{"title":"设计和评估用于智能合约漏洞检测的 DL 模型","authors":"Oleksandr Shmatko, Oleksii Kolomiitsev, Nataliia Rekova, Nina Kuchuk, Oleksandr Matvieiev","doi":"10.20998/2522-9052.2023.4.05","DOIUrl":null,"url":null,"abstract":"Task features. Smart-contracts are programs that are stored in a distributed registry and execute code written in them in response to transactions addressed to them. Such smart- contracts are written in the Solidity programming language, which has a specific structure and syntax. The language was developed for the Ethereum platform. Having a specific structure, such languages are prone to certain vulnerabilities, the use of which can lead to large financial losses. Task statement. In this paper, a Deep Learning (DL) model is used to detect the vulnerabilities. Using the chosen approach and a properly specified input data structure, it is possible to detect complex dependencies between various program variables that contain vulnerabilities and bugs. Research results. Using well-defined experiments, this approach was investigated to better understand the model and improve its performance. The developed model classified vulnerabilities at the string level, using the Solidity corpus of smart-contracts as input data. The application of the DL model allows vulnerabilities of varying complexity to be identified in smart-contracts. Conclusions. Thus, the pipeline developed by us can capture more internal code information than other models. Information from software tokens, although semantically incapable of capturing vulnerabilities, increases the accuracy of models. The interpretability of the model has been added through the use of the attention mechanism. Operator accounting has shown significant performance improvements.","PeriodicalId":275587,"journal":{"name":"Advanced Information Systems","volume":"06 3","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"DESIGNING AND EVALUATING DL-MODEL FOR VULNERABILITY DETECTION IN SMART CONTRACTS\",\"authors\":\"Oleksandr Shmatko, Oleksii Kolomiitsev, Nataliia Rekova, Nina Kuchuk, Oleksandr Matvieiev\",\"doi\":\"10.20998/2522-9052.2023.4.05\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Task features. Smart-contracts are programs that are stored in a distributed registry and execute code written in them in response to transactions addressed to them. Such smart- contracts are written in the Solidity programming language, which has a specific structure and syntax. The language was developed for the Ethereum platform. Having a specific structure, such languages are prone to certain vulnerabilities, the use of which can lead to large financial losses. Task statement. In this paper, a Deep Learning (DL) model is used to detect the vulnerabilities. Using the chosen approach and a properly specified input data structure, it is possible to detect complex dependencies between various program variables that contain vulnerabilities and bugs. Research results. Using well-defined experiments, this approach was investigated to better understand the model and improve its performance. The developed model classified vulnerabilities at the string level, using the Solidity corpus of smart-contracts as input data. The application of the DL model allows vulnerabilities of varying complexity to be identified in smart-contracts. Conclusions. Thus, the pipeline developed by us can capture more internal code information than other models. Information from software tokens, although semantically incapable of capturing vulnerabilities, increases the accuracy of models. The interpretability of the model has been added through the use of the attention mechanism. Operator accounting has shown significant performance improvements.\",\"PeriodicalId\":275587,\"journal\":{\"name\":\"Advanced Information Systems\",\"volume\":\"06 3\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-12-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Advanced Information Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.20998/2522-9052.2023.4.05\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Advanced Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.20998/2522-9052.2023.4.05","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
DESIGNING AND EVALUATING DL-MODEL FOR VULNERABILITY DETECTION IN SMART CONTRACTS
Task features. Smart-contracts are programs that are stored in a distributed registry and execute code written in them in response to transactions addressed to them. Such smart- contracts are written in the Solidity programming language, which has a specific structure and syntax. The language was developed for the Ethereum platform. Having a specific structure, such languages are prone to certain vulnerabilities, the use of which can lead to large financial losses. Task statement. In this paper, a Deep Learning (DL) model is used to detect the vulnerabilities. Using the chosen approach and a properly specified input data structure, it is possible to detect complex dependencies between various program variables that contain vulnerabilities and bugs. Research results. Using well-defined experiments, this approach was investigated to better understand the model and improve its performance. The developed model classified vulnerabilities at the string level, using the Solidity corpus of smart-contracts as input data. The application of the DL model allows vulnerabilities of varying complexity to be identified in smart-contracts. Conclusions. Thus, the pipeline developed by us can capture more internal code information than other models. Information from software tokens, although semantically incapable of capturing vulnerabilities, increases the accuracy of models. The interpretability of the model has been added through the use of the attention mechanism. Operator accounting has shown significant performance improvements.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
