 91.26% and 87.34%, with F1 scores of 97.42% and 96.43%, respectively.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"51 6","pages":"1854-1865"},"PeriodicalIF":6.5000,"publicationDate":"2025-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Software Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11005726/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0

Abstract

As blockchain technology becomes prevalent, smart contracts have shown significant utility in finance and supply chain management. However, vulnerabilities in smart contracts pose serious threats to blockchain security, leading to substantial economic losses. Therefore, developing effective vulnerability detection solutions is urgent. To address this issue, we propose a method for detecting vulnerabilities in smart contracts using graph neural networks (GNNs) that can identify eight common vulnerabilities. Our method is fully automated, applicable to all Ethereum smart contracts, and does not require expert-defined rules or manually defined features. We extract the Control Flow Graph and Abstract Syntax Graph from the smart contract code, which are then processed by a GNN to generate feature vectors for classification. Experiments on a real Ethereum dataset demonstrate that our method significantly outperforms existing state-of-the-art approaches. For individual detection tasks, the combined source code and bytecode method achieves an average accuracy of 95.78%, with a peak of 99.13%, and an average F1 score of 93.80%. Compared to competitors, our method shows an average improvement of 51.92% in accuracy and 47.21% in F1 score. The bytecode-only method achieves an average accuracy of 94.68% and an F1 score of 92.36%. For multi-class tasks, both methods achieve high accuracies of 91.26% and 87.34%, with F1 scores of 97.42% and 96.43%, respectively.
基于图神经网络的增强智能合约漏洞检测:实现高精度和高效率
随着区块链技术的普及,智能合约在金融和供应链管理中显示出重要的效用。然而,智能合约中的漏洞对区块链的安全构成严重威胁,导致巨大的经济损失。因此,开发有效的漏洞检测方案迫在眉睫。为了解决这个问题,我们提出了一种使用图神经网络(gnn)检测智能合约漏洞的方法,该方法可以识别8个常见漏洞。我们的方法是完全自动化的,适用于所有以太坊智能合约,不需要专家定义的规则或手动定义的功能。我们从智能合约代码中提取控制流图和抽象语法图,然后通过GNN处理生成用于分类的特征向量。在真实以太坊数据集上的实验表明,我们的方法明显优于现有的最先进的方法。对于单个检测任务,源代码和字节码相结合的方法平均准确率为95.78%,峰值为99.13%,平均F1分数为93.80%。与竞争对手相比,我们的方法准确率平均提高了51.92%,F1分数平均提高了47.21%。纯字节码方法的平均准确率为94.68%,F1分数为92.36%。对于多类任务,两种方法的准确率分别为91.26%和87.34%,F1分数分别为97.42%和96.43%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
IEEE Transactions on Software Engineering
IEEE Transactions on Software Engineering 工程技术-工程:电子与电气
CiteScore
9.70
自引率
10.80%
发文量
724
审稿时长
6 months
期刊介绍: IEEE Transactions on Software Engineering seeks contributions comprising well-defined theoretical results and empirical studies with potential impacts on software construction, analysis, or management. The scope of this Transactions extends from fundamental mechanisms to the development of principles and their application in specific environments. Specific topic areas include: a) Development and maintenance methods and models: Techniques and principles for specifying, designing, and implementing software systems, encompassing notations and process models. b) Assessment methods: Software tests, validation, reliability models, test and diagnosis procedures, software redundancy, design for error control, and measurements and evaluation of process and product aspects. c) Software project management: Productivity factors, cost models, schedule and organizational issues, and standards. d) Tools and environments: Specific tools, integrated tool environments, associated architectures, databases, and parallel and distributed processing issues. e) System issues: Hardware-software trade-offs. f) State-of-the-art surveys: Syntheses and comprehensive reviews of the historical development within specific areas of interest.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信